ifuse segfault (strlen related)

[borisovg]

Hello,

I get this segfault when trying to use ifuse to mount my iPhone 5c:

[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
strlen () at ../sysdeps/x86_64/strlen.S:106
106     ../sysdeps/x86_64/strlen.S: No such file or directory.
(gdb) bt full
#0  strlen () at ../sysdeps/x86_64/strlen.S:106
No locals.
#1  0x00007ffff69d9b8e in __GI___strdup (s=0x0) at strdup.c:41
        len = <optimized out>
        new = <optimized out>
#2  0x00007ffff777d1da in plist_new_string () from /usr/lib/x86_64-linux-gnu/libplist.so.2
No symbol table info available.
#3  0x00007ffff798b93c in ?? () from /usr/lib/x86_64-linux-gnu/libimobiledevice.so.4
No symbol table info available.
#4  0x00007ffff798c403 in lockdownd_client_new_with_handshake () from /usr/lib/x86_64-linux-gnu/libimobiledevice.so.4
No symbol table info available.
#5  0x000000000040172c in main (argc=<optimized out>, argv=<optimized out>) at ifuse.c:754
        res = 1
        args = {argc = 2, argv = 0x6076a0, allocated = 1}
        mst = {st_dev = 65024, st_ino = 655488, st_nlink = 2, st_mode = 16877, st_uid = 1000, st_gid = 1000, __pad0 = 0, st_rdev = 0, st_size = 4096, st_blksize = 4096, 
          st_blocks = 8, st_atim = {tv_sec = 1357837666, tv_nsec = 180116579}, st_mtim = {tv_sec = 1345467094, tv_nsec = 0}, st_ctim = {tv_sec = 1345634544, 
            tv_nsec = 61450939}, __glibc_reserved = {0, 0, 0}}
        ret = 0

I originally opened this against the libimobliedevice package, but now I think it might be related to libplist instead (and possibly a dupe of #29 although I don't see any mention of NULL pointers and I don't know enough about C to know where to look).

I have compiled libimobliedevice, libplist and ifuse from source, pulled from github today.

Thanks,

George

[nikias]

@borisovg Since I'm not getting this error it would be very helpful if you had libimobiledevice installed compiled with debug info so we can see where the violating call to plist_new_string() comes from.

[borisovg]

Here is the backtrace:

Program received signal SIGSEGV, Segmentation fault.
strlen () at ../sysdeps/x86_64/strlen.S:106
106     ../sysdeps/x86_64/strlen.S: No such file or directory.
(gdb) bt full
#0  strlen () at ../sysdeps/x86_64/strlen.S:106
No locals.
#1  0x00007ffff69d3b5e in __GI___strdup (s=0x0) at strdup.c:41
        len = <optimized out>
        new = <optimized out>
#2  0x00007ffff7778c4b in plist_new_string (val=0x0) at plist.c:118
        data = 0x606ba0
#3  0x00007ffff798a03a in pair_record_generate (client=0x607130, pair_record=0x7fffffffe1d8) at lockdown.c:747
        ret = 0
        public_key = {
          data = 0x60b630 "-----BEGIN RSA PUBLIC KEY-----\nMIGJAoGBANttJvV8Tag/[... snipped due to paranoia ...]\n7+0VdKAjQz9WJQp4dmbem3bm1vR4PmB8vNL0yZl"..., size = 251}
        host_id = 0x0
        system_buid = 0x0
        uret = 0
#4  0x00007ffff798a19b in lockdownd_do_pair (client=0x607130, pair_record=0x0, verb=0x7ffff7999748 "Pair") at lockdown.c:804
        ret = -256
        dict = 0x0
        pair_record_plist = 0x60c5d0
        wifi_node = 0x0
        pairing_mode = 0
        request_pair_record = 0x7ffff6cf5640 <main_arena+32>
        options = 0x60b3a0
#5  0x00007ffff798a699 in lockdownd_pair (client=0x607130, pair_record=0x0) at lockdown.c:956
No locals.
#6  0x00007ffff7989d69 in lockdownd_client_new_with_handshake (device=0x607190, client=0x604b30 <control>, label=0x40379c "ifuse") at lockdown.c:640
        ret = -16
        client_loc = 0x607130
        host_id = 0x0
        type = 0x608b20 ""
        pair_record = 0x0
#7  0x0000000000402ee2 in main (argc=2, argv=0x7fffffffe468) at ifuse.c:754
        res = 1
        args = {argc = 2, argv = 0x606af0, allocated = 1}
        mst = {st_dev = 65024, st_ino = 655488, st_nlink = 2, st_mode = 16877, st_uid = 1000, st_gid = 1000, __pad0 = 0, st_rdev = 0, st_size = 4096, st_blksize = 4096, st_blocks = 8, 
          st_atim = {tv_sec = 1357837666, tv_nsec = 180116579}, st_mtim = {tv_sec = 1345467094, tv_nsec = 0}, st_ctim = {tv_sec = 1345634544, tv_nsec = 61450939}, __glibc_reserved = {
            0, 0, 0}}
        ret = 0

I compiled libplist, libimobiledevice and ifuse using:

make clean
CFLAGS='-ggdb -O0' CXXFLAGS='-ggdb -O0' ./configure
make

Let me know if this was not the right way to do it.

[nikias]

Thanks, that helped! I pushed a fix to git master. However, the behavior is weird since apparently ifuse tries to trigger a device pair which should be handled by usbmuxd now. Do you have the latest version of usbmuxd installed?

[borisovg]

I have that installed from Debian packages:

ii  libusbmuxd-dev:amd64                  1.0.9-1
ii  libusbmuxd2:amd64                     1.0.9-1
ii  usbmuxd                               1.0.8-5

It is somewhat strange that the usbmuxd package is of a different version, but looking at the upstream git repo that appears to be correct.

[borisovg]

P.S. Fixed appears to have worked - no more crash. :-)

Thanks!