segfault in nl_object_clone

Thomas Graf tgraf at suug.ch
Tue Oct 22 08:21:17 EDT 2013


On 10/14/13 at 05:50pm, Teto wrote:
> Hi,
> 
> I just had a segfault while calling  the class Object(object)
> constructor from python binding at the level of
> capi.nl_object_clone(self._nl_object):
>     def __init__(self, obj_name, name, obj=None):
>         self._obj_name = obj_name
>         self._name = name
>         self._modules = []
> 
>         if not obj:
>             obj = capi.object_alloc_name(self._obj_name)
>             if not obj:
>                 raise ValueError( "[" + self._obj_name + "] does not
> look like a valid name" )
> 
> 
>         clone_obj = capi.nl_object_clone(self._nl_object)
>         self._orig = self._obj2type(clone_obj)
> 
> Looks like calling nl_object_clone on an empty nl_object crashes
> because there is no check in nl_object_clone to detect e NULL
> parameter, which case happens when you provide a bad name in
> capi.object_alloc_name(self._obj_name). I suggest to add a check after
> object allocation in this way:
>         if not obj:
>             obj = capi.object_alloc_name(self._obj_name)
>             if not obj:
>                 raise ValueError( "[" + self._obj_name + "] does not
> look like a valid name" )
> 
> This happened to me while trying to initialize flnl_request but it
> seems its operations are not registered into the cache manager. Any
> idea why ?

I pushed the following fix to avoid the segfault. Feel free to submit
a patch to the python code catching the NULL return.

commit d976e2e62bdaca2530f87e97730d03f93f662226
Author: Thomas Graf <tgraf at suug.ch>
Date:   Tue Oct 22 14:16:43 2013 +0200

    obj: Check for NULL pointer in nl_object_clone()
    
    Signed-off-by: Thomas Graf <tgraf at suug.ch>

diff --git a/lib/object.c b/lib/object.c
index 9293df9..c3751a6 100644
--- a/lib/object.c
+++ b/lib/object.c
@@ -114,6 +114,9 @@ struct nl_object *nl_object_clone(struct nl_object
*obj)
        int doff = offsetof(struct nl_derived_object, data);
        int size;
 
+       if (!obj)
+               return NULL;
+
        new = nl_object_alloc(ops);
        if (!new)
                return NULL;




More information about the libnl mailing list