Package: slirp
Version: 1:1.0.17-3
Severity: important
On amd64 architectures, slirp crashes immediately when file logging is enabled
with "log start".
It happens at the first call to lprint after the log file is opened and ready
for logging.
The reason is that the va_list object "args" is used twice in that case, once at
lprint_ptr += (*lprint_print)(*lprint_arg, format, args);
and once at
vfprintf(lfd, bptr2, args);
After the first call, args gets invalid because all arguments have been read
from the va_args structure.
For some reason, this does not happen on i386 versions. Maybe a real copy of
args is created when the
function is called in i386.
A patch to fix the crash is attached.
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages slirp depends on:
ii libc6 2.11.2-2 Embedded GNU C Library: Shared lib
slirp recommends no packages.
slirp suggests no packages.
-- no debconf information
--- slirp-1.0.17/src/misc.c 2010-07-02 13:12:16.000000000 +0200
+++ slirp-1.0.17-changed/src/misc.c 2010-07-02 15:37:19.617074017 +0200
@@ -602,13 +602,17 @@
#endif
{
va_list args;
+ va_list args2;
#ifdef __STDC__
va_start(args, format);
+ va_start(args2, format);
#else
char *format;
va_start(args);
+ va_start(args2);
format = va_arg(args, char *);
+ va_arg(args2, char *); // skip
#endif
/* If we're printing to an sbuf, make sure there's enough room */
/* XXX +100? */
@@ -651,10 +655,11 @@
else
bptr1++;
}
- vfprintf(lfd, bptr2, args);
+ vfprintf(lfd, bptr2, args2);
free(bptr2);
}
va_end(args);
+ va_end(args2);
}
void
