OpenSSH -current segfaults on HP-UX+gcc

Darren Tucker dtucker at zip.com.au
Mon May 19 09:43:54 EST 2003


Hi All.
	As of last night, sshd now segfaults on HP-UX (11.00, gcc 3.2.2) on
startup.

	I've single-stepped through the code in freeaddrinfo and it's called with
a valid *addrinfo, follows ai_next once then for some reason attempts to
deref the second pointer which is NULL.

	Suspecting a compiler/optimization bug I recompiled fake-getaddrinfo.c
without optimization but that made no difference.

	If I change the for loop to "for(;ai != NULL; next = ai ? ai->ai_next :
NULL)" then it works, but I can't see why the code does not work as
written.

	Any ideas?

		-Daz.

# gdb -q ./sshd
(gdb) set args -ddd -p 2022 -o UsePrivilegeSeparation=no
(gdb) run
Starting program: /home/dtucker/openssh-cvs/hpux/sshd -ddd -p 2022 -o
UsePrivilegeSeparation=no
[snip]
Server listening on 0.0.0.0 port 2022.

Program received signal SIGSEGV, Segmentation fault.
0x00047854 in freeaddrinfo (ai=0x0)
    at ../../openbsd-compat/fake-getaddrinfo.c:39
39              for(;ai != NULL; next = ai->ai_next) {
(gdb) info args
ai = (struct addrinfo *) 0x0
(gdb) bt
#0  0x00047854 in freeaddrinfo (ai=0x0)
    at ../../openbsd-compat/fake-getaddrinfo.c:39
#1  0x00012340 in main (ac=2139032224, av=0x4) at ../sshd.c:1192
(gdb) frame 0
#0  0x00047854 in freeaddrinfo (ai=0x0)
    at ../../openbsd-compat/fake-getaddrinfo.c:39
39              for(;ai != NULL; next = ai->ai_next) {
(gdb) list
34      void
35      freeaddrinfo(struct addrinfo *ai)
36      {
37              struct addrinfo *next;
38      
39              for(;ai != NULL; next = ai->ai_next) {
40                      free(ai);
41                      ai = next;
42              }
43      }

-- 
Darren Tucker (dtucker at zip.com.au)
GPG Fingerprint D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.




More information about the openssh-unix-dev mailing list