segmentation fault when calling session.get() method

Bug #1541152 reported by pseudonomous on 2016-02-03
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
net-snmp (Ubuntu)
Low
Unassigned

Bug Description

I was hoping to use this python module to get retrieve a single OID from a networked copy machine.

So I fired up ipython and did:

import netsnmp
session = netsnmp.Session(DestHost='my-copy-machine', SecName='supersecret', SecLevel='authPriv', AuthProto='SHA', AuthPass='supersecret', PrivProto='AES', PrivPass='supersecret')
# this produces quite a bit of output, I'll try and include it later.
vars = netsnmp.Varbind('1.3.6.1.2.1.43.10.2.1.4.1.1')
session.get(vars)
Segmentation fault (core dumped)

I've tried this on a VM running 32 bit ubuntu and a laptop running 64 bit ubuntu. (both running 14.04) same results.

Even if I'm misusing the API (which is possible, I've never used the netsnmp python bindings before) I really don't think this should produce a segfault.

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: python-netsnmp 5.7.2~dfsg-8.1ubuntu3.1
ProcVersionSignature: Ubuntu 3.13.0-74.118-generic 3.13.11-ckt30
Uname: Linux 3.13.0-74-generic i686
NonfreeKernelModules: openafs
ApportVersion: 2.14.1-0ubuntu3.19
Architecture: i386
CurrentDesktop: Unity
Date: Tue Feb 2 18:42:29 2016
SourcePackage: net-snmp
UpgradeStatus: No upgrade log present (probably fresh install)

pseudonomous (fdruec1) wrote :
Joshua Powers (powersj) wrote :

It appears that .get takes a list.

On zesty:

root@zesty:~# python
Python 2.7.12+ (default, Nov 22 2016, 00:48:54)
[GCC 6.2.1 20161119] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import netsnmp
>>> session = netsnmp.Session( DestHost='demo.snmplabs.com', Version=2, Community='public' )
>>> vars = netsnmp.Varbind('1.3.6.1.2.1.43.10.2.1.4.1.1')
>>> session.get(vars)
Segmentation fault (core dumped)

That said if I do it this way I avoid the core dump:

>>> vars = netsnmp.VarList( netsnmp.Varbind('1.3.6.1.2.1.43.10.2.1.4.1.1') )
>>> session.get(vars)
>>> error: get: unknown object ID (1.3.6.1.2.1.43.10.2.1.4.1.1)

Which is a lot better :)

Changed in net-snmp (Ubuntu):
status: New → Confirmed
importance: Undecided → Low
Download full text (6.7 KiB)

The error still exists in the latest versions.

Here a bit of extra info:
I rebuilt the crash data and added package info.
$ sudo apport-retrace /var/crash/_usr_bin_python2.7.0.crash --rebuild-package-info --sandbox system

These c libraries into pytohn bindings are annoying to debug.
But I see it clearly crashes in /usr/lib/python2.7/dist-packages/netsnmp/client_intf.x86_64-linux-gnu.so

#0 0x00007f7e03f34120 in ?? () from /usr/lib/python2.7/dist-packages/netsnmp/client_intf.x86_64-linux-gnu.so
No symbol table info available.
#1 0x0000558e7bece43a in PyEval_EvalFrameEx ()
No symbol table info available.
#2 0x0000558e7bed30e2 in PyEval_EvalFrameEx ()
No symbol table info available.
#3 0x0000558e7becb7da in PyEval_EvalCodeEx ()

I'm already sure the implementation is in netsnmp_get of file python/netsnmp/client_intf.c
But I was not able to find a debug info for this lib.
I built the library locally to skip the stripping of debug symbols.
And it already looks better:

#0 netsnmp_get (self=<optimized out>, args=<optimized out>) at netsnmp/client_intf.c:1499
        varlist_iter = 0x0
        session = 0x7ff1e0b19f50
        varlist = 0x7ff1e0a79050
        varbind = <optimized out>
        val_tuple = 0x0
        varlist_len = <optimized out>
        varlist_ind = <optimized out>
        ss = 0x5624d753c6c0
        pdu = 0x5624d753de00
        response = 0x0
        vars = <optimized out>
        tp = <optimized out>
        len = <optimized out>
        oid_arr = 0x5624d753d9f0
        oid_arr_len = 128
        type = <optimized out>
        type_str = "\326\301b\312\326\301b\312\326\301b\312\326\301b\312", '\000' <repeats 15 times>
        str_buf = '\000' <repeats 48 times>, "\a\000@\000\036\000\035\000\344-\245\340\361\177", '\000' <repeats 11 times>, "\200\305\340\361\177\000\000\001\000\000\000\000\000\000\000\217\275\244\340\361\177\000\000\360\204\305\340\361\177\000\000\000\000 \000\000\000\000\000\001\000\000\000\006\000\000\000X\365D\340\361\177\000\000VNr\000\000\000\000\000X\347=\336\361\177\000\000\002", '\000' <repeats 175 times>...
        str_bufp = 0x7ffcf1cdc930 ""
        str_buf_len = 4096
        out_len = 0
        buf_over = 0
        tag = 0x0
        iid = 0x0
        getlabel_flag = 0
        sprintval_flag = 0
        verbose = 1
        old_format = <optimized out>
        best_guess = 0
        retry_nosuch = 0
        err_ind = 1515870810
        err_num = 1515870810
        err_str = "\000\000\000\000\000\000\000\000\350\260\377\324$V\000\000\002", '\000' <repeats 15 times>, "@ޱ\340\361\177", '\000' <repeats 18 times>, "\023\r\003\325$V\000\000\002\000\000\000\000\000\000\000\000\062\271\375\214\272\323?\000\000\000\000\000\000\000\000(ѱ\340\361\177\000\000\377\377\377\377\377\377\377\377\370\377\377\377\377\377\377\377\360\342B\327$V\000\000\360\342B\327$V\000\000\000\000\000\000\000\000\000\000%\322\376\324$V\000\000\020\t\262\340\361\177\000\000\360\t\262\340\361\177\000\000\020\t\262\340\361\177\000\000\360\342B\327$V\000\000\000\000\000\000\000\000\000\000\v\260\377\324$V\000\000@r\377\324$V\000\000\000\000\000\000\000\000\000\000"...
        tmpstr = 0x7ff1e0c1952c ""
        tmplen = 0
#1 0x00005624d...

Read more...

Arr [1] looks depressing, never the less I added one more there.
See [2] for the bug.

[1]: https://sourceforge.net/p/net-snmp/bugs/search/?q=segfault&limit=100
[2]: https://sourceforge.net/p/net-snmp/bugs/2823/

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers