Re: Crash with SO_REUSEPORT and ef456144da8ef507c8cf504284b6042e9201a05c
From: Marc Dionne
Date: Tue Jan 19 2016 - 12:08:40 EST
On Tue, Jan 19, 2016 at 12:31 PM, Craig Gallek <kraig@xxxxxxxxxx> wrote:
>
> I need to think about how to handle setsockopt-after-bind condition a
> bit more, but the NULL pointer dereference is obviously wrong. Do you
> have a way to easily reproduce this? I've only managed to get it to
> happen once so far...
The attached code reliably triggers the crash for me.
#include <sys/types.h>
#include <sys/socket.h>
#include <unistd.h>
#include <arpa/inet.h>
int
main(int argc, char **argv)
{
struct sockaddr_in addr, addr2;
int len, optval = 1;
int s1, s2;
addr.sin_addr.s_addr = htonl(INADDR_ANY);
addr.sin_family = AF_INET;
addr.sin_port = 0;
s1 = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
s2 = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
bind(s1, (struct sockaddr *)&addr, sizeof(addr));
setsockopt(s1, SOL_SOCKET, SO_REUSEPORT, &optval, sizeof(optval));
setsockopt(s2, SOL_SOCKET, SO_REUSEPORT, &optval, sizeof(optval));
len = sizeof(addr);
getsockname(s1, (struct sockaddr *)&addr, (socklen_t *)&len);
addr2.sin_addr.s_addr = htonl(INADDR_ANY);
addr2.sin_family = AF_INET;
addr2.sin_port = addr.sin_port;
bind(s2, (struct sockaddr *)&addr2, sizeof(addr));
close(s2);
close(s1);
return 0;
}