Re: memset bugs.

看板FB_hackers作者時間18年前 (2007/08/15 08:49), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串3/4 (看更多)
Thanks for the pointer... Julian and Sam also sent this to me on the SCTP side. The local CVS repository on lakerest.net now has this fix in it.. and others... I have added this to the queue to go in to patchset 15.. (I am still waiting on re for patchset 14). R Dag-Erling Sm鷨grav wrote: > Dave Jones <davej@codemonkey.org.uk> writes: > >>A grep I crafted to pick up on some common bugs happened upon >>a copy of the FreeBSD CVS tree that I happened to have handy >>and found the bugs below where the 2nd & 3rd arguments to >>memset calls have been swapped. >>[...] >>--- src/sys/netinet/sctp_output.c~ 2007-08-14 15:44:11.000000000 -0400 >>+++ src/sys/netinet/sctp_output.c 2007-08-14 15:44:27.000000000 -0400 >>@@ -6331,7 +6331,7 @@ out_gu: >> rcv_flags |= SCTP_DATA_UNORDERED; >> } >> /* clear out the chunk before setting up */ >>- memset(chk, sizeof(*chk), 0); >>+ memset(chk, 0, sizeof(*chk)); >> chk->rec.data.rcv_flags = rcv_flags; >> if (SCTP_BUF_IS_EXTENDED(sp->data)) { >> chk->copy_by_ref = 1; > > > Pointy hat to rrs@. > > >>--- src/usr.sbin/nscd/agents/services.c~ 2007-08-14 15:44:33.000000000 -0400 >>+++ src/usr.sbin/nscd/agents/services.c 2007-08-14 15:44:41.000000000 -0400 >>@@ -171,7 +171,7 @@ services_lookup_func(const char *key, si >> if (size > 0) { >> proto = (char *)malloc(size + 1); >> assert(proto != NULL); >>- memset(proto, size + 1, 0); >>+ memset(proto, 0, size + 1); >> memcpy(proto, key + sizeof(enum nss_lookup_type) + >> sizeof(int), size); >> } >>--- src/usr.sbin/cached/agents/services.c~ 2007-08-14 15:44:45.000000000 -0400 >>+++ src/usr.sbin/cached/agents/services.c 2007-08-14 15:44:52.000000000 -0400 >>@@ -171,7 +171,7 @@ services_lookup_func(const char *key, si >> if (size > 0) { >> proto = (char *)malloc(size + 1); >> assert(proto != NULL); >>- memset(proto, size + 1, 0); >>+ memset(proto, 0, size + 1); >> memcpy(proto, key + sizeof(enum nss_lookup_type) + >> sizeof(int), size); >> } > > > These two are actually the same file - cached is in the process of being > renamed to nscd. Pointy hat to bushman@. > > > >>--- src/contrib/gdb/gdb/std-regs.c~ 2007-08-14 15:44:56.000000000 -0400 >>+++ src/contrib/gdb/gdb/std-regs.c 2007-08-14 15:45:22.000000000 -0400 >>@@ -61,7 +61,7 @@ value_of_builtin_frame_reg (struct frame >> val = allocate_value (builtin_type_frame_reg); >> VALUE_LVAL (val) = not_lval; >> buf = VALUE_CONTENTS_RAW (val); >>- memset (buf, TYPE_LENGTH (VALUE_TYPE (val)), 0); >>+ memset (buf, 0, TYPE_LENGTH (VALUE_TYPE (val))); >> /* frame.base. */ >> if (frame != NULL) >> ADDRESS_TO_POINTER (builtin_type_void_data_ptr, buf, >>@@ -87,7 +87,7 @@ value_of_builtin_frame_fp_reg (struct fr >> struct value *val = allocate_value (builtin_type_void_data_ptr); >> char *buf = VALUE_CONTENTS_RAW (val); >> if (frame == NULL) >>- memset (buf, TYPE_LENGTH (VALUE_TYPE (val)), 0); >>+ memset (buf, 0, TYPE_LENGTH (VALUE_TYPE (val))); >> else >> ADDRESS_TO_POINTER (builtin_type_void_data_ptr, buf, >> get_frame_base_address (frame)); >>@@ -105,7 +105,7 @@ value_of_builtin_frame_pc_reg (struct fr >> struct value *val = allocate_value (builtin_type_void_data_ptr); >> char *buf = VALUE_CONTENTS_RAW (val); >> if (frame == NULL) >>- memset (buf, TYPE_LENGTH (VALUE_TYPE (val)), 0); >>+ memset (buf, 0, TYPE_LENGTH (VALUE_TYPE (val))); >> else >> ADDRESS_TO_POINTER (builtin_type_void_data_ptr, buf, >> get_frame_pc (frame)); >>--- src/contrib/gdb/gdb/remote.c~ 2007-08-14 15:45:25.000000000 -0400 >>+++ src/contrib/gdb/gdb/remote.c 2007-08-14 15:45:37.000000000 -0400 >>@@ -3463,7 +3463,7 @@ remote_store_registers (int regnum) >> { >> int i; >> regs = alloca (rs->sizeof_g_packet); >>- memset (regs, rs->sizeof_g_packet, 0); >>+ memset (regs, 0, rs->sizeof_g_packet); >> for (i = 0; i < NUM_REGS + NUM_PSEUDO_REGS; i++) >> { >> struct packet_reg *r = &rs->regs[i]; > > > These should go upstream to the gdb maintainers (bug-gdb@gnu.org). > > DES -- Randall Stewart NSSTG - Cisco Systems Inc. 803-345-0369 <or> 803-317-4952 (cell) _______________________________________________ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"
更多 rrs. 的文章
文章代碼(AID): #16masf00 (FB_hackers)
更多 rrs. 的文章
文章代碼(AID): #16masf00 (FB_hackers)