>>>>> "CE" == Chris Evans <chrisat_private> writes: CE> If trying to remove entries from a remote queue, the args given CE> are basically strcat()'ed into a static buffer. CE> Thus: CE> lprm -Psome_remote `perl -e 'print "a" x 2000'` Segmentation fault CE> gdb confirms the program is attempting to execute code at CE> 0x41414141 Confirmed. Solaris 2.6 has the same problem. /usr/ucb/lprm is a symlink to /usr/bin/cancel that is setyid root /* * Please note : comandi is a file containing the command to start * cancel with the 2000 'a' passed as parameter. */ {betty} 11:09:44 [15]/tmp:adb -P"Pollo:" -I /tmp ./cancel Pollo:$<comandi Pollo:SIGSEGV: Segmentation Fault (address not mapped to object) stopped at: 0xef6fe9b8: ldsb [%o1], %o5 Pollo:$r g0 0x0 l0 0xeffff79c g1 0xef7459f4 l1 0x63940 g2 0x3f57d l2 0xef6fe93c g3 0x3e17c l3 0x0 g4 0x3e164 l4 0x80 g5 0x0 l5 0x80 g6 0x0 l6 0x7 g7 0x0 l7 0xfc09ab80 o0 0xef74fbec i0 0xef74fbec o1 0x61616161 i1 0x370ec o2 0x0 i2 0xef76227c o3 0x0 i3 0x0 o4 0xef76227c i4 0xeffff79c o5 0xef6fe954 i5 0xef7fd8b4 _end+0x878 sp 0xefffe378 fp 0xefffe3d8 o7 0xef6fe980 i7 0xef6dba68 y 0x0 psr 0x4001084 pc 0xef6fe9b8 0xef6fe9b8: ldsb [%o1], %o5 npc 0xef6fe9bc 0xef6fe9bc: ldsb [%o0], %g1 Solaris 2.5.5.1 has not the problem. Gian Uberto Lauri saintat_private
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:49:51 PDT