Bug#902396: [nvram-wakeup] segfault with config generated by guess-helper

Wed Aug 1 00:38:53 BST 2018

Hello,
was just looking at some random crashes.
I was only testing in a Debian testing/Buster amd64 VM.

After some time looking at line readconf.c:71 I doubt that
nvram-wakeup ever ran successfuly on amd64 architecture.

At least in line 71 the 64bit pointers get trunctated by casting
them to 32bit integers.

This happens also with the default configuration.

But reading the changelog leads to following:
    nvram-wakeup (0.97-9) unstable; urgency=low
    ...
      * Tobias Grimm <vdr at e-tobi.net>
        - Added amd64 to list of supported architectures (closes: #332961)

     -- Debian VDR Team <pkg-vdr-dvb-devel at lists.alioth.debian.org>  Sat, 15 Oct 2005 23:41:00 +0200

And in bug #332961 it is confirmed to work for amd64 at this time.

Searching a little leads e.g. to [mythtv-wiki]:
   If you don't have an ACPI-compliant BIOS, you could use nvram-wakeup
   instead, which is a small that modifies the BIOS settings memory
   (NVRAM) directly (no longer recommended).
   All modern BIOSes should support ACPI, however.
(This information is from 2011.)

Last upstream commit was in 2010 [upstream-vcs].
And looking at the history of readconf.c line 71 got introduced already 2003.

A possibility how this fits together could be that amd64
did not use by default addresses bigger than 32bit.

So probably if the maintainer or developer could confirm that
nvram-backup was not intended for amd64 - it is probably the
best to stop building it for that architecture.

Otherwise following change did make it run in my test VM
and print some plausible output (not tested on real hardware):

   -     int  * prev = (int *)((int)(&lnrs) + ((int)ptr - (int)b));
   +     int  * prev = ((int*)(&lnrs) + ((int*)ptr - (int*)b));

An alternative could be investigating the usage of
/sys/class/rtc/rtc0/wakealarm like described in [vdr-wiki].

Kind regards,
Bernhard

[mythtv-wiki]  https://www.mythtv.org/wiki/ACPI_Wakeup
[vdr-wiki]     http://www.vdr-wiki.de/wiki/index.php/ACPI_Wakeup
[upstream-vcs] https://sourceforge.net/p/nvram-wakeup/code/928/log/?path=

# wget "https://bugs.debian.org/cgi-bin/bugreport.cgi?att=3;bug=902396;filename=nvram-wakeup.conf;msg=5" -O nvram-wakeup.conf

# gdb -q --args nvram-wakeup -A -C nvram-wakeup.conf -s $((`date +%s` + 60))
Reading symbols from nvram-wakeup...done.
(gdb) run
Starting program: /usr/sbin/nvram-wakeup -A -C nvram-wakeup.conf -s 1533079897

Program received signal SIGSEGV, Segmentation fault.
0x0000555555582f9f in assign (lnr=11, b=0x55555559cb80 <b>, ptr=0x55555559cb94 <b+20>, val=0x55555559e6d1 "0x4A", allow_symbolic=0) at readconf.c:73
73           if (*prev) {
(gdb) bt
#0  0x0000555555582f9f in assign (lnr=11, b=0x55555559cb80 <b>, ptr=0x55555559cb94 <b+20>, val=0x55555559e6d1 "0x4A", allow_symbolic=0) at readconf.c:73
#1  0x00005555555837e9 in readconf (b=0x55555559cb80 <b>, filename=0x7fffffffe828 "nvram-wakeup.conf") at readconf.c:186
#2  0x00005555555754ff in main (argc=0, argv=0x7fffffffe5f8) at nvram-wakeup.c:125
(gdb) list 61,77
61
62      int assign(int lnr, struct biosinfo * b, int * ptr, char * val, int allow_symbolic) {
63           char * tail;
64
65           /* 
66            * now is the tricky part:
67            * pointer to the member of lnrs corresponding 
68            * to the member pointed by ptr in *b
69            *          I love C
70            */
71           int  * prev = (int *)((int)(&lnrs) + ((int)ptr - (int)b));
72
73           if (*prev) {
74                return *prev; 
75           }
76           else {
77                *prev = lnr;
(gdb) print ((int)ptr - (int)b)
$1 = 20
(gdb) print &lnrs
$2 = (struct biosinfo *) 0x55555559ce40 <lnrs>
(gdb) print prev
$3 = (int *) 0x5559ce54
(gdb) print sizeof(int)
$4 = 4
(gdb) print sizeof(int*)
$5 = 8
(gdb) print ((int*)(&lnrs) + ((int*)ptr - (int*)b))
$6 = (int *) 0x55555559ce54 <lnrs+20>