[nftables PATCH 2/5] expression: don't free TYPE_INVALID datatype

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Eric Leblond <eric@regit.org>
To: netfilter-devel@vger.kernel.org
Cc: Eric Leblond <eric@regit.org>
Subject: [nftables PATCH 2/5] expression: don't free TYPE_INVALID datatype
Date: Sun,  2 Jun 2013 12:38:29 +0200	[thread overview]
Message-ID: <1370169512-23500-3-git-send-email-eric@regit.org> (raw)
In-Reply-To: <1370169512-23500-1-git-send-email-eric@regit.org>

TYPE_INVALID datatype are unitialised and should not be free.

The following invalid command was segfaulting:
 nft add rule global filter  ip daddr . tcp dport { 192.168.0.1 . 22\; 192.168.0.3 . 89 } drop
with the following backtrace:
 (gdb) bt
 #0  0x00007ffff6f39295 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
 #1  0x00007ffff6f3c438 in __GI_abort () at abort.c:90
 #2  0x00007ffff6f7486b in __libc_message (do_abort=do_abort@entry=2, fmt=fmt@entry=0x7ffff7070d28 "*** Error in `%s': %s: 0x%s ***\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:199
 #3  0x00007ffff6f7eac6 in malloc_printerr (action=3, str=0x7ffff706ccca "free(): invalid pointer", ptr=<optimized out>) at malloc.c:4902
 #4  0x00007ffff6f7f843 in _int_free (av=<optimized out>, p=0x428530, have_lock=0) at malloc.c:3758
 #5  0x000000000041aae8 in xfree (ptr=0x428540 <invalid_type>) at src/utils.c:29
 #6  0x000000000040bc43 in concat_type_destroy (dtype=0x428540 <invalid_type>) at src/datatype.c:690
 #7  0x000000000040cebf in concat_expr_destroy (expr=0x643b90) at src/expression.c:571
 #8  0x000000000040bef4 in expr_free (expr=0x643b90) at src/expression.c:67
 #9  0x000000000040cd8e in compound_expr_destroy (expr=0x643c20) at src/expression.c:542
 #10 0x000000000040bef4 in expr_free (expr=0x643c20) at src/expression.c:67
 #11 0x000000000041c314 in yydestruct (yymsg=0x4354a1 "Error: popping", yytype=242, yyvaluep=0x7fffffffbcf8, yylocationp=0x7fffffff9db8, scanner=0x643690, state=0x7fffffffdf90) at src/parser.y:398
 #12 0x000000000041ffb7 in nft_parse (scanner=0x643690, state=0x7fffffffdf90) at src/parser.c:5519
 #13 0x00000000004074df in nft_run (scanner=0x643690, state=0x7fffffffdf90, msgs=0x7fffffffdf80) at src/main.c:156
 #14 0x0000000000407a78 in main (argc=19, argv=0x7fffffffe698) at src/main.c:288

Signed-off-by: Eric Leblond <eric@regit.org>
---
 src/expression.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/expression.c b/src/expression.c
index 8cf3f62..e4108d0 100644
--- a/src/expression.c
+++ b/src/expression.c
@@ -568,7 +568,8 @@ void compound_expr_remove(struct expr *compound, struct expr *expr)
 
 static void concat_expr_destroy(struct expr *expr)
 {
-	concat_type_destroy(expr->dtype);
+	if (expr->dtype && expr->dtype->type != TYPE_INVALID)
+		concat_type_destroy(expr->dtype);
 	compound_expr_destroy(expr);
 }
 
-- 
1.7.10.4

next prev parent reply	other threads:[~2013-06-02 10:38 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-06-02 10:38 [nftables PATCH 0/5] misc fixes Eric Leblond
2013-06-02 10:38 ` [nftables PATCH 1/5] doc: fix inversion of operator and object Eric Leblond
2013-06-02 10:38 ` Eric Leblond [this message]
2013-06-02 10:38 ` [nftables PATCH 3/5] rule: list elements in set in any case Eric Leblond
2013-06-02 10:38 ` [nftables PATCH 4/5] cli: add quit command Eric Leblond
2013-06-02 10:38 ` [nftables PATCH 5/5] cli: reset terminal when CTRL+d is pressed Eric Leblond
2013-06-06 11:43 ` [nftables PATCH 0/5] misc fixes Pablo Neira Ayuso
2013-06-06 12:02   ` Pablo Neira Ayuso
2013-06-08 10:12     ` Eric Leblond

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:8cf3f62 dfblob:e4108d0 )
 OR (
bs:"[nftables PATCH 2/5] expression: don't free TYPE_INVALID datatype" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1370169512-23500-3-git-send-email-eric@regit.org \
    --to=eric@regit.org \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).