*** This bug is a duplicate of bug 182840 ***
https://bugs.launchpad.net/bugs/182840
This bug is marked as a dup of 182840, but I do not have permission to
view that bug (marking something as a dup of a private bug is not
particularly useful).
A quick analysis of this bug shows that it stems from dereferencing an
uninitialized pointer.
prio_print_opt() calls parse_rtattr_nested_compat with an array and
specifies that at most TCA_PRIO_MAX entries should be filled.
parse_rtattr_nester_compat() in turn initializes the first TCA_PRIO_MAX
entries.
However, TCA_PRIO_MQ == TCA_PRIO_MAX and this array offset is
referenced, causing the crash.
Judging by the appearance of parse_rtattr(), the correct fix is adjust
__parse_rtattr_nested_compat() to contain:
memset(tb, 0, sizeof(rtattr *) * (max+1));
rather than:
memset(tb, 0, sizeof(rtattr *) * max);
--
tc crashed with SIGSEGV in prio_print_opt()
https://bugs.launchpad.net/bugs/187227
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
