[Bug 211225] [PATCH]: CRASH: telnetd crashes periodically

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Tue Jul 19 12:30:52 UTC 2016 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=211225

            Bug ID: 211225
           Summary: [PATCH]: CRASH: telnetd crashes periodically
           Product: Base System
           Version: 10.3-STABLE
          Hardware: Any
                OS: Any
            Status: New
          Keywords: patch
          Severity: Affects Only Me
          Priority: ---
         Component: bin
          Assignee: freebsd-bugs at FreeBSD.org
          Reporter: marcus at FreeBSD.org
          Keywords: patch

Created attachment 172719
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=172719&action=edit
Patch to fix telnetd crash

Yes, I still have telnetd running (though I don't use it).  Periodically, it
crashes.  I've tracked this down to a NULL pointer defref.  Attached is a patch
that fixes the crash.

The backtrace I see is:

#0  0x0000000000405657 in telrcv () at
/usr/src/libexec/telnetd/../../contrib/telnet/telnetd/state.c:231
231                                             ch = *slctab[SLC_EL].sptr;
(gdb) bt
#0  0x0000000000405657 in telrcv () at
/usr/src/libexec/telnetd/../../contrib/telnet/telnetd/state.c:231
#1  0x000000000040a149 in ttloop () at
/usr/src/libexec/telnetd/../../contrib/telnet/telnetd/utility.c:88
#2  0x0000000000407055 in doit (who=0x7fffffffeb90)
    at /usr/src/libexec/telnetd/../../contrib/telnet/telnetd/telnetd.c:510
#3  0x0000000000407aa8 in main (argc=<value optimized out>,
argv=0x7fffffffec98)
    at /usr/src/libexec/telnetd/../../contrib/telnet/telnetd/telnetd.c:413
(gdb) print slctab
$1 = {{defset = {flag = 0 '\0', val = 0 '\0'}, current = {flag = 0 '\0', val =
0 '\0'}, 
    sptr = 0x0} <repeats 31 times>}
(gdb) print *slctab
$2 = {defset = {flag = 0 '\0', val = 0 '\0'}, current = {flag = 0 '\0', val = 0
'\0'}, sptr = 0x0}
(gdb) print *slctab[SLC_EL]
No symbol "SLC_EL" in current context.
(gdb) print *slctab[11]    
Structure has no component named operator*.
(gdb) print slctab[11]
$3 = {defset = {flag = 0 '\0', val = 0 '\0'}, current = {flag = 0 '\0', val = 0
'\0'}, sptr = 0x0}
(gdb) print *slctab[11]
Structure has no component named operator*.
(gdb) print *slctab[11].sptr
Cannot access memory at address 0x0

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-bugs mailing list