On Wed, 31 Oct 2001, David Douthitt wrote: [...]
> Breakpoint 1, send_ping (s=5, h=0x804ac58) at gatping.c:161 > 161 buffer = ( char * ) malloc ( ( size_t ) ping_pkt_size ) > ; > (gdb) n > 162 memset ( buffer, 0, ping_pkt_size * sizeof ( char ) ) > ; > (gdb) p buffer > $1 = 0x804a398 "P\235\020@P\235\020@\020" > (gdb) n > 166 icp->icmp_type = ICMP_ECHO ; This trace doesn't seem to show the whole story. From the Scott's code: 157 buffer = ( char * ) malloc ( ( size_t ) ping_pkt_size ) ; 158 memset ( buffer, 0, ping_pkt_size * sizeof ( char ) ) ; 159 icp = ( struct icmp * ) buffer ; To my way of thinking, this code shows poor programming practice. It should look something like: 157 icp = ( struct icmp * ) calloc ( 1 , ( size_t ) ( sizeof( struct icmp ) + sizeof( PING_DATA ) ) ); The ping_pkt_size value is initialized in main, using an uninitialized value for ping_data_size. The buffer size of 8 is too small, and the icp (well, pdp) initialization code is overwriting memory beyond the buffer. Yecch. This was released? --------------------------------------------------------------------------- Jeff Newmiller The ..... ..... Go Live... DCN:<[EMAIL PROTECTED]> Basics: ##.#. ##.#. Live Go... Live: OO#.. Dead: OO#.. Playing Research Engineer (Solar/Batteries O.O#. #.O#. with /Software/Embedded Controllers) .OO#. .OO#. rocks...2k --------------------------------------------------------------------------- _______________________________________________ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel