Bug 6998 - ping6 segmentation fault
Summary: ping6 segmentation fault
Status: RESOLVED WORKSFORME
Alias: None
Product: Busybox
Classification: Unclassified
Component: Networking (show other bugs)
Version: unspecified
Hardware: Other Linux
: P5 minor
Target Milestone: ---
Assignee: unassigned
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-03-28 01:33 UTC by dajiang wan
Modified: 2016-09-21 16:14 UTC (History)
2 users (show)

See Also:
Host:
Target:
Build:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description dajiang wan 2014-03-28 01:33:24 UTC 
when running ping6 on an ARM( Atmel AT91SAM9260, linux-2.6.38.8).
the command is:
ping6 -c 4 ::1
PING ::1 (::1): 56 data bytes
Segmentation fault


#816 line: (busybox-1.22.1/networking/ping.c)
    for (mp = CMSG_FIRSTHDR(&msg); mp; mp = CMSG_NXTHDR(&msg, mp)) {
	if (mp->cmsg_level == SOL_IPV6
		&& mp->cmsg_type == IPV6_HOPLIMIT
		/* don't check len - we trust the kernel: */
		/* && mp->cmsg_len >= CMSG_LEN(sizeof(int)) */
		) {
			/*hoplimit = *(int*)CMSG_DATA(mp); - unaligned access */
			move_from_unaligned_int(hoplimit, CMSG_DATA(mp));
			break;
		}
	}
    }

I add "break" at line 824, then I test again, all is OK!
Comment 1 taedaero 2016-08-30 10:54:26 UTC 
busybox - 1.25.00.

In my case, 

I Modified the data type.

char *rcv_packet -> void *rcv_packet ; Ping.c Line 374.

and i test ping6, it's OK.
Comment 2 Denys Vlasenko 2016-09-01 15:41:31 UTC 
Strange. That should change nothing.

Please generate and attach networking/ping.s (run "make networking/ping.s") before and after your change.