Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Segmentation fault #2

Open
sviehb opened this issue Mar 9, 2015 · 1 comment
Open

Segmentation fault #2

sviehb opened this issue Mar 9, 2015 · 1 comment

Comments

@sviehb
Copy link

sviehb commented Mar 9, 2015

Fails with this firmware:
http://downloads.linksys.com/downloads/firmware/1224681522523/FW_E900_v1.0.06.002_US_20150108.bin

When using -p 1 (single-threaded) this issue does not occur.

gdb --args ~/tmp/sasquatch/sasquatch -trace 14FE20.squashfs
...
squashfs: Attempting to decompress: [0x68 0x3B 0xDE 0xDE 0xA6 0x0F 0x23 0xDA]
squashfs: Trying LZMA settings [lc: 4, lp: 4, pb: 4, dict size: 0xFFFFFFFF offset: 10], squashfs: retval = -3, outsize = 131072/65536

squashfs: Attempting to decompress: [0x03 0xE0 0x35 0xE5 0x99 0xCB 0x0D 0x2B]
squashfs: Trying LZMA settings [lc: 4, lp: 4, pb: 2, dict size: 0xFFFFFFFF offset: 10], squashfs: retval = -3, outsize = 131072/65536

squashfs: Attempting to decompress: [0x03 0xE0 0x35 0xE5 0x99 0xCB 0x0D 0x2B]
squashfs: Trying LZMA settings [lc: 4, lp: 4, pb: 3, dict size: 0xFFFFFFFF offset: 10], squashfs: retval = -3, outsize = 131072/65536

squashfs: lzma-adaptive decompressor failed! [-1 -3]
Trying to decompress with lzma-alt...
squashfs: retval = -3, outsize = 131072/65536

squashfs: Attempting to decompress: [0x03 0xE0 0x35 0xE5 0x99 0xCB 0x0D 0x2B]
squashfs: Trying LZMA settings [lc: 4, lp: 4, pb: 4, dict size: 0xFFFFFFFF offset: 10], squashfs: retval = -3, outsize = 131072/65536

squashfs: lzma-adaptive decompressor failed! [-1 -3]
Trying to decompress with lzma-alt...

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ffff3f71700 (LWP 7417)]
0x0000000000405b2e in LzmaDecoderCodeReal (lzmaDecoder=0x647d20 <cc>, anInSize=0x7ffff3f60df0, anOutSize=0x7ffff3f60df8) at LZMADecoder.c:207
207               BYTE aMatchByte = OutWindowGetOneByte(0 - aRepDistances[0] - 1);


(gdb) i r
rax            0x8000f3f60e9f   140741581344415
rbx            0x10000  65536
rcx            0x0      0
rdx            0x7ffff3f60ea0   140737286377120
rsi            0x647f2c 6586156
rdi            0x7ffff4761d0d   140737294769421
rbp            0x7ffff4761d70   0x7ffff4761d70
rsp            0x7ffff4761ce0   0x7ffff4761ce0
r8             0xf2     242
r9             0x5      5
r10            0x4022   16418
r11            0x201    513
r12            0x5dab   23979
r13            0x7ffff4761ea0   140737294769824
r14            0x7ffff4771eac   140737294835372
r15            0x10000  65536
rip            0x405b2e 0x405b2e <LzmaDecoderCodeReal+325>
eflags         0x10206  [ PF IF RF ]
cs             0x33     51
ss             0x2b     43
ds             0x0      0
es             0x0      0
fs             0x0      0
gs             0x0      0

(gdb) bt
#0  0x0000000000405b2e in LzmaDecoderCodeReal (lzmaDecoder=0x647d20 <cc>, anInSize=0x7ffff4761df0, anOutSize=0x7ffff4761df8) at LZMADecoder.c:207
#1  0x0000000000406006 in LzmaDecoderCode (lzmaDecoder=0x647d20 <cc>, anInSize=0x7ffff4761df0, anOutSize=0x7ffff4761df8) at LZMADecoder.c:354
#2  0x00000000004041a4 in decompress_lzma_alt (in_data=0x83b160 "]", in_size=23979, out_data=0x7ffff4761ea0 "\177EL@ \362\065\065\065\065\065\065\065",
    out_size=65536, offset=0) at 7zlzma.c:35
#3  0x0000000000410eb7 in lzma_alt_uncompress (dest=0x7ffff4761ea0, src=0x83b160, size=23979, outsize=65536, error=0x7ffff4771eac) at lzma_wrapper.c:139
#4  0x000000000040fb1e in compressor_uncompress (comp=0x647700 <gzip_comp_ops>, dest=dest@entry=0x7ffff4761ea0, src=0x83b160, size=23979, block_size=65536,
    error=error@entry=0x7ffff4771eac) at compressor.c:170
#5  0x00000000004065ae in inflator (arg=<optimized out>) at unsquashfs.c:2195
#6  0x00007ffff7bc4182 in start_thread (arg=0x7ffff4772700) at pthread_create.c:312
#7  0x00007ffff6a7547d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
@devttys0
Copy link
Owner

This also causes more subtle issues, such as corrupted or missing files.

Checked in a temporary fix which sets the default number of processors to 1, until a proper fix is made.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sviehb @devttys0