From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050825 Firefox/1.0.4 (Debian package 1.0.4-2sarge3) Description of problem: Kudzu segfaults when ndiswrapper is used, because the tmp->driver pointer is not checked before using it in sortNetDevices. Wireless cards that are not suppported through normal Linux drivers, but that are supported through ndiswrapper are not available through modules.alias, and do not have the driver field filled in. (Even if this was the case it would probably be a good idea to check the pointer anyway?) Version-Release number of selected component (if applicable): kudzu CVS (HEAD) How reproducible: Always Steps to Reproduce: 1. kudzu -p -c NETWORK Actual Results: # kudzu -p -c NETWORK Segmentation fault # gdb kudzu (gdb) run -p -c NETWORK Starting program: /home/daniel/libranet-newsvn/libranet/trunk/packages/kudzu/kudzu -p -c NETWORK Program received signal SIGSEGV, Segmentation fault. 0xb7f081b0 in strcmp () from /lib/tls/libc.so.6 (gdb) bt full #0 0xb7f081b0 in strcmp () from /lib/tls/libc.so.6 No symbol table info available. #1 0x0804f685 in sortNetDevices (devs=0x8121048) at kudzu.c:296 cur = (struct device *) 0x811ee98 next = (struct device *) 0x811ee98 tmp = (struct device *) 0x811ef38 modulename = 0x811efb0 "8139too" #2 0x080516c4 in probeDevices (probeClass=CLASS_NETWORK, probeBus=-9, probeFlags=1) at kudzu.c:846 devices = (struct device *) 0x0 devlist = (struct device **) 0x8150078 numDevs = 3 bus = 20 x = 3 index = 0 cl = CLASS_UNSPEC logLevel = 7 [...] Expected Results: # kudzu -p -c NETWORK - class: NETWORK bus: PCI detached: 0 device: eth desc: "Realtek Semiconductor Co., Ltd. RTL8180L 802.11b MAC" vendorId: 10ec deviceId: 8180 subVendorId: 10ec subDeviceId: 8180 pciType: 1 pcidom: 0 pcibus: 0 pcidev: b pcifn: 0 (Left out other NETWORK class devices.) Additional info: Diff that fixes this: Index: kudzu.c =================================================================== RCS file: /usr/local/CVS/kudzu/kudzu.c,v retrieving revision 1.147 diff -b -u -r1.147 kudzu.c --- kudzu.c 19 Sep 2005 18:29:43 -0000 1.147 +++ kudzu.c 22 Sep 2005 00:13:45 -0000 @@ -293,7 +293,7 @@ if (!next || next->type != CLASS_NETWORK) return; tmp = next->next; while (tmp && tmp->type == CLASS_NETWORK) { - if (!strcmp(tmp->driver,modulename)) { + if (tmp->driver && !strcmp(tmp->driver,modulename)) { next->next = tmp->next; tmp->next = cur->next; cur->next = tmp;
Thanks, I keep missing them. Will be fixed in 1.2.8-1
Note: you'll want to check modulename too.
Good point, thanks!
I did a source code audit - 1.2.8-1 should have all cases of this fixed.