Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 278610 - Fix segfault in uclibc 0.9.30.1 (triggered by network socket use)
Summary: Fix segfault in uclibc 0.9.30.1 (triggered by network socket use)
Status: RESOLVED WONTFIX
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Embedded Gentoo Team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-07-21 20:38 UTC by Ed Wildgoose
Modified: 2012-04-15 11:42 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments
Fix null dereference (ifa_addr_null.patch,838 bytes, text/plain)
2009-07-21 20:43 UTC, Ed Wildgoose
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Ed Wildgoose 2009-07-21 20:38:35 UTC
Attached patch fixes a NULL deference (with subsequent segfault) with uclibc 0.9.30.1 (and probably earlier versions).  Problem appears to only occur in the new netlink sockets code and occurs when you enable UCLIBC_USE_NETLINK=y and UCLIBC_SUPPORT_AI_ADDRCONFIG=y

Reproducible: Always

Steps to Reproduce:
Example backtrace (using ping) is:

(gdb) bt full
#0 0xb7fe6327 in __check_pf () at libc/inet/getaddrinfo.c:191
ifa = (struct ifaddrs *) 0x968bb38
runp = (struct ifaddrs *) 0x968bdcc
seen = 0
#1 0xb7fe6560 in gaih_inet (name=0xbfcbee68 "192.168.105.4", service=0x0,
req=0xbfcbe964, pai=0xbfcbe924) at libc/inet/getaddrinfo.c:418
nullserv = {next = 0xb801b244, socktype = -1077155576,
protocol = -1207841846, port = 134522499}
tp = (const struct gaih_typeproto *) 0xb7ffb520
st = (struct gaih_servtuple *) 0xbfcbe8a4
at = (struct gaih_addrtuple *) 0x0
rc = 0
v4mapped = 0
seen = 3087118916
__PRETTY_FUNCTION__ = "gaih_inet"
#2 0xb7fe760c in *__GI_getaddrinfo (name=0xbfcbee68 "192.168.105.4",
service=0x0, hints=0xbfcbe964, pai=0xbfcbe960)
at libc/inet/getaddrinfo.c:860
i = 0
j = 1
last_i = 0
p = (struct addrinfo *) 0x0
end = (struct addrinfo **) 0xbfcbe924
g = (const struct gaih *) 0xb80006b8
pg = (const struct gaih *) 0xb80006b8
gaih_service = {name = 0xb801cb1a "\211D$(\203�\ba�\004",
num = -1207848920}
pservice = (struct gaih_service *) 0x0
default_hints = {ai_flags = -1208060929, ai_family = 134525712,
ai_socktype = 298, ai_protocol = 134515904, ai_addrlen = 134522288,
ai_addr = 0x804bca0, ai_canonname = 0x7 <Address 0x7 out of bounds>,
ai_next = 0xb801cb25}
#3 0x080cef16 in str2sockaddr (host=0xbfcbee68 "192.168.105.4", port=0, af=0,
ai_flags=2) at libbb/xconnect.c:213
rc = 0
r = (len_and_sockaddr *) 0x0
result = (struct addrinfo *) 0x0
used_res = (struct addrinfo *) 0xbfcbe984
org_host = 0xbfcbee68 "192.168.105.4"
cp = 0xbfcbe984 ""
hint = {ai_flags = 0, ai_family = 0, ai_socktype = 1, ai_protocol = 0,
ai_addrlen = 0, ai_addr = 0x0, ai_canonname = 0x0, ai_next = 0x0}
#4 0x080cefaa in xhost_and_af2sockaddr (host=0x0, port=-1207958740, af=65192)
at libbb/xconnect.c:252
No locals.
#5 0x08068714 in ping_main (argc=2, argv=0xbfcbebf4) at networking/ping.c:750
af = 812
lsa = (len_and_sockaddr *) 0x0
str_s = 0xb7fa0c3c ""
opt = 0
#6 0x0804df9a in run_applet_no_and_exit (applet_no=176, argv=0xbfcbebf4)
at libbb/appletlib.c:732
argc = 2
#7 0x0804dfbe in run_applet_and_exit (name=0xbfcbee63 "ping", argv=0xbfcbebf4)
at libbb/appletlib.c:739
applet = 0
#8 0x0804e1fe in main (argc=2, argv=0xbfcbebf4) at libbb/appletlib.c:776


It appears that the problem is already fixed in uclibc svn, but has not been included in the released version:

http://lists.uclibc.org/pipermail/uclibc-cvs/2008-December/025767.html

This patch backports the fix to the latest ebuild
Comment 1 Ed Wildgoose 2009-07-21 20:43:57 UTC
Created attachment 198739 [details]
Fix null dereference

Original patch here: http://lists.uclibc.org/pipermail/uclibc-cvs/2008-December/025767.html
Comment 2 Wormo (RETIRED) gentoo-dev 2009-07-23 05:41:24 UTC
Thanks for submitting your backport of the fix :)
Assigning to uclibc maintainers.
Comment 3 Ed Wildgoose 2012-04-15 11:42:53 UTC
Obsolete. Resolved in newer uclibc