Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx> wrote:
> Hi Sergei,
>
> On 9/16/19 9:33 AM, Sergei Trofimovich wrote:
> > Minimal reproducer:
> >
> > ```
> > $ cat nft.ruleset
> > # filters
> > table inet filter {
> > chain prerouting {
> > type filter hook prerouting priority -50
> > }
> > }
> >
> > # dump new state
> > list ruleset
> >
> > $ nft -c -f ./nft.ruleset
> > table inet filter {
> > chain prerouting {
> > Segmentation fault (core dumped)
> > ```
> >
> > The crash happens in `chain_print_declaration()`:
> >
> > ```
> > if (chain->flags & CHAIN_F_BASECHAIN) {
> > mpz_export_data(&policy, chain->policy->value,
> > BYTEORDER_HOST_ENDIAN, sizeof(int));
> > ```
> >
> > Here `chain->policy` is `NULL` (as textual rule does not mention it).
> >
> > The change is not to print the policy if it's not set
> > (similar to `chain_evaluate()` handling).
>
> Thanks for fixing that. Sorry I missed that we could have a base chain
> without policy.
>
> Acked-by: Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx>
Applied, thanks.
