'[Net-snmp-bugs] [Bug #121658] SegFault when using snmpwalk/get'


List:       net-snmp-bugs
Subject:    [Net-snmp-bugs] [Bug #121658] SegFault when using snmpwalk/get
From:       noreply () sourceforge ! net
Date:       2000-11-05 10:55:12
[Download RAW message or body]

Bug #121658, was updated on 2000-Nov-05 02:55
Here is a current snapshot of the bug.

Project: net-snmp
Category: apps
Status: Open
Resolution: None
Bug Group: None
Priority: 5
Summary: SegFault when using snmpwalk/get

Details: Problem: I am getting a SegFault when I run the following command:
snmpwalk -t30 <hostname> <community> \
enterprises.chipcom.hub.modules.staticSummary.staticSummaryTable.staticSummaryEntry.ssValues
 It also does this when I run snmpget on the same OID. All of the other MIBs/OIDs \
work fine, it only segfaults on this one.  

Background: The platform is IBM RS/6000 AIX 4.3.3.  I've compiled it with xlC (IBM's \
compiler) and gcc.  With xlC it's SegFaults a little earlier than when I use gcc.  \
Here's the output I get from dbx (IBM's debugger):

Segmentation fault in sprintf at 0xd0181ec4
0xd0181ec4 (sprintf+0x70) 9be40000        stb   r31,0x0(r4)
(dbx) where
sprintf(0x2ff22fe8, 0x200031b4, 0x2, 0x1, 0x1, 0x30, 0x6, 0x2) at 0xd0181ec4
sprint_hexstring(0x2ff22fe8, 0x20558e78, 0x62), line 190 in 'mib.c'
sprint_octet_string(0x2ff21968, 0x205584a8, 0x0, 0x0, 0x0), line 345 in 'mib.c'
sprint_variable(0x2ff21962, 0x205584c0, 0x11, 0x205584a8), line 1624 in 'mib.c'
fprint_variable(0x20303620, 0x30322030, 0x31203034, 0x2030320a), line 1650 in 'mib.c'

The device I'm querying is an IBM 8260 hub, that is fully utilized, so this \
particular MIB produces a large amount of data.  Since it always SegFaults at the \
same point, I believe it has something to do with the size of a variable.  I have \
tried increasing the size of numberous #defined variables such as SNMP_MAXBUF. After \
recompiling and installing, the problem still persists.  The only other idea I \
haven't tested is that the size_t variable var_len that gets passed to the sprint_* \
functions may not be big enough, but I haven't tested this theory yet.  AIX's defines \
size_t as unsigned long, so I find it hard to believe that it would be too small.

Steve Johnson omnix@us.ibm.com or austin.rr.com

For detailed info, follow this link:
http://sourceforge.net/bugs/?func=detailbug&bug_id=121658&group_id=12694
Configure | About | News | Add a list | Sponsored by KoreLogic