<div dir="ltr"><div>Hello, quick followup.</div><div><br></div><div>I realized that 2.90 is quite old, and I felt guilty that I might have reported a bug that was fixed a while ago.</div><div><br></div><div>The problem still exists in master. parse_dhcp_opt() still uses opt_string_alloc() for strings; opt_string_alloc() returns NULL for empty strings. So `dhcp-option=tag:!ARISTA,66,` still yields `opt->val == NULL`.</div><div><br></div><div>Hope this is helpful.</div><div><br></div><div> -jeff</div><div><br></div><div>PS: I don't know how people feel about AI coding, but the analysis above is from GPT 5.2 Codex, as driven by the exe.the dev agent harness, which I then checked personally. I gave it the repo URL, and my original bug report, and I asked if the bug was fixed in master.</div><div><br></div></div><br><div class="gmail_quote gmail_quote_container"><div dir="ltr" class="gmail_attr">On Tue, Feb 24, 2026 at 2:30 PM Jeff Allen <<a href="mailto:jeff.allen@exoscale.ch">jeff.allen@exoscale.ch</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div>Hello,</div><div><br></div><div>Today I debugged an unexpected new segfault in dnsmasq that appeared on a pre-production system. I found the culprit: a malformed "dhcp-option" line. It was malformed because of a difference between the systems that generate configs in preprod and prod.</div><div><br></div><div>But that's my bug, and I'll fix it myself. However, I thought you'd like to know about the possibility of getting segfaults in dnsmasq anyway.</div><div><br></div><div>It comes, in dnsmasq 2.90, from rfc2131.c line 2493:</div><div><br></div><div>2490 if ((!req_options || !in_list(req_options, OPTION_SNAME)) &&<br>2491 (opt = option_find2(OPTION_SNAME)) && !(opt->flags & DHOPT_FORCE))<br>2492 {<br>2493 safe_strncpy((char *)mess->sname, (char *)opt->val, sizeof(mess->sname));<br>2494 done_server = 1;<br>2495 }<br></div><div><br></div><div>If opt->val is NULL, then safe_strcpy will cause a segfault.</div><div><br></div><div>Opt-val was NULL in my case because of this line in my config file:</div><div><br></div><div> dhcp-option=tag:!ARISTA,66,</div><div><br></div><div>The tag ARISTA was not set, so this option was used. If there's something after the comma, the crash goes away.</div><div><br></div><div>Have a nice day,</div><div> -jeff</div><div><br></div></div>
</blockquote></div>