Re: bin/57476: dhcpd dumps core

[Robert Elz <kre%munnari.OZ.AU@localhost>]

The following reply was made to PR bin/57476; it has been noted by GNATS.

From: Robert Elz <kre%munnari.OZ.AU@localhost>
To: gnats-bugs%netbsd.org@localhost
Cc: 
Subject: Re: bin/57476: dhcpd dumps core
Date: Wed, 21 Jun 2023 02:55:39 +0700

     Date:        Tue, 20 Jun 2023 17:35:01 +0000 (UTC)
     From:        martin%NetBSD.org@localhost
     Message-ID:  <20230620173501.228E21A9242%mollari.NetBSD.org@localhost>
 
 From your debug info it looks as if in this loop:
 
 	for (bptr = hash [hashix]; bptr; bptr = bptr -> cdr) {
 		if (((struct option_cache *)(bptr -> car)) -> option -> code ==
 		    code)
 			return (struct option_cache *)(bptr -> car);
 	}
 
 bptr->car == 0   (NULL).   I can't tell on which iteration,
 
 (in dist/common/options.c: lookup_hashed_option()  .. starts line 2499
 of the current sources)
 
 The following patch checks for that (and for good measure, just in
 case, whether (that)->option == 0 as well) and should avoid that
 SEGV.    Whether the code works properly or not with this in place
 I'm not sure.    The real problem may be in how bptr->car isn't being
 set to something before bptr gets linked into the list.
 
 --- options.c	2022-10-07 09:18:48.195826304 +0700
 +++ options.c.patched	2023-06-21 02:52:25.324112692 +0700
 @@ -2497,8 +2497,10 @@
  
  	hashix = compute_option_hash (code);
  	for (bptr = hash [hashix]; bptr; bptr = bptr -> cdr) {
 -		if (((struct option_cache *)(bptr -> car)) -> option -> code ==
 -		    code)
 +		if (bptr -> car &&
 +		    ((struct option_cache *)(bptr -> car)) -> option &&
 +		    ((struct option_cache *)(bptr -> car)) -> option -> code ==
 +		      code)
  			return (struct option_cache *)(bptr -> car);
  	}
  	return (struct option_cache *)0;