Fwd: Segmentation Fault: madwifi and hostapd

Jouni Malinen jkmaline
Mon Jan 30 20:42:02 PST 2006 

On Mon, Jan 30, 2006 at 07:24:56PM -0800, Chad Meister wrote:

> I've done some further investigations using gdb.
> Looking at the valgrind output, I decided to
> investigate the suspicious conditionals.  One example
> is line 135 in hostap.c:
> 
> if ((conf_syslog & module) && level >=
> conf_syslog_level)
> 
> valgrind output suggests that there is an unitialized
> value in this conditional, before it drops into
> vsyslog() and seg faults.

Hmm.. I did not notice messages about that line in the valgrind output.
The main warnings were being triggered inside glibc in vfprintf (called
from vsyslog).

>  After further
> investigation, I think the uninitialized variable is
> the conf_syslog.  The value of conf_syslog is based on
> the hostapd_config struct's unsigned int logger_syslog
> value - a variable used for bitwise operations. The
> default value of logger_syslog is an (unsigned int)
> -1.

I don't see how this could be uninitialized.

> In my setup, this is where I think things go wrong. 
> When hostapd sets logger_syslog value as a (unsigned
> int) -1, the value "4294967295" is assigned.  Wrong. 

This is the expected behavior and that (unsigned int) -1 is just a more
or less standard mechanism for setting a variable to a value with all
bits set to 1.

> I think this happens with all -1 (unsigned int)
> assignments on my machine.  When I manually set
> conf_syslog to 0 back in gdb, hostapd does not
> segfault and descends into the radius code to create
> the connection.

The segfault is clearly related to vsyslog call. Setting conf_syslog to
0 is just skipping that call which avoids the problem.

> So what is going on here?

I'm not sure. I cannot reproduce the same behavior in my tests with
valgrind on x86. Just in case, I ran a test with hostapd on PowerPC;
though, I'm using different C library, so vsyslog is different.

One possible explanation could be that something is going wrong with
variable argument processing (va_start/va_list/va_end). hostapd_logger()
is passing variable arguments into two functions in your configuration
case. Could you please try what happens if you leave logger_syslog=-1,
but change logger_stdout=0 in the configuration. This will make only
vsyslog() to use the variable arguments.

-- 
Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list