*** This bug is a duplicate of bug 182840 *** https://bugs.launchpad.net/bugs/182840
This bug is marked as a dup of 182840, but I do not have permission to view that bug (marking something as a dup of a private bug is not particularly useful). A quick analysis of this bug shows that it stems from dereferencing an uninitialized pointer. prio_print_opt() calls parse_rtattr_nested_compat with an array and specifies that at most TCA_PRIO_MAX entries should be filled. parse_rtattr_nester_compat() in turn initializes the first TCA_PRIO_MAX entries. However, TCA_PRIO_MQ == TCA_PRIO_MAX and this array offset is referenced, causing the crash. Judging by the appearance of parse_rtattr(), the correct fix is adjust __parse_rtattr_nested_compat() to contain: memset(tb, 0, sizeof(rtattr *) * (max+1)); rather than: memset(tb, 0, sizeof(rtattr *) * max); -- tc crashed with SIGSEGV in prio_print_opt() https://bugs.launchpad.net/bugs/187227 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs