Date: Tue, 05 Jan 2016 18:25:03 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-amd64@FreeBSD.org Subject: [Bug 205928] Ipfw segmentation fault with nat command Message-ID: <bug-205928-6@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D205928 Bug ID: 205928 Summary: Ipfw segmentation fault with nat command Product: Base System Version: 10.1-RELEASE Hardware: amd64 OS: Any Status: New Severity: Affects Only Me Priority: --- Component: bin Assignee: freebsd-bugs@FreeBSD.org Reporter: mk@steepath.eu CC: freebsd-amd64@FreeBSD.org CC: freebsd-amd64@FreeBSD.org I was testing nat with ipfw, and during my test (reading example file), a segmentation fault was found after executing one example command. Here the bug: ---------------------------------------------------------------------- $ ipfw add nat Segmentation fault $ echo $? 139 ---------------------------------------------------------------------- Here a small investigation: ---------------------------------------------------------------------- # cd /usr/src/sbin/ipfw # make DEBUG_FLAGS=3D-g $ gdb ./ipfw (gdb) run add nat Program received signal SIGSEGV, Segmentation fault. 0x0000000800b85fbb in strlen () from /lib/libc.so.7 (gdb) i r rax 0x1b 27 rbx 0x6183f0 6390768 rcx 0x0 0 rdx 0x0 0 rsi 0x0 0 rdi 0x0 0 rbp 0x7fffffffd2e0 0x7fffffffd2e0 rsp 0x7fffffffd2e0 0x7fffffffd2e0 r8 0xfffff80235122920 -8786612704992 r9 0x0 0 r10 0x0 0 r11 0x246 582 r12 0x801406050 34380734544 r13 0x801406058 34380734552 r14 0x0 0 r15 0x3 3 rip 0x800b85fbb 0x800b85fbb <strlen+11> eflags 0x10246 66118 cs 0x43 67 ss 0x3b 59 ds 0x0 0 es 0x0 0 fs 0x0 0 gs 0x0 0 (gdb) bt #0 0x0000000800b85fbb in strlen () from /lib/libc.so.7 #1 0x0000000000405c43 in ipfw_add (av=3D0x801406058) at ipfw2.c:527 #2 0x0000000000410182 in ipfw_main (oldac=3D<value optimized out>, oldav=3D<value optimized out>) at main.c:407 #3 0x000000000040f55b in main (ac=3D3, av=3D0x7fffffffe688) at main.c:620 ---------------------------------------------------------------------- after adding some c code into main.c: ---------------------------------------------------------------------- $ svnlite diff ipfw2.c Index: ipfw2.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- ipfw2.c (revision 291749) +++ ipfw2.c (working copy) @@ -522,6 +522,7 @@ int _substrcmp(const char *str1, const char* str2) { + printf("str1: %s, str2: %s\n", str1, str2); if (strncmp(str1, str2, strlen(str1)) !=3D 0) return 1; @@ -2865,6 +2866,7 @@ * Some things that need to go out of order (prob, action etc.) * go into actbuf[]. */ + printf("in\n"); static uint32_t rulebuf[255], actbuf[255], cmdbuf[255]; int rblen, ablen, cblen; ---------------------------------------------------------------------- This code return this: ---------------------------------------------------------------------- str1: add, str2: queue str1: add, str2: flowset str1: add, str2: sched str1: add, str2: add before:=20 in str1: (null), str2: global Segmentation fault ---------------------------------------------------------------------- So, ipfw try to compare a null-pointer to a const char* in strncmp() functi= on. I don't know if this segmentation fault is due to this last function, or li= nked to another issue. If you have any idea. ;) --=20 You are receiving this mail because: You are on the CC list for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-205928-6>