memset bugs.
Randall Stewart
rrs at cisco.com
Tue Aug 14 15:52:11 PDT 2007
Thanks for the pointer...
Julian and Sam also sent this to me on the SCTP side.
The local CVS repository on lakerest.net now has this fix
in it.. and others... I have added this to the queue to
go in to patchset 15.. (I am still waiting on re for patchset 14).
R
Dag-Erling Smørgrav wrote:
> Dave Jones <davej at codemonkey.org.uk> writes:
>
>>A grep I crafted to pick up on some common bugs happened upon
>>a copy of the FreeBSD CVS tree that I happened to have handy
>>and found the bugs below where the 2nd & 3rd arguments to
>>memset calls have been swapped.
>>[...]
>>--- src/sys/netinet/sctp_output.c~ 2007-08-14 15:44:11.000000000 -0400
>>+++ src/sys/netinet/sctp_output.c 2007-08-14 15:44:27.000000000 -0400
>>@@ -6331,7 +6331,7 @@ out_gu:
>> rcv_flags |= SCTP_DATA_UNORDERED;
>> }
>> /* clear out the chunk before setting up */
>>- memset(chk, sizeof(*chk), 0);
>>+ memset(chk, 0, sizeof(*chk));
>> chk->rec.data.rcv_flags = rcv_flags;
>> if (SCTP_BUF_IS_EXTENDED(sp->data)) {
>> chk->copy_by_ref = 1;
>
>
> Pointy hat to rrs at .
>
>
>>--- src/usr.sbin/nscd/agents/services.c~ 2007-08-14 15:44:33.000000000 -0400
>>+++ src/usr.sbin/nscd/agents/services.c 2007-08-14 15:44:41.000000000 -0400
>>@@ -171,7 +171,7 @@ services_lookup_func(const char *key, si
>> if (size > 0) {
>> proto = (char *)malloc(size + 1);
>> assert(proto != NULL);
>>- memset(proto, size + 1, 0);
>>+ memset(proto, 0, size + 1);
>> memcpy(proto, key + sizeof(enum nss_lookup_type) +
>> sizeof(int), size);
>> }
>>--- src/usr.sbin/cached/agents/services.c~ 2007-08-14 15:44:45.000000000 -0400
>>+++ src/usr.sbin/cached/agents/services.c 2007-08-14 15:44:52.000000000 -0400
>>@@ -171,7 +171,7 @@ services_lookup_func(const char *key, si
>> if (size > 0) {
>> proto = (char *)malloc(size + 1);
>> assert(proto != NULL);
>>- memset(proto, size + 1, 0);
>>+ memset(proto, 0, size + 1);
>> memcpy(proto, key + sizeof(enum nss_lookup_type) +
>> sizeof(int), size);
>> }
>
>
> These two are actually the same file - cached is in the process of being
> renamed to nscd. Pointy hat to bushman at .
>
>
>
>>--- src/contrib/gdb/gdb/std-regs.c~ 2007-08-14 15:44:56.000000000 -0400
>>+++ src/contrib/gdb/gdb/std-regs.c 2007-08-14 15:45:22.000000000 -0400
>>@@ -61,7 +61,7 @@ value_of_builtin_frame_reg (struct frame
>> val = allocate_value (builtin_type_frame_reg);
>> VALUE_LVAL (val) = not_lval;
>> buf = VALUE_CONTENTS_RAW (val);
>>- memset (buf, TYPE_LENGTH (VALUE_TYPE (val)), 0);
>>+ memset (buf, 0, TYPE_LENGTH (VALUE_TYPE (val)));
>> /* frame.base. */
>> if (frame != NULL)
>> ADDRESS_TO_POINTER (builtin_type_void_data_ptr, buf,
>>@@ -87,7 +87,7 @@ value_of_builtin_frame_fp_reg (struct fr
>> struct value *val = allocate_value (builtin_type_void_data_ptr);
>> char *buf = VALUE_CONTENTS_RAW (val);
>> if (frame == NULL)
>>- memset (buf, TYPE_LENGTH (VALUE_TYPE (val)), 0);
>>+ memset (buf, 0, TYPE_LENGTH (VALUE_TYPE (val)));
>> else
>> ADDRESS_TO_POINTER (builtin_type_void_data_ptr, buf,
>> get_frame_base_address (frame));
>>@@ -105,7 +105,7 @@ value_of_builtin_frame_pc_reg (struct fr
>> struct value *val = allocate_value (builtin_type_void_data_ptr);
>> char *buf = VALUE_CONTENTS_RAW (val);
>> if (frame == NULL)
>>- memset (buf, TYPE_LENGTH (VALUE_TYPE (val)), 0);
>>+ memset (buf, 0, TYPE_LENGTH (VALUE_TYPE (val)));
>> else
>> ADDRESS_TO_POINTER (builtin_type_void_data_ptr, buf,
>> get_frame_pc (frame));
>>--- src/contrib/gdb/gdb/remote.c~ 2007-08-14 15:45:25.000000000 -0400
>>+++ src/contrib/gdb/gdb/remote.c 2007-08-14 15:45:37.000000000 -0400
>>@@ -3463,7 +3463,7 @@ remote_store_registers (int regnum)
>> {
>> int i;
>> regs = alloca (rs->sizeof_g_packet);
>>- memset (regs, rs->sizeof_g_packet, 0);
>>+ memset (regs, 0, rs->sizeof_g_packet);
>> for (i = 0; i < NUM_REGS + NUM_PSEUDO_REGS; i++)
>> {
>> struct packet_reg *r = &rs->regs[i];
>
>
> These should go upstream to the gdb maintainers (bug-gdb at gnu.org).
>
> DES
--
Randall Stewart
NSSTG - Cisco Systems Inc.
803-345-0369 <or> 803-317-4952 (cell)
More information about the freebsd-hackers
mailing list