Question about rack implementation for mbuf copy in fast-output

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: jaeyong yoo <y.jaeyong_at_gmail.com>
Date: Sat, 01 Feb 2025 02:25:58 UTC

Hi freebsd guru!

I am testing freeBSD's latest RACK implementation on fstack and having
somewhat strange problem.

I see the buffer overflow happens at line:
https://github.com/freebsd/freebsd-src/blob/main/sys/netinet/tcp_stacks/rack.c#L18262

where it copies the data of mbuf to another mbuf which is created from
m_get (not from mbuf cluster zone). And I'm seeing in my scenario, the
copying length is 1300 bytes which causes overflow as the size of mbuf
being 256 (as not from cluster). I'm trying to understand if in that line
18262 case, there is no possibility of copying length larger than this mbuf
size (256) so I screwed up somewhere prior?

Any help would be appreciated!

Thanks,
Jaeyong