On a PandaBoard (armv7) running -current, when I run rtadvd, it crashes
with a bus error shortly after printing (received a routing message). I
can reproduce by sending SIGHUP to a dhclient running on the same
interface.
I have traced this down to the following block of code in rtadvd.c.
static void
rtmsg_input(void)
{
int n, type, ifindex = 0, plen;
size_t len;
char msg[2048], *next, *lim;
u_char ifname[IF_NAMESIZE];
struct prefix *prefix;
struct rainfo *rai;
struct in6_addr *addr;
char addrbuf[INET6_ADDRSTRLEN];
So msg is not 32-bit aligned, presumably because INET6_ADDRSTRLEN is 46.
I can fix the bus error by hardcoding 48, but of course that's not
right.
Then msg is passed to get_next_msg (as next) where the expression
rtm->rtm_hdrlen (rtm is the not-aligned msg) is the first dereference
and thus the point where it crashes.
I'm at the point now where I think I've found the root of the problem
but don't know enough to fix it.
Any thoughts?
Martin
