From nobody Fri Jan 10 07:12:57 2025
X-Original-To: bugs@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YTtCZ53ZVz5kwcn
	for <bugs@mlmmj.nyi.freebsd.org>; Fri, 10 Jan 2025 07:12:58 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4YTtCZ1Syzz4sLX
	for <bugs@FreeBSD.org>; Fri, 10 Jan 2025 07:12:58 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1736493178;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=vvuu2r09IIy8eKlI1q+YtTSpPAx7E+E4nJy0Vqs8x9Q=;
	b=sqRErzvRsYIymMTNVm8cEaeCUcMRcwVdoITa27WxJNJ0eL3/nGpjD5Q4y+J9tY8EG/M6JK
	pnMIOZoFb7WpsKsF8Gsl1ag6Roje7lbW6dnvoCI6VoiowZhmMvNZXF1qnNE833V8qx8khz
	FlhfsDRGN6h7SNgLmM6liD9EoXLfKcKbaEtHxghGF4DoiIalJpgf/NadYTJEYyKdTnrT5u
	wKVJZKDZ/dn9nSE0pEmyB5gk1+fkg3qGJAqHsqKjWfiEJZVXZ4FY7MJfnfPs0Y7qAxKuHD
	jghVSDRc9bm2zvMTsm3xge9+aG1HVFCFVmx3rNuoAAaMTG4u+qSAJgS4rPcoXg==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1736493178; a=rsa-sha256; cv=none;
	b=eW8fZFULZlfzz5TdWjA2bcSH2RjrLT51AdxGwdjF3l+PmFd9U1AOVACbViL4hGBN+kBMXC
	tA0Ck8fASF0+BR2JdbNs+M/ah6mqmQ86yxMj2ETXfzhNZTxzaCM9I/V4NrwOVKFNcXPrGZ
	VRMKNxGVfu+GnGu4yIbqPcoU+T3q6i9FQ+HyAEA3qkIuIMplRXc7Gs8cUo9ptH1ntZTq1Y
	fsaZQFWTMcOfujMseqa0wZWLknsmwspIlPhCWpk5G133M6jV0D7zjIOPWd6Wks9BsItxOn
	IZHWwEVhfgSoD3d4FEy+wYEoqiMumM4JF89/tdsz4kpwLG8c3F9oUIQ67Y7Y3g==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YTtCZ14rYz12G3
	for <bugs@FreeBSD.org>; Fri, 10 Jan 2025 07:12:58 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org ([127.0.1.5])
	by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 50A7Cw2U098949
	for <bugs@FreeBSD.org>; Fri, 10 Jan 2025 07:12:58 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
Received: (from www@localhost)
	by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 50A7CwZk098948
	for bugs@FreeBSD.org; Fri, 10 Jan 2025 07:12:58 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f
From: bugzilla-noreply@freebsd.org
To: bugs@FreeBSD.org
Subject: [Bug 283970] [PATCH] netpfil/ipfw: Fix wrong indent number to dump
 ctl3_handlers
Date: Fri, 10 Jan 2025 07:12:57 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: Unspecified
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: nakayamakenjiro@gmail.com
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 op_sys bug_status bug_severity priority component assigned_to reporter
 attachments.created
Message-ID: <bug-283970-227@https.bugs.freebsd.org/bugzilla/>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="UTF-8"
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-bugs
List-Help: <mailto:freebsd-bugs+help@freebsd.org>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Subscribe: <mailto:freebsd-bugs+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-bugs+unsubscribe@freebsd.org>
Sender: owner-freebsd-bugs@FreeBSD.org
MIME-Version: 1.0

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D283970

            Bug ID: 283970
           Summary: [PATCH] netpfil/ipfw: Fix wrong indent number to dump
                    ctl3_handlers
           Product: Base System
           Version: Unspecified
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: nakayamakenjiro@gmail.com

Created attachment 256593
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D256593&action=
=3Dedit
ip_fw_sockopt.patch

ctl3_handlers

dump_soptcodes() accesses to ctl3_handlers with a wrong indent:


```
        for (n =3D 1; n <=3D count; n++) {
                ... omit ...
                sh =3D &ctl3_handlers[n];  # when "n =3D=3D count" out of b=
ounds.
```

Here is the observation on FreeBSD 14.0 with kgdb:

---
1. proceed steps in dump_soptcodes() by the problem code.

```
(kgdb) frame
#0 dump_soptcodes (chain=3D<optimized out>, op3=3D<optimized out>,
sd=3D0xfffffe007325eb58) at /usr/src/sys/netpfil/ipfw/ip_fw_sockopt.c:3137 =
3137
for (n =3D 1; n <=3D count; n++){code}
```

2. print the value in "count", which is 29.

```
(kgdb) print count
$24 =3D 29
```

