libnl segmentation fault
Thomas Graf
tgraf at infradead.org
Sat Apr 21 11:18:04 EDT 2012
On Sat, Apr 21, 2012 at 04:57:44PM +0200, Borja Ruiz-Castro wrote:
> Hi!
>
> I think a just found a bug using lorcon + linbl (segmentation fault)
>
> The problem is *genl_unregister():*
>
>
> (gdb) disass 0x00007ffff77afb8d
> Dump of assembler code for function genl_unregister:
> => 0x00007ffff77afb80 <+0>: push %rbx
> 0x00007ffff77afb81 <+1>: mov %rdi,%rbx
> 0x00007ffff77afb84 <+4>: callq 0x7ffff778dbf0
> <nl_cache_mngt_unregister at plt>
> 0x00007ffff77afb89 <+9>: mov 0x40(%rbx),%rax
> * 0x00007ffff77afb8d <+13>: mov 0x28(%rax),%rdx*
> 0x00007ffff77afb91 <+17>: mov 0x30(%rax),%rcx
> 0x00007ffff77afb95 <+21>: mov %rcx,0x8(%rdx)
> 0x00007ffff77afb99 <+25>: mov 0x30(%rax),%rax
> 0x00007ffff77afb9d <+29>: mov %rdx,(%rax)
> 0x00007ffff77afba0 <+32>: pop %rbx
> 0x00007ffff77afba1 <+33>: retq
> End of assembler dump.
>
>
> A segmentation fault occurs when trying to copy %rdx into (%rax)+0x28,
> because the content's of %eax is 0x00!
Looks like NULL is passed to genl_unregister() which would be a
bug in the application.
More information about the libnl
mailing list