From mboxrd@z Thu Jan  1 00:00:00 1970
From: Stephen Hemminger <stephen@networkplumber.org>
Subject: Re: [iproute2 1/2] ss: fix crash when skipping disabled header
 field
Date: Tue, 9 Jan 2018 08:03:26 -0800
Message-ID: <20180109080326.000f603e@xeon-e3>
References: <20180106183150.10530-1-a@unstable.cc>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Cc: netdev@vger.kernel.org, Stefano Brivio <sbrivio@redhat.com>
To: Antonio Quartulli <a@unstable.cc>
Return-path: <netdev-owner@vger.kernel.org>
Received: from mail-pg0-f46.google.com ([74.125.83.46]:32873 "EHLO
        mail-pg0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S933094AbeAIQD3 (ORCPT
        <rfc822;netdev@vger.kernel.org>); Tue, 9 Jan 2018 11:03:29 -0500
Received: by mail-pg0-f46.google.com with SMTP id i196so8265296pgd.0
        for <netdev@vger.kernel.org>; Tue, 09 Jan 2018 08:03:29 -0800 (PST)
In-Reply-To: <20180106183150.10530-1-a@unstable.cc>
Sender: netdev-owner@vger.kernel.org
List-ID: <netdev.vger.kernel.org>

On Sun,  7 Jan 2018 02:31:49 +0800
Antonio Quartulli <a@unstable.cc> wrote:

> When the first header field is disabled (i.e. when passing the -t
> option), field_flush() is invoked with the `buffer` global variable
> still zero'd.
> However, in field_flush() we try to access buffer.cur->len
> during variables initialization, thus leading to a SIGSEGV.
> 
> It's interesting to note that this bug appears only when the code
> is compiled with -O0, because the compiler is smart
> enough to immediately jump to the return statement if optimizations
> are enabled and skip the faulty instruction.
> 
> Cc: Stefano Brivio <sbrivio@redhat.com>
> Cc: Stephen Hemminger <stephen@networkplumber.org>
> Signed-off-by: Antonio Quartulli <a@unstable.cc>

Both applied, thanks.