wpa_supplicant segmentation fault
Jouni Malinen
j
Mon Mar 2 10:35:40 PST 2009
On Wed, Feb 25, 2009 at 08:22:12AM +0200, Cristian NAVALICI wrote:
> #0 0x00002ae783bb947b in memcpy () from /lib64/libc.so.6
> #1 0x0000000000431f5c in wpa_driver_ralink_get_scan_results (priv=0x1432cd10, results=0x14340400, max_size=<value optimized out>) at ../src/drivers/driver_ralink.c:1113
> So, the problem is the line 1113 with the os_memcpy or something like
> this. How can I debug it further?
Thanks. I would assume that wbi->Ssid.SsidLength is corrupted and the
memcopy ends up reading and writing who knows how many bytes in this
case.
Dumping the data buffer from the driver would be a good next step to
figure out what exactly is happening here:
diff --git a/src/drivers/driver_ralink.c b/src/drivers/driver_ralink.c
index e9313cb..a4b8f27 100644
--- a/src/drivers/driver_ralink.c
+++ b/src/drivers/driver_ralink.c
@@ -1105,6 +1105,8 @@ wpa_driver_ralink_get_scan_results(void *priv,
return -1;
}
+ wpa_hexdump(MSG_DEBUG, "OID_802_11_BSSID_LIST data",
+ buf, iwr.u.data.length);
os_memset(results, 0, max_size * sizeof(struct wpa_scan_result));
for (ap_num = 0, wbi = wsr->Bssid; ap_num < wsr->NumberOfItems;
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list