Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] Program received signal SIGSEGV, Segmentation fault. at optionNextValue in libopts/configfile.c:343 #916

Open
ambrosecm opened this issue Mar 16, 2025 · 0 comments
Open

[Bug] Program received signal SIGSEGV, Segmentation fault. at optionNextValue in libopts/configfile.c:343 #916

ambrosecm opened this issue Mar 16, 2025 · 0 comments

Comments

@ambrosecm
Copy link

Desctiption

When I used the optionNextValue function to handle a specific input, a segmentation fault (SEGV) was triggered at optionNextValue in libopts/configfile.c:343

tcpreplay/libopts/configfile.c

Lines 330 to 343 in 6fcbf03

tOptionValue const *
optionNextValue(tOptionValue const * ov_list,tOptionValue const * oov )
{
tArgList * arg_list;
tOptionValue * res = NULL;
int err = EINVAL;
if ((ov_list == NULL) || (ov_list->valType != OPARG_TYPE_HIERARCHY)) {
errno = EINVAL;
return NULL;
}
arg_list = ov_list->v.nestVal;
{
int ct = arg_list->useCt;

The primary cause is that arg_list points to an inaccessible address, leading to a segmentation fault.

Test Environment

Ubuntu 22.04.1, 64bit
tcpreplay(v4.5.1 master 6fcbf03)
program source file

How to trigger

Download the poc file , program and run the following cmd:

 $ ./optionNextValue ./poc

Detail

GDB report

(gdb) r
Starting program: /data/ambrose/output/tcpreplay_deepseek24/crashes/configfile.c/generate/optionNextValue/optionNextValue output/default/crashes/id:000000,sig:11,src:000000,time:84918,execs:31496,op:havoc,rep:7
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
optionNextValue (ov_list=0x7bfff5f09020, oov=0x7ffff7e660d0) at /home/ambrose/vsproject/TestLib/tcpreplay/libopts/configfile.c:343
343             int     ct    = arg_list->useCt;
(gdb) bt
#0  optionNextValue (ov_list=0x7bfff5f09020, oov=0x7ffff7e660d0)
    at /home/ambrose/vsproject/TestLib/tcpreplay/libopts/configfile.c:343
#1  0x000055555566a2a2 in main (argc=2, argv=0x7fffffffdca8)
    at /data/ambrose/output/tcpreplay_deepseek24/harness/code/configfile.c/generate/optionNextValue.c:72
(gdb) p arg_list->useCt
Cannot access memory at address 0x61610000
(gdb) p *arg_list
Cannot access memory at address 0x61610000
(gdb) p arg_list
$1 = (tArgList *) 0x61610000
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ambrosecm