[AGENT++] R: R: R: pure virtual method called

Michele Marcon M.Marcon at riello-ups.com
Tue Feb 22 10:17:48 CET 2011 

Hi,
I've tried the patch,

+        if (!lookupResult->h_addr_list[0])
+        {
+          debugprintf(1, "Error resolving host name");
+          return false;
+        }
+

This if evaluates to false, therefore h_addr_list is validated. However, the memcpy still crashes.

Here is the gdb output (please note that herrno returned by gethostbyname_r() is == 1; that should mean that the function has encountered some error):


> whatis herrno
type = int
>>>>>>cb_gdb:
> output herrno
1>>>>>>cb_gdb:
> info locals
ipAddr = {s_addr = 0}
lookupResult = (hostent *) 0xbec4f608
buf = "\177\000\000\001\000\000\000\000\000\000\000\000\000000\000\000\000\000\000127.0.0.1\000EK250\000localhost.localdomain\000localhost\000\000 <repeats 1668 times>, "000\000\000\000Linux", '\0' <repeats 60 times>, "EK250", '\0' <repeats 60 times>, "2.6.19.2-EK20100211", '\0' <repeats 46 times>, "#1 PREEMPT Thu Feb 11 17:42:54"...
herrno = 1
lookup_buf = {h_name = 0xbec4ede9 "EK250", h_aliases = 0xbec4ee10, h_addrtype = 2, h_length = 4, h_addr_list = 0xbec4edd7}
ds = '\0' <repeats 46 times>, "(none)\000\000\000\000\000\000\000\000"
>>>>>>cb_gdb:
> info args
this = (IpAddress * const) 0xbec4f9c8
inaddr = 0xbec4f8c8 "EK250"
>>>>>>cb_gdb:
> whatis herrno
type = int
>>>>>>cb_gdb:
> output herrno
1>>>>>>cb_gdb:
> whatis lookupResult->h_addr_list
type = char **
>>>>>>cb_gdb:
> output lookupResult->h_addr_list
(char **) 0xbec4edd7>>>>>>cb_gdb:
> info locals
ipAddr = {s_addr = 0}
lookupResult = (hostent *) 0xbec4f608
buf = "\177\000\000\001\000\000\000\000\000\000\000\000\000000\000\000\000\000\000127.0.0.1\000EK250\000localhost.localdomain\000localhost\000\000 <repeats 1668 times>, "000\000\000\000Linux", '\0' <repeats 60 times>, "EK250", '\0' <repeats 60 times>, "2.6.19.2-EK20100211", '\0' <repeats 46 times>, "#1 PREEMPT Thu Feb 11 17:42:54"...
herrno = 1
lookup_buf = {h_name = 0xbec4ede9 "EK250", h_aliases = 0xbec4ee10, h_addrtype = 2, h_length = 4, h_addr_list = 0xbec4edd7}
ds = '\0' <repeats 46 times>, "(none)\000\000\000\000\000\000\000\000"
>>>>>>cb_gdb:
> info args
this = (IpAddress * const) 0xbec4f9c8
inaddr = 0xbec4f8c8 "EK250"
>>>>>>cb_gdb:
> whatis herrno
type = int
>>>>>>cb_gdb:
> output herrno
1>>>>>>cb_gdb:
> whatis lookupResult->h_addr_list
type = char **
>>>>>>cb_gdb:
> output lookupResult->h_addr_list
(char **) 0xbec4edd7>>>>>>cb_gdb:
> whatis lookupResult->h_addr_list[0]
type = char *
>>>>>>cb_gdb:
> output lookupResult->h_addr_list[0]
0xbe <Address 0xbe out of bounds>>>>>>>cb_gdb:
> next
/mnt/hda1/sorgenti_snmpv3_last_release/snmp++/src/address.cpp:893:23820:beg:0x11934
>>>>>>cb_gdb:
> info locals
ipAddr = {s_addr = 0}
lookupResult = (hostent *) 0xbec4f608
buf = "\177\000\000\001\000\000\000\000\000\000\000\000\000000\000\000\000\000\000127.0.0.1\000EK250\000localhost.localdomain\000localhost\000\000 <repeats 1668 times>, "000\000\000\000Linux", '\0' <repeats 60 times>, "EK250", '\0' <repeats 60 times>, "2.6.19.2-EK20100211", '\0' <repeats 46 times>, "#1 PREEMPT Thu Feb 11 17:42:54"...
herrno = 1
lookup_buf = {h_name = 0xbec4ede9 "EK250", h_aliases = 0xbec4ee10, h_addrtype = 2, h_length = 4, h_addr_list = 0xbec4edd7}
ds = '\0' <repeats 46 times>, "(none)\000\000\000\000\000\000\000\000"
>>>>>>cb_gdb:
> info args
this = (IpAddress * const) 0xbec4f9c8
inaddr = 0xbec4f8c8 "EK250"
>>>>>>cb_gdb:
> whatis herrno
type = int
>>>>>>cb_gdb:
> output herrno
1>>>>>>cb_gdb:
> whatis lookupResult->h_addr_list
type = char **
>>>>>>cb_gdb:
> output lookupResult->h_addr_list
(char **) 0xbec4edd7>>>>>>cb_gdb:
> whatis lookupResult->h_addr_list[0]
type = char *
>>>>>>cb_gdb:
> output lookupResult->h_addr_list[0]
0xbe <Address 0xbe out of bounds>>>>>>>cb_gdb:
> next
Program received signal SIGSEGV, Segmentation fault.
0x4026b84c in ?? ()


