Bug 6998

Summary:	ping6 segmentation fault
Product:	Busybox	Reporter:	dajiang wan <dajiangwan>
Component:	Networking	Assignee:	unassigned
Status:	RESOLVED WORKSFORME
Severity:	minor	CC:	267357206, busybox-cvs
Priority:	P5
Version:	unspecified
Target Milestone:	---
Hardware:	Other
OS:	Linux
Host:		Target:
Build:

Description dajiang wan 2014-03-28 01:33:24 UTC

when running ping6 on an ARM( Atmel AT91SAM9260, linux-2.6.38.8).
the command is:
ping6 -c 4 ::1
PING ::1 (::1): 56 data bytes
Segmentation fault


#816 line: (busybox-1.22.1/networking/ping.c)
    for (mp = CMSG_FIRSTHDR(&msg); mp; mp = CMSG_NXTHDR(&msg, mp)) {
	if (mp->cmsg_level == SOL_IPV6
		&& mp->cmsg_type == IPV6_HOPLIMIT
		/* don't check len - we trust the kernel: */
		/* && mp->cmsg_len >= CMSG_LEN(sizeof(int)) */
		) {
			/*hoplimit = *(int*)CMSG_DATA(mp); - unaligned access */
			move_from_unaligned_int(hoplimit, CMSG_DATA(mp));
			break;
		}
	}
    }

I add "break" at line 824, then I test again, all is OK!

Comment 1 taedaero 2016-08-30 10:54:26 UTC

busybox - 1.25.00.

In my case, 

I Modified the data type.

char *rcv_packet -> void *rcv_packet ; Ping.c Line 374.

and i test ping6, it's OK.

Comment 2 Denys Vlasenko 2016-09-01 15:41:31 UTC

Strange. That should change nothing.

Please generate and attach networking/ping.s (run "make networking/ping.s") before and after your change.