[FS#251] sending SIGSEGV to dnsmasq for invalid read access from 00000000
LEDE Bugs
lede-bugs at lists.infradead.org
Thu Nov 17 07:35:11 PST 2016
The following task has a new comment added:
FS#251 - sending SIGSEGV to dnsmasq for invalid read access from 00000000
User who did this - Matthias Schiffer (NeoRaider)
----------
It is indeed a Heisenbug, any change to the code to add debug output makes it go away. More weirdness (if the information from the core dump I got is accurate):
* The whole function is aligned to odd addresses; I've never seen this before. Is this even allowed? More weirdly, gdb dumps the addresses like this, while objdump shows the whole function shifted by one byte, so the addresses are even (it's MIPS16 code, so it is not aligned to 4 bytes)
* If the program counter is accurate (which I'm not sure about), the only way a NULL dereference can happen here is if __errno_location() has returned NULL (or something even weirder like register corruption). This should not be possible.
I can reproduce the issue fairly easily on a TL-WR1043 v1 by calling "/etc/init.d/network restart" when dnsmasq is restarted by this, but I haven't seen it on a TL-WR841 v7. Either this is hardware-dependent, or something changed because I cleaned my tree when changing the models; I'll have to check again when I have both devices at the same place.
----------
More information can be found at the following URL:
https://bugs.lede-project.org/index.php?do=details&task_id=251#comment862
More information about the lede-bugs
mailing list