On Wed, 31 Oct 2001, David Douthitt wrote:
[...]
> Breakpoint 1, send_ping (s=5, h=0x804ac58) at gatping.c:161
> 161 buffer = ( char * ) malloc ( ( size_t ) ping_pkt_size )
> ;
> (gdb) n
> 162 memset ( buffer, 0, ping_pkt_size * sizeof ( char ) )
> ;
> (gdb) p buffer
> $1 = 0x804a398 "P\235\020@P\235\020@\020"
> (gdb) n
> 166 icp->icmp_type = ICMP_ECHO ;
This trace doesn't seem to show the whole story. From the Scott's code:
157 buffer = ( char * ) malloc ( ( size_t ) ping_pkt_size ) ;
158 memset ( buffer, 0, ping_pkt_size * sizeof ( char ) ) ;
159 icp = ( struct icmp * ) buffer ;
To my way of thinking, this code shows poor programming practice. It
should look something like:
157 icp = ( struct icmp * )
calloc ( 1
, ( size_t ) ( sizeof( struct icmp )
+ sizeof( PING_DATA ) ) );
The ping_pkt_size value is initialized in main, using an uninitialized
value for ping_data_size. The buffer size of 8 is too small, and the icp
(well, pdp) initialization code is overwriting memory beyond the buffer.
Yecch. This was released?
---------------------------------------------------------------------------
Jeff Newmiller The ..... ..... Go Live...
DCN:<[EMAIL PROTECTED]> Basics: ##.#. ##.#. Live Go...
Live: OO#.. Dead: OO#.. Playing
Research Engineer (Solar/Batteries O.O#. #.O#. with
/Software/Embedded Controllers) .OO#. .OO#. rocks...2k
---------------------------------------------------------------------------
_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-devel
