Hi folks,
Every once in a while, I do some fuzz testing on a Solaris/SPARC system.
When I first did it I was primarily worried about getting bus errors
(due to casts increasing alignment requirements), but usually what I
find is another case of what I fixed in r37181. (Fortunately, I have
not gotten bus errors.)
The backtrace for that one was:
#0 0xfc4b2150 in strlen () from /usr/lib/libc.so.1
#1 0xfc51d704 in _ndoprnt () from /usr/lib/libc.so.1
#2 0xfc51fe24 in vsnprintf () from /usr/lib/libc.so.1
#3 0xfd19c07c in proto_tree_set_representation_value (pi=0xff850be8, format=0xfe6d2c48 "(%s) Type %u: Value (hex bytes): %s",
ap=0xffbfdb50) at /Wireshark/source/epan/proto.c:3651
#4 0xfd190184 in proto_tree_add_bytes_format_value (tree=0xff850ba0, hfindex=48268, tvb=0x507e84, start=210, length=4, start_ptr=0x0,
format=0xfe6d2c48 "(%s) Type %u: Value (hex bytes): %s") at /Wireshark/source/epan/proto.c:1908
#5 0xfd8ab260 in dissect_v9_v10_pdu_data (tvb=0x507e84, pinfo=0xffbff1c8, pdutree=0xff850ba0, offset=210, tplt=0xff461a10,
hdrinfo=0xffbfdee0, fields_type=TF_ENTRIES) at /Wireshark/source/epan/dissectors/packet-netflow.c:4791
The basic problem is that Solaris' strlen() seg-faults if given a NULL
pointer whereas a lot of other implementations just return 0.
Unfortunately glib does not appear to provide a safe alternative.
To avoid me being the only one doing this test, I have half-seriously
contemplated:
1) building a version of strlen() which seg-faults when given a NULL pointer
2) building it into a shared library
3) using LD_PRELOAD to use this library when fuzz testing (at least on
systems that support LD_PRELOAD)
Is there a better way? Or better yet, a proper solution?
Regards,
-Jeff