[pkg-netfilter-team] Bug#1063690: nftables: Segfault on named set or map definition in second table specification
Woltmann, Nicolas
nwoltman at akamai.com
Fri Mar 1 11:51:03 GMT 2024
We also ran into some variation of this issue using 0.9.8-3.1+deb11u2.
Using the following script `nft -f step1.nft`(it does not matter if map1 has some elements or not):
```step1.nft
table inet filter {
map map1 {
type ifname : verdict
}
}
```
Then if we later want to modify map1 and create another map in the same file, we get the segmentation fault. The minimum needed to trigger the error is the following:
```step2.nft
flush map inet filter map1
table inet filter {
map map2 {
type ifname : verdict
}
}
```
Here is a backtrace:
```
Program received signal SIGSEGV, Segmentation fault.
table_free (table=table at entry=0x55555556c060) at rule.c:1358
(gdb) bt
#0 table_free (table=table at entry=0x55555556c060) at rule.c:1358
#1 0x00007ffff7f29c47 in table_free (table=0x55555556c060) at rule.c:1347
#2 cmd_free (cmd=0x55555556c6d0) at rule.c:1680
#3 0x00007ffff7f5b4c8 in nft_run_cmd_from_filename (nft=0x55555555d2a0, filename=filename at entry=0x7fffffffee10 "test.nft") at libnftables.c:544
#4 0x00005555555569f6 in main (argc=3, argv=0x7fffffffebc8) at main.c:491
```
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-netfilter-team/attachments/20240301/b20fa272/attachment.htm>
More information about the pkg-netfilter-team
mailing list