3. From ctl3_handlers[0] to ctl3_handlers[28] contains values but
ctl3_handlers[29] is empty.

```
(kgdb) print ctl3_handlers[0]@30
$26 =3D {{opcode =3D 86, version =3D 0 '\000', dir =3D 3 '\003', handler =3D
0xffffffff82e3a010 <manage_table_ent_v0>, refcnt =3D 0}, {opcode =3D 86, ve=
rsion =3D
1 '\001',
    dir =3D 3 '\003', handler =3D 0xffffffff82e3a120 <manage_table_ent_v1>,=
 refcnt
=3D 0}, {opcode =3D 87, version =3D 0 '\000', dir =3D 3 '\003',
    handler =3D 0xffffffff82e3a010 <manage_table_ent_v0>, refcnt =3D 0}, {o=
pcode =3D
87, version =3D 1 '\001', dir =3D 3 '\003', handler =3D 0xffffffff82e3a120
<manage_table_ent_v1>,
    refcnt =3D 0}, {opcode =3D 88, version =3D 0 '\000', dir =3D 2 '\002', =
handler =3D
0xffffffff82e3ac10 <get_table_size>, refcnt =3D 0}, {opcode =3D 89, version=
 =3D 0
'\000',
    dir =3D 2 '\002', handler =3D 0xffffffff82e39c80 <dump_table_v0>, refcn=
t =3D 0},
{opcode =3D 89, version =3D 1 '\001', dir =3D 2 '\002',
    handler =3D 0xffffffff82e39e80 <dump_table_v1>, refcnt =3D 0}, {opcode =
=3D 90,
version =3D 0 '\000', dir =3D 1 '\001', handler =3D 0xffffffff82e395a0
<flush_table_v0>,
    refcnt =3D 0}, {opcode =3D 92, version =3D 0 '\000', dir =3D 2 '\002', =
handler =3D
0xffffffff82e39bb0 <list_tables>, refcnt =3D 0}, {opcode =3D 93, version =
=3D 0
'\000',
    dir =3D 2 '\002', handler =3D 0xffffffff82e39ac0 <describe_table>, refc=
nt =3D 0},
{opcode =3D 94, version =3D 0 '\000', dir =3D 1 '\001',
    handler =3D 0xffffffff82e395a0 <flush_table_v0>, refcnt =3D 0}, {opcode=
 =3D 95,
version =3D 0 '\000', dir =3D 1 '\001', handler =3D 0xffffffff82e39430
<create_table>,
    refcnt =3D 0}, {opcode =3D 96, version =3D 0 '\000', dir =3D 3 '\003', =
handler =3D
0xffffffff82e398a0 <modify_table>, refcnt =3D 0}, {opcode =3D 97, version =
=3D 0
'\000',
    dir =3D 2 '\002', handler =3D 0xffffffff82e31730 <dump_config>, refcnt =
=3D 0},
{opcode =3D 98, version =3D 0 '\000', dir =3D 3 '\003', handler =3D 0xfffff=
fff82e320a0
<add_rules>,
    refcnt =3D 0}, {opcode =3D 99, version =3D 0 '\000', dir =3D 3 '\003', =
handler =3D
0xffffffff82e32640 <del_rules>, refcnt =3D 0}, {opcode =3D 100, version =3D=
 0 '\000',
    dir =3D 1 '\001', handler =3D 0xffffffff82e32af0 <move_rules>, refcnt =
=3D 0},
{opcode =3D 101, version =3D 0 '\000', dir =3D 1 '\001', handler =3D 0xffff=
ffff82e327a0
<clear_rules>,
    refcnt =3D 0}, {opcode =3D 102, version =3D 0 '\000', dir =3D 1 '\001',=
 handler =3D
0xffffffff82e327a0 <clear_rules>, refcnt =3D 0}, {opcode =3D 103, version =
=3D 0
'\000',
    dir =3D 1 '\001', handler =3D 0xffffffff82e32c30 <manage_sets>, refcnt =
=3D 0},
{opcode =3D 104, version =3D 0 '\000', dir =3D 1 '\001',
    handler =3D 0xffffffff82e32c30 <manage_sets>, refcnt =3D 0}, {opcode =
=3D 105,
version =3D 0 '\000', dir =3D 1 '\001', handler =3D 0xffffffff82e32c30 <man=
age_sets>,
refcnt =3D 0}, {
    opcode =3D 106, version =3D 0 '\000', dir =3D 2 '\002', handler =3D
0xffffffff82e3a3b0 <find_table_entry>, refcnt =3D 0}, {opcode =3D 107, vers=
ion =3D 0
'\000', dir =3D 2 '\002',
    handler =3D 0xffffffff82e3fbd0 <list_ifaces>, refcnt =3D 0}, {opcode =
=3D 108,
version =3D 0 '\000', dir =3D 2 '\002', handler =3D 0xffffffff82e3aaf0
<list_table_algo>,
    refcnt =3D 0}, {opcode =3D 109, version =3D 0 '\000', dir =3D 1 '\001',=
 handler =3D
0xffffffff82e3a510 <swap_table>, refcnt =3D 0}, {opcode =3D 110, version =
=3D 0
'\000',
    dir =3D 2 '\002', handler =3D 0xffffffff82e40f10 <list_table_values>, r=
efcnt =3D
0}, {opcode =3D 116, version =3D 0 '\000', dir =3D 2 '\002',
    handler =3D 0xffffffff82e32e80 <dump_soptcodes>, refcnt =3D 1}, {opcode=
 =3D 117,
version =3D 0 '\000', dir =3D 2 '\002', handler =3D 0xffffffff82e330a0
<dump_srvobjects>,
    refcnt =3D 0}, {opcode =3D 0, version =3D 0 '\000', dir =3D 0 '\000', h=
andler =3D
0x0, refcnt =3D 0}}

(kgdb) print ctl3_handlers[0]
$28 =3D {opcode =3D 86, version =3D 0 '\000', dir =3D 3 '\003', handler =3D
0xffffffff82e3a010 <manage_table_ent_v0>, refcnt =3D 0}

(kgdb) print ctl3_handlers[28]
$29 =3D {opcode =3D 117, version =3D 0 '\000', dir =3D 2 '\002', handler =3D
0xffffffff82e330a0 <dump_srvobjects>, refcnt =3D 0}

(kgdb) print ctl3_handlers[29]
$30 =3D {opcode =3D 0, version =3D 0 '\000', dir =3D 0 '\000', handler =3D =
0x0, refcnt =3D
0}
```

---

--=20
You are receiving this mail because:
You are the assignee for the bug.=