Bug 169003 - Kudzu segfaults with 'NETWORK' class probing and ndiswrapper
Summary: Kudzu segfaults with 'NETWORK' class probing and ndiswrapper
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: kudzu
Version: rawhide
Hardware: i386
OS: Linux
medium
high
Target Milestone: ---
Assignee: Bill Nottingham
QA Contact: David Lawrence
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-09-22 00:24 UTC by Daniel de Kok
Modified: 2014-03-17 02:56 UTC (History)
1 user (show)

Fixed In Version: 1.2.8-1
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-09-22 04:28:58 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Daniel de Kok 2005-09-22 00:24:16 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050825 Firefox/1.0.4 (Debian package 1.0.4-2sarge3)

Description of problem:
Kudzu segfaults when ndiswrapper is used, because the tmp->driver pointer is not checked before using it in sortNetDevices. Wireless cards that are not suppported through normal Linux drivers, but that are supported through ndiswrapper are not available through modules.alias, and do not have the driver field filled in.

(Even if this was the case it would probably be a good idea to check the pointer anyway?)

Version-Release number of selected component (if applicable):
kudzu CVS (HEAD)

How reproducible:
Always

Steps to Reproduce:
1. kudzu -p -c NETWORK

Actual Results:  # kudzu -p -c NETWORK
Segmentation fault

# gdb kudzu
(gdb) run -p -c NETWORK
Starting program: /home/daniel/libranet-newsvn/libranet/trunk/packages/kudzu/kudzu -p -c NETWORK

Program received signal SIGSEGV, Segmentation fault.
0xb7f081b0 in strcmp () from /lib/tls/libc.so.6
(gdb) bt full
#0  0xb7f081b0 in strcmp () from /lib/tls/libc.so.6
No symbol table info available.
#1  0x0804f685 in sortNetDevices (devs=0x8121048) at kudzu.c:296
        cur = (struct device *) 0x811ee98
        next = (struct device *) 0x811ee98
        tmp = (struct device *) 0x811ef38
        modulename = 0x811efb0 "8139too"
#2  0x080516c4 in probeDevices (probeClass=CLASS_NETWORK, probeBus=-9, 
    probeFlags=1) at kudzu.c:846
        devices = (struct device *) 0x0
        devlist = (struct device **) 0x8150078
        numDevs = 3
        bus = 20
        x = 3
        index = 0
        cl = CLASS_UNSPEC
        logLevel = 7
[...]

Expected Results:  # kudzu -p -c NETWORK
-
class: NETWORK
bus: PCI
detached: 0
device: eth
desc: "Realtek Semiconductor Co., Ltd. RTL8180L 802.11b MAC"
vendorId: 10ec
deviceId: 8180
subVendorId: 10ec
subDeviceId: 8180
pciType: 1
pcidom:    0
pcibus:  0
pcidev:  b
pcifn:  0

(Left out other NETWORK class devices.)

Additional info:

Diff that fixes this:

Index: kudzu.c
===================================================================
RCS file: /usr/local/CVS/kudzu/kudzu.c,v
retrieving revision 1.147
diff -b -u -r1.147 kudzu.c
--- kudzu.c     19 Sep 2005 18:29:43 -0000      1.147
+++ kudzu.c     22 Sep 2005 00:13:45 -0000
@@ -293,7 +293,7 @@
                if (!next || next->type != CLASS_NETWORK) return;
                tmp = next->next;
                while (tmp && tmp->type == CLASS_NETWORK) {
-                       if (!strcmp(tmp->driver,modulename)) {
+                       if (tmp->driver && !strcmp(tmp->driver,modulename)) {
                                next->next = tmp->next;
                                tmp->next = cur->next;
                                cur->next = tmp;
Comment 1 Bill Nottingham 2005-09-22 04:28:58 UTC 
Thanks, I keep missing them.

Will be fixed in 1.2.8-1
Comment 2 Bill Nottingham 2005-09-22 04:30:39 UTC 
Note: you'll want to check modulename too.
Comment 3 Daniel de Kok 2005-09-22 06:46:21 UTC 
Good point, thanks!
Comment 4 Bill Nottingham 2005-09-22 16:01:54 UTC 
I did a source code audit - 1.2.8-1 should have all cases of this fixed.
Note You need to log in before you can comment on or make changes to this bug.