[Originally reported to Sun as Solaris bug id 6295276.] When trying to get a full register dump on the Ferrari 4000, scanpci -v cores on the first device: scanpci -v -V255 PCI: Probing config type using method 1 PCI: Config type is 1 PCI: stages = 0x03, oldVal1 = 0x00000000, mode1Res1 = 0x80000000 PCI: PCI scan (all values are in hex) PCI: 00:00:0: chip 1002,5951 card ffff,ffff rev 01 class 06,00,00 hdr 00 PCI: 00:02:0: chip 1002,5a34 card 0000,0000 rev 00 class 06,04,00 hdr 01 PCI: 00:06:0: chip 1002,5a38 card 0000,0000 rev 00 class 06,04,00 hdr 01 PCI: 00:13:0: chip 1002,4374 card 1025,007e rev 00 class 0c,03,10 hdr 80 PCI: 00:13:1: chip 1002,4375 card 1025,007e rev 00 class 0c,03,10 hdr 00 PCI: 00:13:2: chip 1002,4373 card 1025,007e rev 00 class 0c,03,20 hdr 00 PCI: 00:14:0: chip 1002,4372 card 1025,007e rev 11 class 0c,05,00 hdr 80 PCI: 00:14:1: chip 1002,4376 card 1025,007e rev 00 class 01,01,8a hdr 00 PCI: 00:14:3: chip 1002,4377 card 1025,007e rev 00 class 06,01,00 hdr 80 PCI: 00:14:4: chip 1002,4371 card 0000,0000 rev 00 class 06,04,01 hdr 81 PCI: 00:14:5: chip 1002,4370 card 1025,007e rev 02 class 04,01,00 hdr 80 PCI: 00:14:6: chip 1002,4378 card 1025,007e rev 02 class 07,03,00 hdr 80 PCI: 00:18:0: chip 1022,1100 card 0000,0000 rev 00 class 06,00,00 hdr 80 PCI: 00:18:1: chip 1022,1101 card 0000,0000 rev 00 class 06,00,00 hdr 80 PCI: 00:18:2: chip 1022,1102 card 0000,0000 rev 00 class 06,00,00 hdr 80 PCI: 00:18:3: chip 1022,1103 card 0000,0000 rev 00 class 06,00,00 hdr 80 PCI: 01:00:0: chip 1002,5653 card 1025,007e rev 00 class 03,00,00 hdr 00 PCI: 05:00:0: chip 14e4,169d card 1025,007e rev 11 class 02,00,00 hdr 00 PCI: 06:02:0: chip 14e4,4318 card 1468,0311 rev 02 class 02,80,00 hdr 00 PCI: 06:09:0: chip 104c,8031 card f000,ffff rev 00 class 06,07,00 hdr 82 PCI: 06:09:2: chip 104c,8032 card 1025,007e rev 00 class 0c,00,10 hdr 80 PCI: 06:09:3: chip 104c,8033 card 1025,007e rev 00 class 01,80,00 hdr 80 PCI: End of PCI scan pci bus 0x0000 cardnum 0x00 function 0x00: vendor 0x1002 device 0x5951 ATI Technologies Inc Device unknown Traceback : Segmentation Fault ( [ffffffff] address not mapped to object) /lib/libc.so.1:strlen+0xb, sp=0x0804783c (0x805741b, 0x8047870, 0x8069160, 0x0) /lib/libc.so.1:printf+0xa8, sp=0x08047864 (0x8057418, 0xffffffff) /usr/X11/bin/scanpci:main+0x468, sp=0x080478a4 (0x8069538, 0x1) /usr/X11/bin/scanpci:main+0x15e, sp=0x080478dc (0x3, 0x804790c, 0x804791c) /usr/X11/bin/scanpci:_start+0x7a, sp=0x08047900 Traceback ends Segmentation fault
Looks like if the subsys vendor/device id's were NOVENDOR & NODEVICE (0xFFFF) scanpci never set the pointers to the names to print, but the printing code didn't check for those values and passed whatever pointers happened to be on the stack. I've both initialized the pointers and checked for those values before printing, and the reporter verified the test binary I generated no longer crashed. Patch to follow momentarily.
Created attachment 3074 [details] [review] Here's the patch used in OpenBSD
Fix committed to CVS head for 6.9 release: CVSROOT: /cvs/xorg Module name: xc Changes by: alanc@gabe.freedesktop.org 05/07/12 11:16:03 Log message: 2005-07-12 Alan Coopersmith <alan.coopersmith@sun.com> * programs/Xserver/hw/xfree86/etc/scanpci.c: Fix scanpci -v core dump when subsys vendor/device id's are NOVENDOR & NODEVICE. Bug #3763 <https://bugs.freedesktop.org/show_bug.cgi?id=3763> Patch #3074 <https://bugs.freedesktop.org/attachment.cgi?id=3074> Modified files: ./: ChangeLog xc/programs/Xserver/hw/xfree86/etc/: scanpci.c Revision Changes Path 1.1109 +8 -0 xc/ChangeLog 1.7 +3 -1 xc/programs/Xserver/hw/xfree86/etc/scanpci.c
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.