The libsmi parser memory faults when parsing mibs/ietf/DOT12-RPTR-MIB. Repeat by running smilint mibs/ietf/DOT12-RPTR-MIB after installing libsmi. This happened to me under RedHat 9 (gcc 3.2.2/x86) and RedHat 7.3 (gcc 2.96/x86).
The parser usually runs off the rails thus:
$ gdb /usr/local/bin/smilint
[stuff omitted]
(gdb) run mibs/ietf/DOT12-RPTR-MIB Starting program: /usr/local/bin/smilint mibs/ietf/DOT12-RPTR-MIB mibs/ietf/DOT12-RPTR-MIB:36: revision for last update is missing mibs/ietf/DOT12-RPTR-MIB:151: warning: use Integer32 instead of INTEGER in SMIv2
Program received signal SIGSEGV, Segmentation fault. 0x40037b15 in checkObjects (parserPtr=0xbffff5f0, modulePtr=0x80559a0) at parser-smi.y:220 220 if (objectPtr->nodePtr->parentPtr && (gdb) where #0 0x40037b15 in checkObjects (parserPtr=0xbffff5f0, modulePtr=0x80559a0) at parser-smi.y:220 #1 0x4003a26c in smiparse (parserPtr=0xbffff5f0) at parser-smi.y:1641 #2 0x40031021 in loadModule ( modulename=0xbffff841 "mibs/ietf/DOT12-RPTR-MIB", parserPtr=0x0) at data.c:3792 #3 0x40035110 in smiLoadModule (module=0xbffff841 "mibs/ietf/DOT12-RPTR-MIB") at smi.c:416 #4 0x080492f2 in main (argc=2, argv=0xbffff6f4) at smilint.c:314 #5 0x42017589 in __libc_start_main () from /lib/i686/libc.so.6 (gdb) print objectPtr->nodePtr->parentPtr $1 = (struct Node *) 0x62696d2f
Running with ElectricFence and EF_PROTECT_BELOW on turns up a problem, if that helps. I can provide details if that would help.
Allen McIntosh wrote:
The libsmi parser memory faults when parsing mibs/ietf/DOT12-RPTR-MIB. [...]
Thank you very much, Allen. This was a rather nasty bug that only occured when a module is imported in the middle of another module (within a MODULE-COMPLIANCE statement that contains a MODULE sub-statement). A fixed revision is now available from the SVN repository.
-frank
It turns out that one of the reasons we had such trouble on HP-UX was that a C++ compiler was used, and it believes all .c files are C++. Lots of const's were required to shut the compiler up, along with explicit casts from (void *) and changes to variable names like "new". Adding "const" might help find some bugs (see below) but I won't pollute the mailing list with all the changes. If someone is interested, I can provide a context diff.
I have attached two files fixing possible bugs. The first file fixes a problem in lib/smi.c, where the comiler claims the implicit cast to unsigned long long happens too late to keep (1<<i) from being truncated to 32 bits. The second file fixes a possible character string overflow. (It doesn't happen with the current contents of the character string.)
*** /u/mcintosh/hp/src/libsmi-0.4.3.ori/lib/smi.c Wed Aug 18 05:51:01 2004 --- ./smi.c Tue May 3 08:41:54 2005 *************** *** 1595,1605 **** smiAsprintf(&s, f, smiValuePtr->value.unsigned64); } else if (smiTypePtr->format[0] == 'b') { for (i = 64 - 1; ! i > 0 && !(smiValuePtr->value.unsigned64 & (1 << i)); i--); ! s = smiMalloc(i + 1 + 1); if (s) { for (j = 0; i >= 0; i--, j++) { ! s[j] = smiValuePtr->value.unsigned64 & (1<<i) ? '1' : '0'; } s[j] = 0; } --- 1595,1605 ---- smiAsprintf(&s, f, smiValuePtr->value.unsigned64); } else if (smiTypePtr->format[0] == 'b') { for (i = 64 - 1; ! i > 0 && !(smiValuePtr->value.unsigned64 & ((unsigned long long)1 << i)); i--); ! s = (char *)smiMalloc(i + 1 + 1); if (s) { for (j = 0; i >= 0; i--, j++) { ! s[j] = smiValuePtr->value.unsigned64 & ((unsigned long long)1<<i) ? '1' : '0'; } s[j] = 0; }
*** /u/mcintosh/hp/src/libsmi-0.4.3.ori/tools/dump-xsd.c Wed Aug 18 05:50:59 2004 --- ./dump-xsd.c Mon May 2 23:02:26 2005 *************** *** 35,49 **** #define MIN(a,b) ((a)) < ((b)) ? ((a)) : ((b)) #endif /* #ifndef MIN */
! static char *schemaLocation = "http://www.ibr.cs.tu-bs.de/projects/libsmi/xsd/"; static int container = 0; static char *containerBasename = "container"; static int *nestAugmentedTables = 0; static int *nestSubtables = 0;
typedef struct XmlEscape { char character; char *escape; } XmlEscape;
static XmlEscape xmlEscapes [] = { --- 35,49 ---- #define MIN(a,b) ((a)) < ((b)) ? ((a)) : ((b)) #endif /* #ifndef MIN */
! static const char *schemaLocation = "http://www.ibr.cs.tu-bs.de/projects/libsmi/xsd/"; static int container = 0; static char *containerBasename = "container"; static int *nestAugmentedTables = 0; static int *nestSubtables = 0;
typedef struct XmlEscape { char character; char *escape; } XmlEscape;
static XmlEscape xmlEscapes [] = { *************** *** 2532,2538 ****
/* make sure url ends with '/' */ if( schemaLocation[ strlen( schemaLocation ) - 1 ] != '/' ) { ! smiAsprintf( &schemaLocation, "%s%c", schemaLocation, '/'); } if (container) { --- 2532,2540 ----
/* make sure url ends with '/' */ if( schemaLocation[ strlen( schemaLocation ) - 1 ] != '/' ) { ! char *s = (char *)malloc(strlen(schemaLocation)+2); ! smiAsprintf( &s, "%s%c", schemaLocation, '/'); ! schemaLocation = s; } if (container) {
participants (2)
-
Allen McIntosh -
Frank Strauß