Attached patch fixes a NULL deference (with subsequent segfault) with uclibc 0.9.30.1 (and probably earlier versions). Problem appears to only occur in the new netlink sockets code and occurs when you enable UCLIBC_USE_NETLINK=y and UCLIBC_SUPPORT_AI_ADDRCONFIG=y Reproducible: Always Steps to Reproduce: Example backtrace (using ping) is: (gdb) bt full #0 0xb7fe6327 in __check_pf () at libc/inet/getaddrinfo.c:191 ifa = (struct ifaddrs *) 0x968bb38 runp = (struct ifaddrs *) 0x968bdcc seen = 0 #1 0xb7fe6560 in gaih_inet (name=0xbfcbee68 "192.168.105.4", service=0x0, req=0xbfcbe964, pai=0xbfcbe924) at libc/inet/getaddrinfo.c:418 nullserv = {next = 0xb801b244, socktype = -1077155576, protocol = -1207841846, port = 134522499} tp = (const struct gaih_typeproto *) 0xb7ffb520 st = (struct gaih_servtuple *) 0xbfcbe8a4 at = (struct gaih_addrtuple *) 0x0 rc = 0 v4mapped = 0 seen = 3087118916 __PRETTY_FUNCTION__ = "gaih_inet" #2 0xb7fe760c in *__GI_getaddrinfo (name=0xbfcbee68 "192.168.105.4", service=0x0, hints=0xbfcbe964, pai=0xbfcbe960) at libc/inet/getaddrinfo.c:860 i = 0 j = 1 last_i = 0 p = (struct addrinfo *) 0x0 end = (struct addrinfo **) 0xbfcbe924 g = (const struct gaih *) 0xb80006b8 pg = (const struct gaih *) 0xb80006b8 gaih_service = {name = 0xb801cb1a "\211D$(\203�\ba�\004", num = -1207848920} pservice = (struct gaih_service *) 0x0 default_hints = {ai_flags = -1208060929, ai_family = 134525712, ai_socktype = 298, ai_protocol = 134515904, ai_addrlen = 134522288, ai_addr = 0x804bca0, ai_canonname = 0x7 <Address 0x7 out of bounds>, ai_next = 0xb801cb25} #3 0x080cef16 in str2sockaddr (host=0xbfcbee68 "192.168.105.4", port=0, af=0, ai_flags=2) at libbb/xconnect.c:213 rc = 0 r = (len_and_sockaddr *) 0x0 result = (struct addrinfo *) 0x0 used_res = (struct addrinfo *) 0xbfcbe984 org_host = 0xbfcbee68 "192.168.105.4" cp = 0xbfcbe984 "" hint = {ai_flags = 0, ai_family = 0, ai_socktype = 1, ai_protocol = 0, ai_addrlen = 0, ai_addr = 0x0, ai_canonname = 0x0, ai_next = 0x0} #4 0x080cefaa in xhost_and_af2sockaddr (host=0x0, port=-1207958740, af=65192) at libbb/xconnect.c:252 No locals. #5 0x08068714 in ping_main (argc=2, argv=0xbfcbebf4) at networking/ping.c:750 af = 812 lsa = (len_and_sockaddr *) 0x0 str_s = 0xb7fa0c3c "" opt = 0 #6 0x0804df9a in run_applet_no_and_exit (applet_no=176, argv=0xbfcbebf4) at libbb/appletlib.c:732 argc = 2 #7 0x0804dfbe in run_applet_and_exit (name=0xbfcbee63 "ping", argv=0xbfcbebf4) at libbb/appletlib.c:739 applet = 0 #8 0x0804e1fe in main (argc=2, argv=0xbfcbebf4) at libbb/appletlib.c:776 It appears that the problem is already fixed in uclibc svn, but has not been included in the released version: http://lists.uclibc.org/pipermail/uclibc-cvs/2008-December/025767.html This patch backports the fix to the latest ebuild
Created attachment 198739 [details] Fix null dereference Original patch here: http://lists.uclibc.org/pipermail/uclibc-cvs/2008-December/025767.html
Thanks for submitting your backport of the fix :) Assigning to uclibc maintainers.
Obsolete. Resolved in newer uclibc