Summary: | [PATCH]: CRASH: telnetd crashes periodically | ||||||
---|---|---|---|---|---|---|---|
Product: | Base System | Reporter: | Joe Marcus Clarke <marcus> | ||||
Component: | bin | Assignee: | freebsd-bugs (Nobody) <bugs> | ||||
Status: | New --- | ||||||
Severity: | Affects Only Me | Keywords: | patch | ||||
Priority: | --- | ||||||
Version: | 10.3-STABLE | ||||||
Hardware: | Any | ||||||
OS: | Any | ||||||
Attachments: |
|
Created attachment 172719 [details] Patch to fix telnetd crash Yes, I still have telnetd running (though I don't use it). Periodically, it crashes. I've tracked this down to a NULL pointer defref. Attached is a patch that fixes the crash. The backtrace I see is: #0 0x0000000000405657 in telrcv () at /usr/src/libexec/telnetd/../../contrib/telnet/telnetd/state.c:231 231 ch = *slctab[SLC_EL].sptr; (gdb) bt #0 0x0000000000405657 in telrcv () at /usr/src/libexec/telnetd/../../contrib/telnet/telnetd/state.c:231 #1 0x000000000040a149 in ttloop () at /usr/src/libexec/telnetd/../../contrib/telnet/telnetd/utility.c:88 #2 0x0000000000407055 in doit (who=0x7fffffffeb90) at /usr/src/libexec/telnetd/../../contrib/telnet/telnetd/telnetd.c:510 #3 0x0000000000407aa8 in main (argc=<value optimized out>, argv=0x7fffffffec98) at /usr/src/libexec/telnetd/../../contrib/telnet/telnetd/telnetd.c:413 (gdb) print slctab $1 = {{defset = {flag = 0 '\0', val = 0 '\0'}, current = {flag = 0 '\0', val = 0 '\0'}, sptr = 0x0} <repeats 31 times>} (gdb) print *slctab $2 = {defset = {flag = 0 '\0', val = 0 '\0'}, current = {flag = 0 '\0', val = 0 '\0'}, sptr = 0x0} (gdb) print *slctab[SLC_EL] No symbol "SLC_EL" in current context. (gdb) print *slctab[11] Structure has no component named operator*. (gdb) print slctab[11] $3 = {defset = {flag = 0 '\0', val = 0 '\0'}, current = {flag = 0 '\0', val = 0 '\0'}, sptr = 0x0} (gdb) print *slctab[11] Structure has no component named operator*. (gdb) print *slctab[11].sptr Cannot access memory at address 0x0