Fwd: Segmentation Fault: madwifi and hostapd

Chad Meister chadlich at yahoo.com
Tue Jan 31 20:30:08 EST 2006


Hi,

Setting logger_stdout=0 did the trick.  Hostapd no
longer seg faults.  At this point, I must confess that
I'm lost. I'm at a loss, primary, because I don't
understand the hostapd log settings.  Setting the
bitfields of the logger_syslog, etc, based on the the
config setting instructions, just isn't that intuitive
to me.

One thing I noticed is that when I ran hostapd with my
WPA-PSK setup (with the same logger_* settings, I
didn't have any problems with seg faults.  But then,
walking through the code, my WPA-PSK setup doesn't
call hostapd_logger().

What do you think is the source of the problem: glib?,
hostapd?, my config file?  

Chad


--- Jouni Malinen <jkmaline at cc.hut.fi> wrote:

> On Mon, Jan 30, 2006 at 07:24:56PM -0800, Chad
> Meister wrote:
> 
> > I've done some further investigations using gdb.
> > Looking at the valgrind output, I decided to
> > investigate the suspicious conditionals.  One
> example
> > is line 135 in hostap.c:
> > 
> > if ((conf_syslog & module) && level >=
> > conf_syslog_level)
> > 
> > valgrind output suggests that there is an
> unitialized
> > value in this conditional, before it drops into
> > vsyslog() and seg faults.
> 
> Hmm.. I did not notice messages about that line in
> the valgrind output.
> The main warnings were being triggered inside glibc
> in vfprintf (called
> from vsyslog).
> 
> >  After further
> > investigation, I think the uninitialized variable
> is
> > the conf_syslog.  The value of conf_syslog is
> based on
> > the hostapd_config struct's unsigned int
> logger_syslog
> > value - a variable used for bitwise operations.
> The
> > default value of logger_syslog is an (unsigned
> int)
> > -1.
> 
> I don't see how this could be uninitialized.
> 
> > In my setup, this is where I think things go
> wrong. 
> > When hostapd sets logger_syslog value as a
> (unsigned
> > int) -1, the value "4294967295" is assigned. 
> Wrong. 
> 
> This is the expected behavior and that (unsigned
> int) -1 is just a more
> or less standard mechanism for setting a variable to
> a value with all
> bits set to 1.
> 
> > I think this happens with all -1 (unsigned int)
> > assignments on my machine.  When I manually set
> > conf_syslog to 0 back in gdb, hostapd does not
> > segfault and descends into the radius code to
> create
> > the connection.
> 
> The segfault is clearly related to vsyslog call.
> Setting conf_syslog to
> 0 is just skipping that call which avoids the
> problem.
> 
> > So what is going on here?
> 
> I'm not sure. I cannot reproduce the same behavior
> in my tests with
> valgrind on x86. Just in case, I ran a test with
> hostapd on PowerPC;
> though, I'm using different C library, so vsyslog is
> different.
> 
> One possible explanation could be that something is
> going wrong with
> variable argument processing
> (va_start/va_list/va_end). hostapd_logger()
> is passing variable arguments into two functions in
> your configuration
> case. Could you please try what happens if you leave
> logger_syslog=-1,
> but change logger_stdout=0 in the configuration.
> This will make only
> vsyslog() to use the variable arguments.
> 
> -- 
> Jouni Malinen                                       
>     PGP id EFC895FA
> 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 



More information about the HostAP mailing list