Bug ID 1106809
Summary Wicked receives SIGSEGV after system reboot (/usr/sbin/wicked --systemd ifup all).
Classification openSUSE
Product openSUSE Distribution
Version Leap 42.3
Hardware x86-64
OS Linux
Status NEW
Severity Normal
Priority P5 - None
Component Basesystem
Assignee bnc-team-screening@forge.provo.novell.com
Reporter jacob.long@unisys.com
QA Contact qa-bugs@suse.de
Found By ---
Blocker --- 

Created attachment 781600 [details]
This zip contains a full backtrace.txt and structures.txt showing values at
time of core dump.

Running the following package levels: 
libwicked-0-6-0.6.40-37.2.x86_64.rpm
libwicked-0-6-debuginfo-0.6.40-37.2.x86_64.rpm
wicked-0.6.40-37.2.x86_64.rpm
wicked-debuginfo-0.6.40-37.2.x86_64.rpm
wicked-debugsource-0.6.40-37.2.x86_64.rpm
wicked-service-0.6.40-37.2.x86_64.rpm

Wicked segfaults and dumps core on system reboot when running ifup command,
e.g.:  
ExecStart=/usr/sbin/wicked/ --systemd ifup all 

It seems that ni_fsm_process_find_pending_worker() in src/fsm.c allows index
'i' to overrun the value of 'fsm->workers.count' in the 'fsm->workers.data'
array. 

A full backtrace.txt is attached as well as structures.txt showing the value of
i and the pointers referenced at time of the SIGSEGV. 

   5530 static ni_ifworker_t *
   5531 ni_fsm_process_rename_find_pending_worker(ni_fsm_t *fsm, const
   ni_ifworker_     t *w)
   5532 {
   5533         ni_ifworker_t *c;
   5534         unsigned int i;
   5535
   5536         for (i = 0; fsm->workers.count; ++i) {
   5537                 c = fsm->workers.data[i];
   5538                 if (!c || c == w || c->type != w->type || c->device)
   5539                         continue;
   5540                 if (!c->pending || !ni_string_eq(c->name, w->name))
   5541                         continue;
   5542                 return c;
   5543         }
   5544         return NULL;
   5545 }

You are receiving this mail because: