Menu
▾
▴
[Bug #121658] SegFault when using snmpwalk/get
|
From: <no...@so...> - 2000-11-08 17:24:15
|
Bug #121658, was updated on 2000-Nov-05 02:55 Here is a current snapshot of the bug. Project: net-snmp Category: apps Status: Open Resolution: None Bug Group: None Priority: 5 Summary: SegFault when using snmpwalk/get Details: Problem: I am getting a SegFault when I run the following command: snmpwalk -t30 <hostname> <community> enterprises.chipcom.hub.modules.staticSummary.staticSummaryTable.staticSummaryEntry.ssValues It also does this when I run snmpget on the same OID. All of the other MIBs/OIDs work fine, it only segfaults on this one. Background: The platform is IBM RS/6000 AIX 4.3.3. I've compiled it with xlC (IBM's compiler) and gcc. With xlC it's SegFaults a little earlier than when I use gcc. Here's the output I get from dbx (IBM's debugger): Segmentation fault in sprintf at 0xd0181ec4 0xd0181ec4 (sprintf+0x70) 9be40000 stb r31,0x0(r4) (dbx) where sprintf(0x2ff22fe8, 0x200031b4, 0x2, 0x1, 0x1, 0x30, 0x6, 0x2) at 0xd0181ec4 sprint_hexstring(0x2ff22fe8, 0x20558e78, 0x62), line 190 in 'mib.c' sprint_octet_string(0x2ff21968, 0x205584a8, 0x0, 0x0, 0x0), line 345 in 'mib.c' sprint_variable(0x2ff21962, 0x205584c0, 0x11, 0x205584a8), line 1624 in 'mib.c' fprint_variable(0x20303620, 0x30322030, 0x31203034, 0x2030320a), line 1650 in 'mib.c' The device I'm querying is an IBM 8260 hub, that is fully utilized, so this particular MIB produces a large amount of data. Since it always SegFaults at the same point, I believe it has something to do with the size of a variable. I have tried increasing the size of numberous #defined variables such as SNMP_MAXBUF. After recompiling and installing, the problem still persists. The only other idea I haven't tested is that the size_t variable var_len that gets passed to the sprint_* functions may not be big enough, but I haven't tested this theory yet. AIX's defines size_t as unsigned long, so I find it hard to believe that it would be too small. Steve Johnson om...@us... or austin.rr.com Follow-Ups: Date: 2000-Nov-06 07:54 By: hardaker Comment: Can you tell me when exactly this bug pops up? IE, is it when the reply comes back that it is a problem, or is it even before a packet is sent? (Run snmpget with -d to figure this out). Does the problem happen if you specify -On on the command line? My best guess is that its the SPRINT_MAX_LEN variable in snmp_impl.h that needs increasing, not SNMP_MAXBUF. I really doubt, however, you're getting an OID that is larger than 2560 characters. For kicks, could you try with the latest pre-release (4.2.pre1) if you haven't done so yet? ------------------------------------------------------- Date: 2000-Nov-06 13:51 By: Omnix Comment: Yes, the bug pops up when the reply comes back. Yes, it still happens when I specify -On on the command line. I believe this particular device does produce more than 2560 characters. I may have missed that one, so I will try increasing SPRINT_MAX_LEN. I will try 4.2.pre1 later this week and let you know the results. ------------------------------------------------------- Date: 2000-Nov-06 14:39 By: Omnix Comment: Increasing SPRINT_MAX_LEN did not fix the problem or even change the results (ie-it didn't go any further before failing). I also noted while it was compiling several warnings about assigning a unsigned long to and int. Do you think this may be the cause? If some long counter was passed to another func that expected an int and the value was larger than an int will hold, that could segfault. ------------------------------------------------------- Date: 2000-Nov-06 16:32 By: Omnix Comment: The 4.2.pre1 package segfaults also. No change. FYE... The CMU package also segfaulted. The only snmpwalk app that I have no problem with is the one included with IBM's NetView 6000 product. ------------------------------------------------------- Date: 2000-Nov-06 22:04 By: hardaker Comment: Ok... 1) what did you change SPRINT_MAX_LEN to? Hopefully something very very large (10240ish). 2) When you run with -d, how many bytes did the remote agent return. I suspect something very very large? ------------------------------------------------------- Date: 2000-Nov-08 09:27 By: Omnix Comment: I increased it to 4096. The length returned is 2018. If you want, I can send you the output from when I ran the command with the -D all option. Give me an email addr I can send it to. ------------------------------------------------------- For detailed info, follow this link: http://sourceforge.net/bugs/?func=detailbug&bug_id=121658&group_id=12694 |