Path: utzoo!utgpu!watserv1!watmath!att!att!linac!uwm.edu!rpi!zaphod.mps.ohio-state.edu!usc!orion.oac.uci.edu!ucivax!nagel
From: nagel@buckaroo.ics.uci.edu (Mark Nagel)
Newsgroups: comp.lang.perl
Subject: Re: man dbm access causes core dump on Sun 4/OS 4.03 (solved)
Keywords: core dump, patch 41, man
Message-ID: <2753524F.1916@ics.uci.edu>
Date: 28 Nov 90 05:59:43 GMT
References: <25213.659656454@buckaroo.ics.uci.edu> <109356@convex.convex.com>
Lines: 62
Nntp-Posting-Host: buckaroo.ics.uci.edu

In <109356@convex.convex.com> tchrist@convex.COM (Tom Christiansen) writes:

>In article <25213.659656454@buckaroo.ics.uci.edu> nagel@ICS.UCI.EDU writes:

>I am running 4.0.3, but not PL41 on the Suns, and I've not seen
>the problem.  It could be sun's ndbm routines, or perl's assoc
>array binding thereof, or the weirdness I use to eval the array
>name to pull the right stuff.  I may try to upgrade this weekend,
>at which point I'll tell you whether I see the problem as well.

Well, thanks to the following reply I received, everything is
working great now.

/*****************************************************************************/

From:    anders@ifi.uio.no

There is a bug in BSD ndbm.c, which may cause random overwrite of
memory. We found it ourself when we started to use tchrist's man.

Thanks to obh@usit.uio.no for locating the problem.

*** bsd/lib/libc/gen/ndbm.c     Tue Nov 27 12:46:46 1990
--- ../bsd/lib/libc/gen/ndbm.c  Mon Nov 26 19:34:49 1990
***************
*** 519,525 ****
        if (i2 > 0)
                i1 = sp[i2];
        i1 -= item.dsize + item1.dsize;
!       if (i1 <= (i2+3) * sizeof(short))
                return (0);
        sp[0] += 2;
        sp[++i2] = i1 + item1.dsize;
--- 520,526 ----
        if (i2 > 0)
                i1 = sp[i2];
        i1 -= item.dsize + item1.dsize;
!       if (i1 < 0 || i1 <= (i2+3) * sizeof(short))
                return (0);
        sp[0] += 2;
        sp[++i2] = i1 + item1.dsize;

Here is the cvs comment:

revision 1.3
date: 90/11/24 18:42:16;  author: obh;  state: Exp;  lines added/del: 4/3
----------------------------------------------------------------------

Fixed a ANSI C bug; signed int get converted to unsigned int in
ANSI C. (-1 < sizeof(short)) is not true in ANSI C.

/*****************************************************************************/

I just grabbed the latest ndbm sources from uunet's bsd-sources
directory and used them straight (the bug has been repaired in the
latest version).  Apparently, this random stomping of memory didn't
interact badly enough with perl until pl41!
--
Mark Nagel
UC Irvine Department of ICS   +----------------------------------------+
ARPA: nagel@ics.uci.edu       | Help!  Somebody!  I'm being repressed! |
UUCP: ucbvax!ucivax!nagel     +----------------------------------------+