Re: [dmidecode] Bug: dmidecode -ut4 segfaults

dmidecode-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [dmidecode] Bug: dmidecode -ut4 segfaults

From:	Jean Delvare
Subject:	Re: [dmidecode] Bug: dmidecode -ut4 segfaults
Date:	Tue, 19 Jan 2021 07:31:57 +0100

On Mon, 18 Jan 2021 09:57:51 -0700, Jerry Hoemann wrote:
> On Mon, Jan 18, 2021 at 01:49:37PM +0100, Jean Delvare wrote:
> > On Mon, 18 Jan 2021 01:26:10 -0700, Jerry Hoemann wrote:  
> > > The segfault is coming from dmidecode.c:5239
> > > 
> > >                 display = ((opt.type == NULL || opt.type[h.type])
> > >                         && (opt.handle == ~0U || opt.handle == h.handle)
> > >                         && !((opt.flags & FLAG_QUIET) && (h.type == 126 
> > > || h.type == 127))
> > >                         && !opt.string);
> > > 
> > > (...)
> >
> > I can't really see how this specific line can crash, as the only
> > dereferencing done in that statement, as far as I can see, is
> > opt.type[h.type]. Given that h.type is an 8-bit entity and opt.type is  
> 
> For me, the opt structure was being overwritten with ascii data.
> This made opt.type a non-zero but otherwise invalid pointer.

Oh right, that explains it, thanks.

-- 
Jean Delvare
SUSE L3 Support

[Prev in Thread]

Current Thread

[Next in Thread]

[dmidecode] Bug: dmidecode -ut4 segfaults, Jerry Hoemann, 2021/01/18
- Re: [dmidecode] Bug: dmidecode -ut4 segfaults, Jean Delvare, 2021/01/18
  - Re: [dmidecode] Bug: dmidecode -ut4 segfaults, Jerry Hoemann, 2021/01/18
    - Re: [dmidecode] Bug: dmidecode -ut4 segfaults, Jean Delvare <=

Prev by Date: Re: [dmidecode] Bug: dmidecode -ut4 segfaults
Next by Date: Re: [dmidecode] [PATCH] dmioem: Present HPE type 240 attributes in a nicer way
Previous by thread: Re: [dmidecode] Bug: dmidecode -ut4 segfaults
Next by thread: [dmidecode] [PATCH] dmidecode: Fix crash with option -u
Index(es):
- Date
- Thread