[Xorp-hackers] Xorp FEA crash

Ben Greear Tue, 15 Jul 2008 15:27:52 -0700

NOTE:  This is with my patches applied, so it could
be my fault.  But, it looks like it could be a generic
problem.


I'm getting a crash in io_ip_socket.cc while trying to
send a packet.  The crash is because cmsgp is NULL.

It looks like CMSG_NXTHDR can return NULL if there
is no more space available, so the code should probably
check for NULL and take evasive action....

        //
        // Set the TTL
        //
crash is here:
        cmsgp->cmsg_len = CMSG_LEN(sizeof(int));

        cmsgp->cmsg_level = IPPROTO_IPV6;
        cmsgp->cmsg_type = IPV6_HOPLIMIT;
        int_val = ip_ttl;
        embed_host_int(CMSG_DATA(cmsgp), int_val);
        cmsgp = CMSG_NXTHDR(&_sndmh, cmsgp);

Full backtrace:

#0  0x081358ec in IoIpSocket::send_packet (this=0x8478b40, [EMAIL PROTECTED], 
[EMAIL PROTECTED],
     [EMAIL PROTECTED], [EMAIL PROTECTED], ip_ttl=1, ip_tos=0, 
ip_router_alert=true,
     ip_internet_control=true, [EMAIL PROTECTED], [EMAIL PROTECTED],
     [EMAIL PROTECTED], [EMAIL PROTECTED]) at io_ip_socket.cc:2529
#1  0x080a8a92 in IoIpComm::send_packet (this=0x8478ac0, [EMAIL PROTECTED], 
[EMAIL PROTECTED],
     [EMAIL PROTECTED], [EMAIL PROTECTED], ip_ttl=1, ip_tos=-1, 
ip_router_alert=true,
     ip_internet_control=true, [EMAIL PROTECTED], [EMAIL PROTECTED],
     [EMAIL PROTECTED], [EMAIL PROTECTED]) at io_ip_manager.cc:311
#2  0x080a8f8d in IoIpManager::send (this=0xbf84fec4, [EMAIL PROTECTED], [EMAIL 
PROTECTED],
     [EMAIL PROTECTED], [EMAIL PROTECTED], ip_protocol=58 ':', ip_ttl=1, 
ip_tos=-1,
     ip_router_alert=true, ip_internet_control=true, [EMAIL PROTECTED],
     [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED]) at 
io_ip_manager.cc:851
#3  0x0805436a in XrlFeaTarget::raw_packet6_0_1_send (this=0xbf8508b8, [EMAIL 
PROTECTED],
     [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED],
     [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED],
     [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED]) at 
xrl_fea_target.cc:3388
#4  0x081adf23 in XrlFeaTargetBase::handle_raw_packet6_0_1_send 
(this=0xbf8508b8, [EMAIL PROTECTED])
     at fea_base.cc:4546
#5  0x081c5591 in XorpMemberCallback2B0<XrlCmdError const, XrlFeaTargetBase, 
XrlArgs const&, XrlArgs*>::dispatch (this=0x84313b8, [EMAIL PROTECTED], 
a2=0xbf847890) at ../../libxorp/callback_nodebug.hh:4615
#6  0x0826b0a9 in XrlCmdEntry::dispatch (this=0x843140c, [EMAIL PROTECTED], 
outputs=0xbf847890)
     at xrl_cmd_map.hh:37
#7  0x08271b9e in XrlDispatcher::dispatch_xrl (this=0xbf84fa0c, [EMAIL 
PROTECTED], [EMAIL PROTECTED],
     [EMAIL PROTECTED]) at xrl_dispatcher.cc:60
#8  0x082561d5 in XrlRouter::dispatch_xrl (this=0xbf84fa0c, [EMAIL PROTECTED], 
[EMAIL PROTECTED],
     [EMAIL PROTECTED]) at xrl_router.cc:587
#9  0x0827a127 in STCPRequestHandler::dispatch_request (this=0x849f820, 
seqno=4, packed_xrl=0xb7c7d46e "?",
     packed_xrl_bytes=343) at xrl_pf_stcp.cc:239
#10 0x0827a7fd in STCPRequestHandler::read_event (this=0x849f820, 
ev=BufferedAsyncReader::DATA,
     buffer=0xb7c7d456 "STCP\001\001", buffer_bytes=367) at xrl_pf_stcp.cc:202
#11 0x0827be3c in XorpMemberCallback4B0<void, STCPRequestHandler, 
BufferedAsyncReader*, BufferedAsyncReader::Event, unsigned char*, unsigned 
int>::dispatch (this=0x849f6f8, a1=0x849f828, a2=BufferedAsyncReader::DATA,
     a3=0xb7c7d456 "STCP\001\001", a4=367) at 
../libxorp/callback_nodebug.hh:8965
Missing separate debuginfos, use: debuginfo-install gcc.i386 glibc.i686 
ncurses.i386 openssl.i686 zlib.i386
---Type <return> to continue, or q <return> to quit---
#12 0x082a0f3f in BufferedAsyncReader::announce_event (this=0x849f828, 
ev=BufferedAsyncReader::DATA)
     at buffered_asyncio.cc:251
#13 0x082a127e in BufferedAsyncReader::io_event (this=0x849f828, fd={_filedesc 
= 44}, type=IOT_READ)
     at buffered_asyncio.cc:204
#14 0x082a1b0e in XorpMemberCallback2B0<void, BufferedAsyncReader, XorpFd, 
IoEventType>::dispatch (
     this=0x84a1f60, a1={_filedesc = 44}, a2=IOT_READ) at 
../libxorp/callback_nodebug.hh:4635
#15 0x082bdada in SelectorList::Node::run_hooks (this=0x84a0fb8, m=SEL_RD, 
fd={_filedesc = 44})
     at selector.cc:149
#16 0x082bc745 in SelectorList::wait_and_dispatch (this=0xbf850938, [EMAIL 
PROTECTED]) at selector.cc:435
#17 0x082a348e in EventLoop::run (this=0xbf8508fc) at eventloop.cc:97
#18 0x0804d222 in fea_main ([EMAIL PROTECTED], finder_port=19999) at 
xorp_fea.cc:101
#19 0x0804d508 in main (argc=0, argv=0xbf850be8) at xorp_fea.cc:175
(gdb) frame 0
#0  0x081358ec in IoIpSocket::send_packet (this=0x8478b40, [EMAIL PROTECTED], 
[EMAIL PROTECTED],
     [EMAIL PROTECTED], [EMAIL PROTECTED], ip_ttl=1, ip_tos=0, 
ip_router_alert=true,
     ip_internet_control=true, [EMAIL PROTECTED], [EMAIL PROTECTED],
     [EMAIL PROTECTED], [EMAIL PROTECTED]) at io_ip_socket.cc:2529
2529    in io_ip_socket.cc
(gdb) print smsgp
No symbol "smsgp" in current context.
(gdb) print cmsgp
$1 = (cmsghdr *) 0x0
(gdb)



-- 
Ben Greear <[EMAIL PROTECTED]>
Candela Technologies Inc  http://www.candelatech.com

_______________________________________________
Xorp-hackers mailing list
[email protected]
http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/xorp-hackers

[Xorp-hackers] Xorp FEA crash

Reply via email to