Obviously, if I comment

"memcpy((void *) &ipAddr, (void *) lookupResult->h_addr,
                sizeof(in_addr));"

and replace "strcpy(ds, inet_ntoa(ipAddr));"

with "strcpy(ds, "127.0.0.1");"

then I don't get a segmentation fault.




Michele Marcon
Centro Ricerche
RPS SpA
Viale Europa, 7
37045 Legnago (VR)
Tel. +39 0442 635811 - Fax. +39 0442 635934 - Mobile: +39 335 1233317
Skype Id:  - VoIp:
E-mail: M.Marcon at riello-ups.com
Web: http://www.riello-ups.com
 -----------------------------------------------------------------------------------------------------
Per favore non stampare questo messaggio se proprio non è necessario
Please consider the environment before printing this e-mail
-----------------------------------------------------------------------------------------------------
Chi riceve il presente messaggio e` tenuto a verificare se lo stesso non gli sia pervenuto per errore. In tal caso e` pregato di avvisare immediatamente il mittente e, tenuto conto delle responsabilita` connesse all'indebito utilizzo e/o divulgazione del messaggio e/o delle informazioni in esso contenute, voglia cancellare l'originale e distruggere le varie copie o stampe.

The receiver of this message is required to check if he/she has received it erroneously. If so, the receiver is requested to immediately inform the sender and - in consideration of the responsibilities arising from undue use and/or disclosure of the message and/or the information contained therein - destroy the original message and any copy or printout thereof.

-----Messaggio originale-----

Da: agentpp-bounces at agentpp.org [mailto:agentpp-bounces at agentpp.org] Per conto di Jochen Katz
Inviato: lunedì 21 febbraio 2011 21.36
A: agentpp at agentpp.org
Oggetto: Re: [AGENT++] R: R: pure virtual method called

Hi,

> I'm attaching the gdb output for the snmpTraps:
>
> #0  0x00011920 in IpAddress::parse_address (this=0xbeb499c8, inaddr=0xbeb498c8 "EK250") at address.cpp:881

this is the memcpy seen below. If this fails, the h_addr (which is
h_addr_list[0]) must be null. Please try the patch below.

Regards,
  Jochen


--- address.cpp (Revision 1969)
+++ address.cpp (Arbeitskopie)
@@ -853,6 +853,12 @@
 #ifdef SNMP_PP_IPv6
       if (lookupResult->h_length == sizeof(in6_addr))
       {
+        if (!lookupResult->h_addr_list[0])
+        {
+          debugprintf(1, "Error resolving host name");
+          return false;
+        }
+
         in6_addr ipAddr;
         memcpy((void *) &ipAddr, (void *) lookupResult->h_addr,
                sizeof(in6_addr));
@@ -872,8 +878,13 @@
 #endif // SNMP_PP_IPv6
       if (lookupResult->h_length == sizeof(in_addr))
       {
+        if (!lookupResult->h_addr_list[0])
+        {
+          debugprintf(1, "Error resolving host name");
+          return false;
+        }
+
         in_addr ipAddr;
-
         memcpy((void *) &ipAddr, (void *) lookupResult->h_addr,
                sizeof(in_addr));
_______________________________________________
AGENTPP mailing list
AGENTPP at agentpp.org
http://lists.agentpp.org/mailman/listinfo/agentpp

More information about the AGENTPP mailing list