NetBSD Problem Report #47270
From paul@whooppee.com Sat Dec 1 04:30:06 2012
Return-Path: <paul@whooppee.com>
Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66])
by www.NetBSD.org (Postfix) with ESMTP id C6F4D63DFC7
for <gnats-bugs@gnats.NetBSD.org>; Sat, 1 Dec 2012 04:30:05 +0000 (UTC)
Message-Id: <20121201043004.90C0424799D@screamer.whooppee.com>
Date: Fri, 30 Nov 2012 20:30:04 -0800 (PST)
From: paul@whooppee.com
Reply-To: paul@whooppee.com
To: gnats-bugs@gnats.NetBSD.org
Subject: ipftest -N aborts
X-Send-Pr-Version: 3.95
>Number: 47270
>Category: bin
>Synopsis: ipftest -P -N aborts
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: bin-bug-people
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sat Dec 01 04:35:00 +0000 2012
>Closed-Date: Wed Dec 05 18:42:16 +0000 2012
>Last-Modified: Wed Dec 05 18:42:16 +0000 2012
>Originator: Paul Goyette
>Release: NetBSD 6.99.14
>Organization:
-------------------------------------------------------------------------
| Paul Goyette | PGP Key fingerprint: | E-mail addresses: |
| Customer Service | FA29 0E3B 35AF E8AE 6651 | paul at whooppee.com |
| Network Engineer | 0786 F758 55DE 53BA 7731 | pgoyette at juniper.net |
| Kernel Developer | | pgoyette at netbsd.org |
-------------------------------------------------------------------------
>Environment:
System: NetBSD screamer.whooppee.com 6.99.14 NetBSD 6.99.14 (WHOOPPEE (shared) 2012-10-20 17:00:50) #52: Sat Oct 20 10:04:12 PDT 2012 paul@screamer.whooppee.com:/build/netbsd-local/obj/amd64/sys/arch/amd64/compile/WHOOPPEE amd64
Architecture: x86_64
Machine: amd64
>Description:
The ipftest program aborts and dumps core with following backtrace:
#0 0x00007f7ff71070fa in _lwp_kill () from /usr/lib/libc.so.12
#1 0x00007f7ff70ec8a6 in ?? () from /usr/lib/libc.so.12
#2 0x00007f7ff70ec922 in __stack_chk_fail () from /usr/lib/libc.so.12
#3 0x0000000000434f12 in ipf_dstlist_select_node ()
#4 0x0000000000416896 in ipf_nat_nextaddr ()
#5 0x000000000041bcf0 in ipf_nat_add ()
#6 0x000000000041d471 in ipf_nat_checkin ()
#7 0x0000000000408a0d in ipf_check ()
#8 0x0000000000403226 in main ()
>How-To-Repeat:
# cd src/tests/ipf
# ipftest -RD -b -P regress/p10.pool -N regress/p10.nat -i input/p10
>Fix:
>Release-Note:
>Audit-Trail:
From: "Christos Zoulas" <christos@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/47270 CVS commit: src/sys/external/bsd/ipf/netinet
Date: Mon, 3 Dec 2012 13:30:26 -0500
Module Name: src
Committed By: christos
Date: Mon Dec 3 18:30:25 UTC 2012
Modified Files:
src/sys/external/bsd/ipf/netinet: ip_dstlist.c
Log Message:
PR/47270: Paul Goyette: ipftest -N aborts
1. check for NULL before de-refencing; in particular sel is assigned to NULL,
in the default case, and then couple of lines down we do sel->
2. gcc appears to optimize u_32_t hash[4], to u_32_t hash, since we only
use hash[0], disregarding the fact that we pass it to MD5Final() leading
to stack corruption. Use an explicit union, so that the compiler stops
butting its head where it shouldn't.
XXX: pullup to 6
To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 src/sys/external/bsd/ipf/netinet/ip_dstlist.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: open->closed
State-Changed-By: christos@NetBSD.org
State-Changed-When: Wed, 05 Dec 2012 13:42:16 -0500
State-Changed-Why:
confirmed fixed
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.
Home