[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1018061: pads: segfault at 3a ip

Am 08.02.23 um 19:31 schrieb Tim McConnell:

Opppss I thought I had, here it is.
bt full



Hello Tim,
sorry for the delay. For some reason the debug information
for libpcap.so.0.8 was missing in your backtrace (was the
DEBUGINFOD_URLS variable set in that console?).

But I guess I could fill in the gaps [2].

And I think in function print_arp_asset the variable rec
might get used uninitialized.
This is also warned about in the build log [3].

Therefore the crash could possibly avoided with the patch below [1].

Kind regards,
Bernhard



[1]
--- src/output/output.c.orig    2023-02-26 15:19:32.000000000 +0100
+++ src/output/output.c 2023-02-26 15:54:54.007679051 +0100
@@ -182,7 +182,7 @@ int print_arp_asset (struct in_addr ip_a
/* Find Asset */ 
     ArpAsset *list;
-    ArpAsset *rec;
+    ArpAsset *rec = NULL;
list = (ArpAsset *)get_arp_pointer(); 
     while (list != NULL) {



[2]
(gdb)
#0  0x00005641638af954 in print_arp_asset_screen (rec=0x2a) at ./src/output/output-screen.c:115
#1  0x00005641638af6f0 in print_arp_asset (ip_addr=..., mac_addr=0x7fa6db692384 "") at ./src/output/output.c:210
        head = 0x5641654a33f0
        list = <optimized out>
        rec = 0x2a
#2  0x00007fa6dbe004f6 in pcap_handle_packet_mmap () at ./pcap-linux.c:4072 from /lib/x86_64-linux-gnu/libpcap.so.0.8
#3  0x00007fa6dbe008ec in pcap_read_linux_mmap_v3 () at ./pcap-linux.c:4248 from /lib/x86_64-linux-gnu/libpcap.so.0.8
#4  0x00007fa6dbe07d1d in pcap_loop () at ./pcap.c:2923 from /lib/x86_64-linux-gnu/libpcap.so.0.8
#5  0x00005641638a8e5b in main_pads () at ./src/pads.c:278
#6  0x00005641638a847b in main (argc=<optimized out>, argv=<optimized out>) at ./src/pads.c:491

(gdb) list output.c:210
179     int print_arp_asset (struct in_addr ip_addr, char mac_addr[MAC_LEN])
180     {
181         OutputPluginList *head;
182
183         /* Find Asset */
184         ArpAsset *list;
185         ArpAsset *rec;
186
187         list = (ArpAsset *)get_arp_pointer();
188         while (list != NULL) {
189             if (ip_addr.s_addr == list->ip_addr.s_addr
190                     && (strcmp(mac_addr, list->mac_addr) == 0)) {
191
192                 /* Found! */
193                 rec = list;
194                 break;
195             } else {
196                 list = list->next;
197             }
198         }
199
200         /* Make sure that a record was found. */
201         if (rec == NULL)
202             return 1;
203
204         /* Cycle through output plugins and print to those that are active. */
205         head = output_plugin_list;
206         while (head != NULL) {
207             /* Only print to active plugins. */
208             if (head->active == 1) {
209                 if (head->plugin->print_arp)
210                     (*head->plugin->print_arp)(rec);
211             }
212
213             head = head->next;
214         }


[3]
https://buildd.debian.org/status/fetch.php?pkg=pads&arch=amd64&ver=1.2-14&stamp=1665671920&raw=0
output.c: In function ‘print_arp_asset’:
output.c:210:18: warning: ‘rec’ may be used uninitialized [-Wmaybe-uninitialized]
  210 |                 (*head->plugin->print_arp)(rec);
      |                 ~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
output.c:185:15: note: ‘rec’ was declared here
  185 |     ArpAsset *rec;
      |               ^~~
Reply to: