Re: memset bugs.
On Tue, Aug 14, 2007 at 03:49:50PM -0400, Dave Jones wrote: > I'm unfamiliar with how patch submission works in FreeBSD, > but hopefully someone can eyeball this for correctness > and get it committed, or forward it on to the right people. The way to make sure your patch doesn't just get lost in the mailing list noise is to send a Problem Report (PR). There's no guarantee that it will be handled promptly, however, as we have a large backlog (more people willing to report bugs than to do some of the dirty work :-/ Many of the developers are already stretched thin.) The documentation is available at http://www.freebsd.org/doc/en_US.ISO8859-1/articles/problem-reports/. If anything is unclear, you can email [EMAIL PROTECTED] and we'll try to clarify things. mcl ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: memset bugs.
Thanks for the pointer... Julian and Sam also sent this to me on the SCTP side. The local CVS repository on lakerest.net now has this fix in it.. and others... I have added this to the queue to go in to patchset 15.. (I am still waiting on re for patchset 14). R Dag-Erling Smørgrav wrote: Dave Jones <[EMAIL PROTECTED]> writes: A grep I crafted to pick up on some common bugs happened upon a copy of the FreeBSD CVS tree that I happened to have handy and found the bugs below where the 2nd & 3rd arguments to memset calls have been swapped. [...] --- src/sys/netinet/sctp_output.c~ 2007-08-14 15:44:11.0 -0400 +++ src/sys/netinet/sctp_output.c 2007-08-14 15:44:27.0 -0400 @@ -6331,7 +6331,7 @@ out_gu: rcv_flags |= SCTP_DATA_UNORDERED; } /* clear out the chunk before setting up */ - memset(chk, sizeof(*chk), 0); + memset(chk, 0, sizeof(*chk)); chk->rec.data.rcv_flags = rcv_flags; if (SCTP_BUF_IS_EXTENDED(sp->data)) { chk->copy_by_ref = 1; Pointy hat to [EMAIL PROTECTED] --- src/usr.sbin/nscd/agents/services.c~2007-08-14 15:44:33.0 -0400 +++ src/usr.sbin/nscd/agents/services.c 2007-08-14 15:44:41.0 -0400 @@ -171,7 +171,7 @@ services_lookup_func(const char *key, si if (size > 0) { proto = (char *)malloc(size + 1); assert(proto != NULL); - memset(proto, size + 1, 0); + memset(proto, 0, size + 1); memcpy(proto, key + sizeof(enum nss_lookup_type) + sizeof(int), size); } --- src/usr.sbin/cached/agents/services.c~ 2007-08-14 15:44:45.0 -0400 +++ src/usr.sbin/cached/agents/services.c 2007-08-14 15:44:52.0 -0400 @@ -171,7 +171,7 @@ services_lookup_func(const char *key, si if (size > 0) { proto = (char *)malloc(size + 1); assert(proto != NULL); - memset(proto, size + 1, 0); + memset(proto, 0, size + 1); memcpy(proto, key + sizeof(enum nss_lookup_type) + sizeof(int), size); } These two are actually the same file - cached is in the process of being renamed to nscd. Pointy hat to [EMAIL PROTECTED] --- src/contrib/gdb/gdb/std-regs.c~ 2007-08-14 15:44:56.0 -0400 +++ src/contrib/gdb/gdb/std-regs.c 2007-08-14 15:45:22.0 -0400 @@ -61,7 +61,7 @@ value_of_builtin_frame_reg (struct frame val = allocate_value (builtin_type_frame_reg); VALUE_LVAL (val) = not_lval; buf = VALUE_CONTENTS_RAW (val); - memset (buf, TYPE_LENGTH (VALUE_TYPE (val)), 0); + memset (buf, 0, TYPE_LENGTH (VALUE_TYPE (val))); /* frame.base. */ if (frame != NULL) ADDRESS_TO_POINTER (builtin_type_void_data_ptr, buf, @@ -87,7 +87,7 @@ value_of_builtin_frame_fp_reg (struct fr struct value *val = allocate_value (builtin_type_void_data_ptr); char *buf = VALUE_CONTENTS_RAW (val); if (frame == NULL) - memset (buf, TYPE_LENGTH (VALUE_TYPE (val)), 0); + memset (buf, 0, TYPE_LENGTH (VALUE_TYPE (val))); else ADDRESS_TO_POINTER (builtin_type_void_data_ptr, buf, get_frame_base_address (frame)); @@ -105,7 +105,7 @@ value_of_builtin_frame_pc_reg (struct fr struct value *val = allocate_value (builtin_type_void_data_ptr); char *buf = VALUE_CONTENTS_RAW (val); if (frame == NULL) - memset (buf, TYPE_LENGTH (VALUE_TYPE (val)), 0); + memset (buf, 0, TYPE_LENGTH (VALUE_TYPE (val))); else ADDRESS_TO_POINTER (builtin_type_void_data_ptr, buf, get_frame_pc (frame)); --- src/contrib/gdb/gdb/remote.c~ 2007-08-14 15:45:25.0 -0400 +++ src/contrib/gdb/gdb/remote.c2007-08-14 15:45:37.0 -0400 @@ -3463,7 +3463,7 @@ remote_store_registers (int regnum) { int i; regs = alloca (rs->sizeof_g_packet); -memset (regs, rs->sizeof_g_packet, 0); +memset (regs, 0, rs->sizeof_g_packet); for (i = 0; i < NUM_REGS + NUM_PSEUDO_REGS; i++) { struct packet_reg *r = &rs->regs[i]; These should go upstream to the gdb maintainers ([EMAIL PROTECTED]). DES -- Randall Stewart NSSTG - Cisco Systems Inc. 803-345-0369 803-317-4952 (cell) ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: memset bugs.
Dave Jones <[EMAIL PROTECTED]> writes: > A grep I crafted to pick up on some common bugs happened upon > a copy of the FreeBSD CVS tree that I happened to have handy > and found the bugs below where the 2nd & 3rd arguments to > memset calls have been swapped. > [...] > --- src/sys/netinet/sctp_output.c~2007-08-14 15:44:11.0 -0400 > +++ src/sys/netinet/sctp_output.c 2007-08-14 15:44:27.0 -0400 > @@ -6331,7 +6331,7 @@ out_gu: > rcv_flags |= SCTP_DATA_UNORDERED; > } > /* clear out the chunk before setting up */ > - memset(chk, sizeof(*chk), 0); > + memset(chk, 0, sizeof(*chk)); > chk->rec.data.rcv_flags = rcv_flags; > if (SCTP_BUF_IS_EXTENDED(sp->data)) { > chk->copy_by_ref = 1; Pointy hat to [EMAIL PROTECTED] > --- src/usr.sbin/nscd/agents/services.c~ 2007-08-14 15:44:33.0 > -0400 > +++ src/usr.sbin/nscd/agents/services.c 2007-08-14 15:44:41.0 > -0400 > @@ -171,7 +171,7 @@ services_lookup_func(const char *key, si > if (size > 0) { > proto = (char *)malloc(size + 1); > assert(proto != NULL); > - memset(proto, size + 1, 0); > + memset(proto, 0, size + 1); > memcpy(proto, key + sizeof(enum nss_lookup_type) + > sizeof(int), size); > } > --- src/usr.sbin/cached/agents/services.c~2007-08-14 15:44:45.0 > -0400 > +++ src/usr.sbin/cached/agents/services.c 2007-08-14 15:44:52.0 > -0400 > @@ -171,7 +171,7 @@ services_lookup_func(const char *key, si > if (size > 0) { > proto = (char *)malloc(size + 1); > assert(proto != NULL); > - memset(proto, size + 1, 0); > + memset(proto, 0, size + 1); > memcpy(proto, key + sizeof(enum nss_lookup_type) + > sizeof(int), size); > } These two are actually the same file - cached is in the process of being renamed to nscd. Pointy hat to [EMAIL PROTECTED] > --- src/contrib/gdb/gdb/std-regs.c~ 2007-08-14 15:44:56.0 -0400 > +++ src/contrib/gdb/gdb/std-regs.c2007-08-14 15:45:22.0 -0400 > @@ -61,7 +61,7 @@ value_of_builtin_frame_reg (struct frame >val = allocate_value (builtin_type_frame_reg); >VALUE_LVAL (val) = not_lval; >buf = VALUE_CONTENTS_RAW (val); > - memset (buf, TYPE_LENGTH (VALUE_TYPE (val)), 0); > + memset (buf, 0, TYPE_LENGTH (VALUE_TYPE (val))); >/* frame.base. */ >if (frame != NULL) > ADDRESS_TO_POINTER (builtin_type_void_data_ptr, buf, > @@ -87,7 +87,7 @@ value_of_builtin_frame_fp_reg (struct fr >struct value *val = allocate_value (builtin_type_void_data_ptr); >char *buf = VALUE_CONTENTS_RAW (val); >if (frame == NULL) > - memset (buf, TYPE_LENGTH (VALUE_TYPE (val)), 0); > + memset (buf, 0, TYPE_LENGTH (VALUE_TYPE (val))); >else > ADDRESS_TO_POINTER (builtin_type_void_data_ptr, buf, > get_frame_base_address (frame)); > @@ -105,7 +105,7 @@ value_of_builtin_frame_pc_reg (struct fr >struct value *val = allocate_value (builtin_type_void_data_ptr); >char *buf = VALUE_CONTENTS_RAW (val); >if (frame == NULL) > - memset (buf, TYPE_LENGTH (VALUE_TYPE (val)), 0); > + memset (buf, 0, TYPE_LENGTH (VALUE_TYPE (val))); >else > ADDRESS_TO_POINTER (builtin_type_void_data_ptr, buf, > get_frame_pc (frame)); > --- src/contrib/gdb/gdb/remote.c~ 2007-08-14 15:45:25.0 -0400 > +++ src/contrib/gdb/gdb/remote.c 2007-08-14 15:45:37.0 -0400 > @@ -3463,7 +3463,7 @@ remote_store_registers (int regnum) >{ > int i; > regs = alloca (rs->sizeof_g_packet); > -memset (regs, rs->sizeof_g_packet, 0); > +memset (regs, 0, rs->sizeof_g_packet); > for (i = 0; i < NUM_REGS + NUM_PSEUDO_REGS; i++) >{ > struct packet_reg *r = &rs->regs[i]; These should go upstream to the gdb maintainers ([EMAIL PROTECTED]). DES -- Dag-Erling Smørgrav - [EMAIL PROTECTED] ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
memset bugs.
