In a simple test program that queries the source IP for a given
destination address I get a crash in the call to rtnl_link_alloc_cache.
Here is the stack trace (created with version 3.2.4):
Program received signal SIGSEGV, Segmentation fault.
0xb7eb7553 in strlen () from /lib/libc.so.6
(gdb) bt
#0 0xb7eb7553 in strlen () from /lib/libc.so.6
#1 0xb7eb7285 in strdup () from /lib/libc.so.6
#2 0xb7fcc305 in nla_strdup (nla=0x0) at attr.c:1033
#3 0xb7f9c173 in link_msg_parser (ops=0xb7fc2940, who=0x804b330, n=0x804c3e8, pp=0xbffffbf8) at route/link.c:486
#4 0xb7fcd485 in nl_cache_parse (ops=0xb7fc2940, who=0x804b330, nlh=0x804c3e8, params=0xbffffbf8) at cache.c:724
#5 0xb7fcd547 in update_msg_parser (msg=0x804b328, arg=0xbffffbb8) at cache.c:531
#6 0xb7fd1f25 in nl_cb_call (cb=<optimized out>, msg=<optimized out>, type=<optimized out>) at ../include/netlink-local.h:126
#7 recvmsgs (cb=<optimized out>, sk=<optimized out>) at nl.c:729
#8 nl_recvmsgs (sk=0x804b2d0, cb=0x804b368) at nl.c:780
#9 0xb7fcd5fd in __cache_pickup (sk=0x804b2d0, cache=<optimized out>, param=0xbffffbf8) at cache.c:560
#10 0xb7fcd83f in nl_cache_pickup (sk=0x804b2d0, cache=0x804b308) at cache.c:593
#11 0xb7fcd8c8 in nl_cache_refill (sk=0x804b2d0, cache=0x804b308) at cache.c:780
#12 0xb7f9d1fc in rtnl_link_alloc_cache (sk=0x804b2d0, family=4, result=0xbffffcd4) at route/link.c:868
#13 0x08048fd0 in libnl_init (data=<optimized out>) at helper_route.c:60
#14 iproute_get_source (destination=0xbffffeff "127.0.0.1",
source=0xbffffd0f "\b\004c\370\267\364_\370\267\260\224\004\b8\375\377\277e\024\347\267\320\016\377\267\273\224\004\b\364_\370\267\260\224\004\b", source_size=17)
at helper_route.c:105
#15 0x08048e6a in main (argc=2, argv=0xbffffde4) at ip_route_get.c:25
The attached patch (against 3.2.4) solves the problem, fixing something that
looks like a typo. The bug is still present in current Git master.
4035e5b5e8