List Info

Thread: segfault in nfct_conntrack_compare() at libnetfilter_conntrack.c:933
segfault in nfct_conntrack_compare() at libnetfilter_conntrack.c:933
user name
 2006-11-24 22:25:35 
I'm using ../libnetfilter_conntrack-0.0.31, conntrack
1.00beta2, and 
libnfnetlink(svn). Building against kernel 2.6.16.29.

For some reason, I'm getting a segfault in
nfct_conntrack_compare. It seems as 
if the memory pointed to by ct1 is invalid, the first time
that the compare 
is called. Has anyone else seen this? 

This happens (the segfault) when I do conntrack -L or
conntrack -E (After the 
first event has arrived). 

(gdb) [ezustpocky]
/home/ezust/presinet/projects/conntrack-vanilla> sudo gdb
GNU gdb 6.5-debian
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public
License, and you are
welcome to change it and/or distribute copies of it under
certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show
warranty" for details.
This GDB was configured as "i486-linux-gnu".
Using host libthread_db library
"/lib/tls/libthread_db.so.1".
Breakpoint 1 at 0x804a0ad: file conntrack.c, line 606.
main (argc=2, argv=0xbfeb7424) at conntrack.c:606
606         unsigned int command = 0, options = 0;

Program received signal SIGSEGV, Segmentation fault.
0xb7f85731 in nfct_conntrack_compare (ct1=0x15f24,
ct2=0xbfeb5138, 
cmp=0xb7fb8ff4) at libnetfilter_conntrack.c:933
933             int cop1 =
ct1->tuple[NFCT_DIR_ORIGINAL].protonum;
(gdb) list
928                     if (l3proto &&
!l3proto->compare(ct1, ct2, l3flags))
929                             return 0;
930             }
931
932             if (l4flags) {
933             int cop1 =
ct1->tuple[NFCT_DIR_ORIGINAL].protonum;
934             int cop2 =
ct2->tuple[NFCT_DIR_ORIGINAL].protonum;
935                     if (cop1 != 0 &&  cop2 != 0
&& cop1 != cop2)
936                 return 0;
937             int crp1 =
ct1->tuple[NFCT_DIR_REPLY].protonum;
(gdb) ct1
Undefined command: "ct1".  Try "help".
(gdb) p ct1
$1 = (struct nfct_conntrack *) 0x15f24
(gdb) p *ct1
Cannot access memory at address 0x15f24
(gdb) p ct1
$2 = (struct nfct_conntrack *) 0x15f24
(gdb) p ct2
$3 = (struct nfct_conntrack *) 0xbfeb5138
(gdb) p *ct2
$4 = {tuple = {{src = {v4 = 520161802, v6 = {520161802, 0,
0, 0}}, dst = {v4 = 
4278258186, v6 = {4278258186, 0, 0, 0}}, l3protonum = 2
'02', protonum = 
17 '21',
      l4src = {all = 35328, tcp = {port = 35328}, udp =
{port = 35328}, icmp = 
{type = 0 '', code = 138 '212', id = 0}, sctp = {port =
35328}}, l4dst = {
        all = 35328, tcp = {port = 35328}, udp = {port =
35328}, icmp = {type 
= 0 '', code = 138 '212', id = 0}, sctp = {port =
35328}}}, {src = {v4 = 
4278258186,
        v6 = {4278258186, 0, 0, 0}}, dst = {v4 = 520161802,
v6 = {520161802, 
0, 0, 0}}, l3protonum = 2 '02', protonum = 17 '21',
l4src = {all = 35328, 
tcp = {
          port = 35328}, udp = {port = 35328}, icmp = {type
= 0 '', code = 
138 '212', id = 0}, sctp = {port = 35328}}, l4dst = {all =
35328, tcp = 
{port = 35328},
        udp = {port = 35328}, icmp = {type = 0 '', code =
138 '212', id = 
0}, sctp = {port = 35328}}}}, timeout = 21, mark = 0, status
= 8, use = 1, id 
= 354,
  protoinfo = {tcp = {state = 0 ''}}, counters = {{packets
= 1, bytes = 
257}, {packets = 0, bytes = 0}}, nat = {min_ip = 0, max_ip =
0, l4min = {all 
= 0, tcp = {
        port = 0}, udp = {port = 0}, icmp = {type = 0 '',
code = 0 '', id 
= 0}, sctp = {port = 0}}, l4max = {all = 0, tcp = {port =
0}, udp = {port = 
0}, icmp = {
        type = 0 '', code = 0 '', id = 0}, sctp = {port
= 0}}}}
(gdb) p *ct1
Cannot access memory at address 0x15f24
(gdb) where
#0  0xb7f85731 in nfct_conntrack_compare (ct1=0x15f24,
ct2=0xbfeb5138, 
cmp=0xb7fb8ff4) at libnetfilter_conntrack.c:933
#1  0xb7f84ebd in nfct_default_conntrack_display
(arg=0xbfeb5138, flags=253, 
type=2, data=0xb7fb8ff4) at libnetfilter_conntrack.c:721
#2  0xb7f8492f in nfct_conntrack_netlink_handler
(cth=0x804e148, 
nlh=0xbfeb526c, arg=0x0) at libnetfilter_conntrack.c:579
#3  0xb7f8355c in callback_handler (nladdr=0xbfeb726c,
n=0xbfeb526c, 
arg=0x804e148) at libnetfilter_conntrack.c:75
#4  0xb7e48734 in nfnl_listen (nfnlh=0x804e008,
handler=0xb7f834b4 
<callback_handler>, jarg=0x804e148) at
libnfnetlink.c:491
#5  0xb7f8601a in __nfct_dump_conntrack_table
(cth=0x804e148, zero=0, 
family=2) at libnetfilter_conntrack.c:1110
#6  0xb7f86047 in nfct_dump_conntrack_table (cth=0x804e148,
family=2) at 
libnetfilter_conntrack.c:1115
#7  0x0804adc3 in main (argc=2, argv=0xbfeb7424) at
conntrack.c:882

-- 
Alan Ezust            www.presinet.com
Presinet, inc         alan.ezustpresinet.com
           Victoria, BC, Canada
[1]

about | contact  Other archives ( Real Estate discussion Medical topics )