[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [dmidecode] Bug: dmidecode -ut4 segfaults
From: |
Jean Delvare |
Subject: |
Re: [dmidecode] Bug: dmidecode -ut4 segfaults |
Date: |
Tue, 19 Jan 2021 07:31:57 +0100 |
On Mon, 18 Jan 2021 09:57:51 -0700, Jerry Hoemann wrote:
> On Mon, Jan 18, 2021 at 01:49:37PM +0100, Jean Delvare wrote:
> > On Mon, 18 Jan 2021 01:26:10 -0700, Jerry Hoemann wrote:
> > > The segfault is coming from dmidecode.c:5239
> > >
> > > display = ((opt.type == NULL || opt.type[h.type])
> > > && (opt.handle == ~0U || opt.handle == h.handle)
> > > && !((opt.flags & FLAG_QUIET) && (h.type == 126
> > > || h.type == 127))
> > > && !opt.string);
> > >
> > > (...)
> >
> > I can't really see how this specific line can crash, as the only
> > dereferencing done in that statement, as far as I can see, is
> > opt.type[h.type]. Given that h.type is an 8-bit entity and opt.type is
>
> For me, the opt structure was being overwritten with ascii data.
> This made opt.type a non-zero but otherwise invalid pointer.
Oh right, that explains it, thanks.
--
Jean Delvare
SUSE L3 Support