bugzilla-daemon at netfilter.org
2014-Jul-17 19:03 UTC
[Bug 967] New: segfault when adding large sets
https://bugzilla.netfilter.org/show_bug.cgi?id=967
Summary: segfault when adding large sets
Product: nftables
Version: unspecified
Platform: x86_64
OS/Version: Debian GNU/Linux
Status: NEW
Severity: normal
Priority: P5
Component: nft
AssignedTo: pablo at netfilter.org
ReportedBy: bugzilla-netfilter at malc.org.uk
Estimated Hours: 0.0
Created attachment 449
--> https://bugzilla.netfilter.org/attachment.cgi?id=449
Test case
If I attempt to load a table containing a large set (in my case, a set of 203
or more ether_addrs), nft segfaults (in some cases with what looks to me like a
corrupt stack). I'm running git head nftables, libnftnl, libmnl on kernel
3.15.5.
# Loading a simple table containing just a 203-element set (nft -f test.nft;
input attached):
Program received signal SIGSEGV, Segmentation fault.
nft_set_free (s=0x3f21fcb415fc) at set.c:48
48 if (s->table != NULL)
(gdb) bt
#0 nft_set_free (s=0x3f21fcb415fc) at set.c:48
#1 0x000000000041245f in netlink_add_setelems_compat (expr=0x6499e0,
h=<optimized out>, ctx=0x7fffffffe3a0) at src/netlink.c:1279
#2 netlink_add_setelems (ctx=ctx at entry=0x7fffffffe3a0, h=h at
entry=0x649860,
expr=0x6499e0) at src/netlink.c:1295
#3 0x0000000000406e8a in do_add_setelems (expr=<optimized out>,
h=0x649860,
ctx=0x7fffffffe3a0) at src/rule.c:577
#4 do_add_set (ctx=ctx at entry=0x7fffffffe3a0, h=h at entry=0x649860,
set=set at entry=0x649850) at src/rule.c:591
#5 0x00000000004070d1 in do_add_table (excl=<optimized out>,
table=0x649770,
loc=<optimized out>, h=<optimized out>, ctx=0x7fffffffe3a0)
at src/rule.c:609
#6 do_command_add (ctx=ctx at entry=0x7fffffffe3a0, cmd=cmd at entry=0x6518a0,
excl=excl at entry=false) at src/rule.c:625
#7 0x0000000000407eea in do_command (ctx=ctx at entry=0x7fffffffe3a0,
cmd=cmd at entry=0x6518a0) at src/rule.c:914
#8 0x0000000000406426 in nft_netlink (msgs=0x7fffffffe430,
state=0x7fffffffe440) at src/main.c:183
#9 nft_run (scanner=scanner at entry=0x645390, state=state at
entry=0x7fffffffe440,
msgs=msgs at entry=0x7fffffffe430) at src/main.c:227
#10 0x0000000000405fca in main (argc=3, argv=<optimized out>) at
src/main.c:340
# Loading a larger ruleset containing two ~1700-element sets:
Program received signal SIGSEGV, Segmentation fault.
mnl_attr_nest_start (nlh=nlh at entry=0x7fffffffd150, type=type at entry=1) at
attr.c:535
535 start->nla_type = NLA_F_NESTED | type;
(gdb) bt
#0 mnl_attr_nest_start (nlh=nlh at entry=0x7fffffffd150, type=type at entry=1)
at
attr.c:535
#1 0x00007ffff7712f6d in nft_set_elem_nlmsg_build_payload
(nlh=nlh at entry=0x7fffffffd150, e=e at entry=0x6e50c0) at set_elem.c:175
#2 0x00007ffff7713046 in nft_set_elems_nlmsg_build_payload
(nlh=nlh at entry=0x7fffffffd150, s=s at entry=0x6deef0) at set_elem.c:218
#3 0x00000000004194ee in mnl_nft_setelem_add (nf_sock=0x645340, nls=0x6deef0,
flags=<optimized out>) at src/mnl.c:821
#4 0x0001000a80010010 in ?? ()
#5 0x00009472cc431100 in ?? ()
#6 0x8001001080ce0014 in ?? ()
#7 0x736b11000001000a in ?? ()
(...)
--
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
bugzilla-daemon at netfilter.org
2014-Jul-23 20:47 UTC
[Bug 967] segfault when adding large sets
https://bugzilla.netfilter.org/show_bug.cgi?id=967
Pablo Neira Ayuso <pablo at netfilter.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |DUPLICATE
--- Comment #1 from Pablo Neira Ayuso <pablo at netfilter.org> 2014-07-23
22:47:08 CEST ---
*** This bug has been marked as a duplicate of bug 898 ***
--
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.