On 5/25/19 6:49 PM, Thomas Lamprecht wrote: > Package: iptables > Version: 1.8.2-4 > Severity: grave > File: /usr/sbin/xtables-nft-multi > Justification: renders package unusable by segfaulting on usage > > Reproducer: > # cat simple-segv-table > *filter > :NEW-OUTPUT - [0:0] > -A OUTPUT -j NEW-OUTPUT > -F NEW-OUTPUT > -A NEW-OUTPUT -j ACCEPT > COMMIT > > # iptables ./simple-segv-table > Segmentation fault > > # dmesg | tail -1 > [12860.813350] traps: iptables-restor[19173] general protection > ip:7f4894682793 sp:7ffcedc177d0 error:0 in > libnftnl.so.11.0.0[7f4894677000+17000] > > # addr2line -e /usr/lib/x86_64-linux-gnu/libnftnl.so.11.0.0 -fCi $(printf > "%x" $[0x7f2cb9882793 - 0x7f2cb9877000]) > nftnl_batch_is_supported > ??:? >
I can reproduce this. I'm already looking for a fix.
