From owner-freebsd-amd64@freebsd.org Tue Jan 5 18:25:03 2016 Return-Path: Delivered-To: freebsd-amd64@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 55C0CA63B44 for ; Tue, 5 Jan 2016 18:25:03 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47CFE19D3 for ; Tue, 5 Jan 2016 18:25:03 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u05IP3g0052639 for ; Tue, 5 Jan 2016 18:25:03 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-amd64@FreeBSD.org Subject: [Bug 205928] Ipfw segmentation fault with nat command Date: Tue, 05 Jan 2016 18:25:03 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: bin X-Bugzilla-Version: 10.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: mk@steepath.eu X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter cc Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-Mailman-Approved-At: Tue, 05 Jan 2016 18:28:33 +0000 X-BeenThere: freebsd-amd64@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Porting FreeBSD to the AMD64 platform List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Jan 2016 18:25:03 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D205928 Bug ID: 205928 Summary: Ipfw segmentation fault with nat command Product: Base System Version: 10.1-RELEASE Hardware: amd64 OS: Any Status: New Severity: Affects Only Me Priority: --- Component: bin Assignee: freebsd-bugs@FreeBSD.org Reporter: mk@steepath.eu CC: freebsd-amd64@FreeBSD.org CC: freebsd-amd64@FreeBSD.org I was testing nat with ipfw, and during my test (reading example file), a segmentation fault was found after executing one example command. Here the bug: ---------------------------------------------------------------------- $ ipfw add nat Segmentation fault $ echo $? 139 ---------------------------------------------------------------------- Here a small investigation: ---------------------------------------------------------------------- # cd /usr/src/sbin/ipfw # make DEBUG_FLAGS=3D-g $ gdb ./ipfw (gdb) run add nat Program received signal SIGSEGV, Segmentation fault. 0x0000000800b85fbb in strlen () from /lib/libc.so.7 (gdb) i r rax 0x1b 27 rbx 0x6183f0 6390768 rcx 0x0 0 rdx 0x0 0 rsi 0x0 0 rdi 0x0 0 rbp 0x7fffffffd2e0 0x7fffffffd2e0 rsp 0x7fffffffd2e0 0x7fffffffd2e0 r8 0xfffff80235122920 -8786612704992 r9 0x0 0 r10 0x0 0 r11 0x246 582 r12 0x801406050 34380734544 r13 0x801406058 34380734552 r14 0x0 0 r15 0x3 3 rip 0x800b85fbb 0x800b85fbb eflags 0x10246 66118 cs 0x43 67 ss 0x3b 59 ds 0x0 0 es 0x0 0 fs 0x0 0 gs 0x0 0 (gdb) bt #0 0x0000000800b85fbb in strlen () from /lib/libc.so.7 #1 0x0000000000405c43 in ipfw_add (av=3D0x801406058) at ipfw2.c:527 #2 0x0000000000410182 in ipfw_main (oldac=3D, oldav=3D) at main.c:407 #3 0x000000000040f55b in main (ac=3D3, av=3D0x7fffffffe688) at main.c:620 ---------------------------------------------------------------------- after adding some c code into main.c: ---------------------------------------------------------------------- $ svnlite diff ipfw2.c Index: ipfw2.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- ipfw2.c (revision 291749) +++ ipfw2.c (working copy) @@ -522,6 +522,7 @@ int _substrcmp(const char *str1, const char* str2) { + printf("str1: %s, str2: %s\n", str1, str2); if (strncmp(str1, str2, strlen(str1)) !=3D 0) return 1; @@ -2865,6 +2866,7 @@ * Some things that need to go out of order (prob, action etc.) * go into actbuf[]. */ + printf("in\n"); static uint32_t rulebuf[255], actbuf[255], cmdbuf[255]; int rblen, ablen, cblen; ---------------------------------------------------------------------- This code return this: ---------------------------------------------------------------------- str1: add, str2: queue str1: add, str2: flowset str1: add, str2: sched str1: add, str2: add before:=20 in str1: (null), str2: global Segmentation fault ---------------------------------------------------------------------- So, ipfw try to compare a null-pointer to a const char* in strncmp() functi= on. I don't know if this segmentation fault is due to this last function, or li= nked to another issue. If you have any idea. ;) --=20 You are receiving this mail because: You are on the CC list for the bug.=