'libpcap 0.5.2 causes segfaults'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       tcpdump-patches
Subject:    libpcap 0.5.2 causes segfaults
From:       Sami Farin <sfarin () ratol ! fi>
Date:       2000-09-17 22:50:27
[Download RAW message or body]

hi.

I have libpcap-0.5.2 + tcpdump-3.5.2
(newest version at http://www.tcpdump.org/ ).
after 30 mins of header searching I managed to compile it with ipv6 support on
Redhat Linux. I have glibc-2.1.3 + gcc-2.95.2.

tcpdump seems to work ok when it's not dumping core:

# uname -a
Linux semi4b14-1a.oas.ratol.fi 2.2.18pre3 #182 Tue Sep 5 04:56:34 EEST 2000 i686 unknown
# tcpdump host `hostname -i`
tcpdump: listening on eth0
<works ok...>
# tcpdump host `hostname`
Segmentation fault (core dumped)
# hostname
semi4b14-1a.oas.ratol.fi

(gdb) run host `hostname`
Starting program: /usr/local/sbin/tcpdump host `hostname`

Program received signal SIGSEGV, Segmentation fault.
0x80709dd in find_levels_r (b=0x8048be1) at ./optimize.c:208
208             if (isMarked(b))
(gdb) bt
#0  0x80709dd in find_levels_r (b=0x8048be1) at ./optimize.c:208
#1  0x814f17c in ?? ()
#2  0x2abc9ad5 in object.11 () from /lib/libc.so.6
#3  0x2e325f43 in ?? ()
Cannot access memory at address 0x42494c47
(gdb) 

so, I hacked optimize.c a bit. there were NULL pointer checks only for
JT(b) but not for JF(b). why?

after applying the patch, tcpdump seems to work as expected.
however, I have no clue if my patch is OK.
you tell me. thanks.

-- 
Safari - safari@iki.fi - PGP key 0x5A4C19E8 - http://www.iki.fi/safari/
  The UNIX Guru's View of Sex: "unzip ; strip ; touch ; finger ; \
  mount ; fsck ; more ; yes ; umount ; sleep"

["optimize.c.diff" (text/plain)]

--- optimize.c.bak	Tue Oct 19 18:18:30 1999
+++ optimize.c	Mon Sep 18 01:19:47 2000
@@ -211,7 +211,7 @@
 	Mark(b);
 	b->link = 0;
 
-	if (JT(b)) {
+	if (JT(b) && JF(b)) {
 		find_levels_r(JT(b));
 		find_levels_r(JF(b));
 		level = MAX(JT(b)->level, JF(b)->level) + 1;
@@ -264,7 +264,7 @@
 	for (i = root->level; i >= 0; --i) {
 		for (b = levels[i]; b; b = b->link) {
 			SET_INSERT(b->dom, b->id);
-			if (JT(b) == 0)
+			if (JT(b) == 0 || JF(b) == 0)
 				continue;
 			SET_INTERSECT(JT(b)->dom, b->dom, nodewords);
 			SET_INTERSECT(JF(b)->dom, b->dom, nodewords);
@@ -334,7 +334,7 @@
 	for (i = root->level; i >= 0; --i) {
 		for (b = levels[i]; b; b = b->link) {
 			SET_INSERT(b->closure, b->id);
-			if (JT(b) == 0)
+			if (JT(b) == 0 || JF(b) == 0)
 				continue;
 			SET_UNION(JT(b)->closure, b->closure, nodewords);
 			SET_UNION(JF(b)->closure, b->closure, nodewords);
@@ -1697,7 +1697,7 @@
 	}
 	for (i = 0; i < n_blocks; ++i) {
 		p = blocks[i];
-		if (JT(p) == 0)
+		if (JT(p) == 0 || JF(p) == 0)
 			continue;
 		if (JT(p)->link) {
 			done = 0;
@@ -2000,7 +2000,7 @@
 #endif
 	dst->code = (u_short)p->s.code;
 	dst->k = p->s.k;
-	if (JT(p)) {
+	if (JT(p) && JF(p)) {
 		extrajmps = 0;
 		off = JT(p)->offset - (p->offset + slen) - 1;
 		if (off >= 256) {


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic