nfqueue-rs icon indicating copy to clipboard operation
nfqueue-rs copied to clipboard
verified publisher icon chifflier

Fix segfault

Open serpilliere opened this issue 1 year ago • 1 comments

Hi! This PR fixes #15

The problem is that nfq_get_payload takes a pointer of pointer in parameters in order to return a pointer of the received packet. The original code uses &*mut libc::c_void to describe this. This is not correct as the value of the pointer will be modified by nfq_get_payload. The correct declaration may be &mut *mut libc::c_void.

This code crashed in release mode due to the optimization made:

  • the pointer initialization is null
  • a reference on this pointer is given to nfq_get_payload, but as it's given as &, it notes that the pointer value cannot be changed.
  • when creating the slice from the pointer value, the optimization creates it using on a null pointer
  • (this can be seen if you disassemble the binary)

serpilliere avatar Dec 13 '24 07:12 serpilliere

Super interesting bug! Thanks for the investigation and fix

ckcr4lyf avatar Feb 26 '25 17:02 ckcr4lyf