[FS#251] sending SIGSEGV to dnsmasq for invalid read access from 00000000

LEDE Bugs lede-bugs at lists.infradead.org
Wed Nov 16 11:36:02 PST 2016 

The following task has a new comment added:

FS#251 - sending SIGSEGV to dnsmasq for invalid read access from 00000000
User who did this - Matthias Schiffer (NeoRaider)

----------
I'm seeing the same issue, unfortunately also without debug symbols. I haven't had a closer look yet, but here's some GDB output:


#0  0x00439ff1 in nonblock_immune_read ()
(gdb) bt
#0  0x00439ff1 in nonblock_immune_read ()
#1  0x0041bc23 in argstr ()
#2  0x0041bd89 in expandarg ()
#3  0x0041e7c3 in evalfor ()
#4  0x0041dc37 in evaltreenr ()
#5  0x0041dc37 in evaltreenr ()
#6  0x0041e117 in cmdloop ()
#7  0x0041f8e3 in ash_main ()
#8  0x00407879 in run_applet_no_and_exit ()
#9  0x004078f1 in main ()
(gdb) info registers
          zero       at       v0       v1       a0       a1       a2       a3
 R0   00000000 80480000 00000000 fffffffc 00000000 7fda119c 00000080 00000000
            t0       t1       t2       t3       t4       t5       t6       t7
 R8   00000000 80f7fa80 00000001 00000000 8104217c 00000024 804a0000 ffffff80
            s0       s1       s2       s3       s4       s5       s6       s7
 R16  00000000 00000003 00000003 0040789d 77292000 77292000 77294500 77295e94
            t8       t9       k0       k1       gp       sp       s8       ra
 R24  00000000 772144f8 00000000 00000000 7729b2b0 7fda1108 00000000 00439fe5
            sr       lo       hi      bad    cause       pc
      0000dc13 02400000 000f4537 00000000 00800008 00439ff1
           fsr      fir
      00000000 00000000
(gdb) disas
Dump of assembler code for function nonblock_immune_read:
   0x00439fd5 :     save    a0-a2,48,ra,s0-s1
   0x00439fd9 :     move    s1,a0
   0x00439fdb :     lw      a2,56(sp)
   0x00439fdd :     lw      a1,52(sp)
   0x00439fdf :    jal     0x4086c1 
   0x00439fe3 :    move    a0,s1
   0x00439fe5 :    slti    v0,0
   0x00439fe7 :    move    s0,v0
   0x00439fe9 :    bteqz   0x43a00d 
   0x00439feb :    jal     0x448ff1 
   0x00439fef :    nop
=> 0x00439ff1 :    lw      v0,0(v0)
   0x00439ff3 :    cmpi    v0,11
   0x00439ff5 :    btnez   0x43a00d 
   0x00439ff7 :    li      v0,1
   0x00439ff9 :    li      a2,1
   0x00439ffb :    move    v1,sp
   0x00439ffd :    neg     a2
   0x00439fff :    li      a1,1
   0x0043a001 :    addiu   a0,sp,24
   0x0043a003 :    sw      s1,24(sp)
   0x0043a005 :    jal     0x43a671 
   0x0043a009 :    sh      v0,28(v1)
   0x0043a00b :    b       0x439fdb 
   0x0043a00d :    move    v0,s0
   0x0043a00f :    restore 48,ra,s0-s1
   0x0043a011 :    jrc     ra
End of assembler dump.

----------

More information can be found at the following URL:
https://bugs.lede-project.org/index.php?do=details&task_id=251#comment858

More information about the lede-bugs mailing list