From mboxrd@z Thu Jan  1 00:00:00 1970
From: Stefano Brivio <sbrivio@redhat.com>
Subject: Re: [iproute2 1/2] ss: fix crash when skipping disabled header
 field
Date: Sat, 6 Jan 2018 19:53:40 +0100
Message-ID: <20180106195340.4ffa4bfd@elisabeth>
References: <20180106183150.10530-1-a@unstable.cc>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Cc: netdev@vger.kernel.org,
        Stephen Hemminger <stephen@networkplumber.org>
To: Antonio Quartulli <a@unstable.cc>
Return-path: <netdev-owner@vger.kernel.org>
Received: from mx1.redhat.com ([209.132.183.28]:40956 "EHLO mx1.redhat.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1751488AbeAFSxr (ORCPT <rfc822;netdev@vger.kernel.org>);
        Sat, 6 Jan 2018 13:53:47 -0500
In-Reply-To: <20180106183150.10530-1-a@unstable.cc>
Sender: netdev-owner@vger.kernel.org
List-ID: <netdev.vger.kernel.org>

On Sun,  7 Jan 2018 02:31:49 +0800
Antonio Quartulli <a@unstable.cc> wrote:

> When the first header field is disabled (i.e. when passing the -t
> option), field_flush() is invoked with the `buffer` global variable
> still zero'd.
> However, in field_flush() we try to access buffer.cur->len
> during variables initialization, thus leading to a SIGSEGV.

Good catch, thanks for fixing this.

> It's interesting to note that this bug appears only when the code
> is compiled with -O0, because the compiler is smart
> enough to immediately jump to the return statement if optimizations
> are enabled and skip the faulty instruction.

I should really have tested all the options with -O0 as well. :( Done
now.

> Cc: Stefano Brivio <sbrivio@redhat.com>
> Cc: Stephen Hemminger <stephen@networkplumber.org>
> Signed-off-by: Antonio Quartulli <a@unstable.cc>

Fixes: 691bd854bf4a ("ss: Buffer raw fields first, then render them as a table")
Reviewed-by: Stefano Brivio <sbrivio@redhat.com>

-- 
Stefano