Date: Tue, 19 Jul 2016 12:30:52 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 211225] [PATCH]: CRASH: telnetd crashes periodically Message-ID: <bug-211225-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D211225 Bug ID: 211225 Summary: [PATCH]: CRASH: telnetd crashes periodically Product: Base System Version: 10.3-STABLE Hardware: Any OS: Any Status: New Keywords: patch Severity: Affects Only Me Priority: --- Component: bin Assignee: freebsd-bugs@FreeBSD.org Reporter: marcus@FreeBSD.org Keywords: patch Created attachment 172719 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D172719&action= =3Dedit Patch to fix telnetd crash Yes, I still have telnetd running (though I don't use it). Periodically, it crashes. I've tracked this down to a NULL pointer defref. Attached is a p= atch that fixes the crash. The backtrace I see is: #0 0x0000000000405657 in telrcv () at /usr/src/libexec/telnetd/../../contrib/telnet/telnetd/state.c:231 231 ch =3D *slctab[SLC_EL].sptr; (gdb) bt #0 0x0000000000405657 in telrcv () at /usr/src/libexec/telnetd/../../contrib/telnet/telnetd/state.c:231 #1 0x000000000040a149 in ttloop () at /usr/src/libexec/telnetd/../../contrib/telnet/telnetd/utility.c:88 #2 0x0000000000407055 in doit (who=3D0x7fffffffeb90) at /usr/src/libexec/telnetd/../../contrib/telnet/telnetd/telnetd.c:510 #3 0x0000000000407aa8 in main (argc=3D<value optimized out>, argv=3D0x7fffffffec98) at /usr/src/libexec/telnetd/../../contrib/telnet/telnetd/telnetd.c:413 (gdb) print slctab $1 =3D {{defset =3D {flag =3D 0 '\0', val =3D 0 '\0'}, current =3D {flag = =3D 0 '\0', val =3D 0 '\0'},=20 sptr =3D 0x0} <repeats 31 times>} (gdb) print *slctab $2 =3D {defset =3D {flag =3D 0 '\0', val =3D 0 '\0'}, current =3D {flag =3D= 0 '\0', val =3D 0 '\0'}, sptr =3D 0x0} (gdb) print *slctab[SLC_EL] No symbol "SLC_EL" in current context. (gdb) print *slctab[11]=20=20=20=20 Structure has no component named operator*. (gdb) print slctab[11] $3 =3D {defset =3D {flag =3D 0 '\0', val =3D 0 '\0'}, current =3D {flag =3D= 0 '\0', val =3D 0 '\0'}, sptr =3D 0x0} (gdb) print *slctab[11] Structure has no component named operator*. (gdb) print *slctab[11].sptr Cannot access memory at address 0x0 --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-211225-8>