A grep I crafted to pick up on some common bugs happened upon a copy of the FreeBSD CVS tree that I happened to have handy and found the bugs below where the 2nd & 3rd arguments to memset calls have been swapped. I'm unfamiliar with how patch submission works in FreeBSD, but hopefully someone can eyeball this for correctness and get it committed, or forward it on to the right people. Thanks, Dave --- src/sys/netinet/sctp_output.c~ 2007-08-14 15:44:11.0 -0400 +++ src/sys/netinet/sctp_output.c 2007-08-14 15:44:27.0 -0400 @@ -6331,7 +6331,7 @@ out_gu: rcv_flags |= SCTP_DATA_UNORDERED; } /* clear out the chunk before setting up */ - memset(chk, sizeof(*chk), 0); + memset(chk, 0, sizeof(*chk)); chk->rec.data.rcv_flags = rcv_flags; if (SCTP_BUF_IS_EXTENDED(sp->data)) { chk->copy_by_ref = 1; --- src/usr.sbin/nscd/agents/services.c~2007-08-14 15:44:33.0 -0400 +++ src/usr.sbin/nscd/agents/services.c 2007-08-14 15:44:41.0 -0400 @@ -171,7 +171,7 @@ services_lookup_func(const char *key, si if (size > 0) { proto = (char *)malloc(size + 1); assert(proto != NULL); - memset(proto, size + 1, 0); + memset(proto, 0, size + 1); memcpy(proto, key + sizeof(enum nss_lookup_type) + sizeof(int), size); } --- src/usr.sbin/cached/agents/services.c~ 2007-08-14 15:44:45.0 -0400 +++ src/usr.sbin/cached/agents/services.c 2007-08-14 15:44:52.0 -0400 @@ -171,7 +171,7 @@ services_lookup_func(const char *key, si if (size > 0) { proto = (char *)malloc(size + 1); assert(proto != NULL); - memset(proto, size + 1, 0); + memset(proto, 0, size + 1); memcpy(proto, key + sizeof(enum nss_lookup_type) + sizeof(int), size); } --- src/contrib/gdb/gdb/std-regs.c~ 2007-08-14 15:44:56.0 -0400 +++ src/contrib/gdb/gdb/std-regs.c 2007-08-14 15:45:22.0 -0400 @@ -61,7 +61,7 @@ value_of_builtin_frame_reg (struct frame val = allocate_value (builtin_type_frame_reg); VALUE_LVAL (val) = not_lval; buf = VALUE_CONTENTS_RAW (val); - memset (buf, TYPE_LENGTH (VALUE_TYPE (val)), 0); + memset (buf, 0, TYPE_LENGTH (VALUE_TYPE (val))); /* frame.base. */ if (frame != NULL) ADDRESS_TO_POINTER (builtin_type_void_data_ptr, buf, @@ -87,7 +87,7 @@ value_of_builtin_frame_fp_reg (struct fr struct value *val = allocate_value (builtin_type_void_data_ptr); char *buf = VALUE_CONTENTS_RAW (val); if (frame == NULL) - memset (buf, TYPE_LENGTH (VALUE_TYPE (val)), 0); + memset (buf, 0, TYPE_LENGTH (VALUE_TYPE (val))); else ADDRESS_TO_POINTER (builtin_type_void_data_ptr, buf, get_frame_base_address (frame)); @@ -105,7 +105,7 @@ value_of_builtin_frame_pc_reg (struct fr struct value *val = allocate_value (builtin_type_void_data_ptr); char *buf = VALUE_CONTENTS_RAW (val); if (frame == NULL) - memset (buf, TYPE_LENGTH (VALUE_TYPE (val)), 0); + memset (buf, 0, TYPE_LENGTH (VALUE_TYPE (val))); else ADDRESS_TO_POINTER (builtin_type_void_data_ptr, buf, get_frame_pc (frame)); --- src/contrib/gdb/gdb/remote.c~ 2007-08-14 15:45:25.0 -0400 +++ src/contrib/gdb/gdb/remote.c2007-08-14 15:45:37.0 -0400 @@ -3463,7 +3463,7 @@ remote_store_registers (int regnum) { int i; regs = alloca (rs->sizeof_g_packet); -memset (regs, rs->sizeof_g_packet, 0); +memset (regs, 0, rs->sizeof_g_packet); for (i = 0; i < NUM_REGS + NUM_PSEUDO_REGS; i++) { struct packet_reg *r = &rs->regs[i]; -- http://www.codemonkey.org.uk ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"