ltp icon indicating copy to clipboard operation
ltp copied to clipboard
verified publisher icon linux-test-project

recvmmsg01 segfault in Alpine 3.18 container (musl)

Open richiejp opened this issue 2 years ago • 0 comments 

(gdb) set follow-fork-mode child
(gdb) run
Starting program: /opt/ltp/testcases/bin/recvmmsg01
tst_buffers.c:56: TINFO: Test is using guarded buffers
tst_test.c:1684: TINFO: LTP version: 20230516
tst_test.c:1568: TINFO: Timeout per run is 0h 00m 30s
[Attaching after process 15335 fork to child process 15338]
[New inferior 2 (process 15338)]
[Detaching after fork from parent process 15335]
[Inferior 1 (process 15335) detached]
recvmmsg01.c:102: TINFO: Testing variant: vDSO or syscall with libc spec
recvmmsg01.c:92: TPASS: recvmmsg() bad socket file descriptor : EBADF (9)

Thread 2.1 "recvmmsg01" received signal SIGSEGV, Segmentation fault.
[Switching to process 15338]
0x00007ffff7fa1669 in recvmmsg (fd=4, msgvec=0x7ffff7f56000, vlen=1, flags=0, timeout=0x55555558b618 <ts+8>) at src/network/recvmmsg.c:19

It appears that musl accesses the msghdr structs and zero's some padding. It doesn't try to validate the pointer or vlen.

richiejp avatar Sep 26 '23 10:09 richiejp