Package: radvd
Version: 1.6-1.1
I see radvd segfaulting on a routing virtual machine. The crash is
reproducable by a client making a request.
dmesg:
[11736.272522] radvd[2187]: segfault at 10 ip 0804b8c3 sp bfbcaa90
error 6 in radvd[8048000+13000]
[12075.518196] radvd[2208]: segfault at 10 ip 0804b8c3 sp bfe860e0
error 6 in radvd[8048000+13000]
I then installed the dbg package for libc6 and rebuilt the package
from source. Attaching gdb to the program and segfaulting it gives me
the following backtrace:
(gdb) bt
#0 0x0804bd25 in clear_timer (tm=0x82439cc) at timer.c:117
#1 0x0804d1b0 in process_rs (sock=4, iface=0x8243918, msg=0xbfd77a68
"\205", len=0, addr=0xbfd77934) at process.c:206
#2 0x0804cf09 in process (sock=4, ifacel=0x8243a40, msg=0xbfd77a68
"\205", len=16, addr=0xbfd77934, pkt_info=0x8243774, hoplimit=255) at
process.c:133
#3 0x0804ae4b in main (argc=5, argv=0xbfd78134) at radvd.c:317
The line 177 says:
tm->prev->next = tm->next;
and the local variables are in fact NULL:
(gdb) print *tm
$1 = {expires = {tv_sec = 0, tv_usec = 0}, handler = 0, data = 0x0,
next = 0x0, prev = 0x0}
This is a debian squeeze linux 2.6.32-5-686 and libc6 2.11.3-4
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
