memset bugs.
A grep I crafted to pick up on some common bugs happened upon
a copy of the FreeBSD CVS tree that I happened to have handy
and found the bugs below where the 2nd 3rd arguments to
memset calls have been swapped.
I'm unfamiliar with how patch submission works in FreeBSD,
but hopefully someone can eyeball this for correctness
and get it committed, or forward it on to the right people.
Thanks,
Dave
--- src/sys/netinet/sctp_output.c~ 2007-08-14 15:44:11.0 -0400
+++ src/sys/netinet/sctp_output.c 2007-08-14 15:44:27.0 -0400
@@ -6331,7 +6331,7 @@ out_gu:
rcv_flags |= SCTP_DATA_UNORDERED;
}
/* clear out the chunk before setting up */
- memset(chk, sizeof(*chk), 0);
+ memset(chk, 0, sizeof(*chk));
chk-rec.data.rcv_flags = rcv_flags;
if (SCTP_BUF_IS_EXTENDED(sp-data)) {
chk-copy_by_ref = 1;
--- src/usr.sbin/nscd/agents/services.c~2007-08-14 15:44:33.0
-0400
+++ src/usr.sbin/nscd/agents/services.c 2007-08-14 15:44:41.0 -0400
@@ -171,7 +171,7 @@ services_lookup_func(const char *key, si
if (size 0) {
proto = (char *)malloc(size + 1);
assert(proto != NULL);
- memset(proto, size + 1, 0);
+ memset(proto, 0, size + 1);
memcpy(proto, key + sizeof(enum nss_lookup_type) +
sizeof(int), size);
}
--- src/usr.sbin/cached/agents/services.c~ 2007-08-14 15:44:45.0
-0400
+++ src/usr.sbin/cached/agents/services.c 2007-08-14 15:44:52.0
-0400
@@ -171,7 +171,7 @@ services_lookup_func(const char *key, si
if (size 0) {
proto = (char *)malloc(size + 1);
assert(proto != NULL);
- memset(proto, size + 1, 0);
+ memset(proto, 0, size + 1);
memcpy(proto, key + sizeof(enum nss_lookup_type) +
sizeof(int), size);
}
--- src/contrib/gdb/gdb/std-regs.c~ 2007-08-14 15:44:56.0 -0400
+++ src/contrib/gdb/gdb/std-regs.c 2007-08-14 15:45:22.0 -0400
@@ -61,7 +61,7 @@ value_of_builtin_frame_reg (struct frame
val = allocate_value (builtin_type_frame_reg);
VALUE_LVAL (val) = not_lval;
buf = VALUE_CONTENTS_RAW (val);
- memset (buf, TYPE_LENGTH (VALUE_TYPE (val)), 0);
+ memset (buf, 0, TYPE_LENGTH (VALUE_TYPE (val)));
/* frame.base. */
if (frame != NULL)
ADDRESS_TO_POINTER (builtin_type_void_data_ptr, buf,
@@ -87,7 +87,7 @@ value_of_builtin_frame_fp_reg (struct fr
struct value *val = allocate_value (builtin_type_void_data_ptr);
char *buf = VALUE_CONTENTS_RAW (val);
if (frame == NULL)
- memset (buf, TYPE_LENGTH (VALUE_TYPE (val)), 0);
+ memset (buf, 0, TYPE_LENGTH (VALUE_TYPE (val)));
else
ADDRESS_TO_POINTER (builtin_type_void_data_ptr, buf,
get_frame_base_address (frame));
@@ -105,7 +105,7 @@ value_of_builtin_frame_pc_reg (struct fr
struct value *val = allocate_value (builtin_type_void_data_ptr);
char *buf = VALUE_CONTENTS_RAW (val);
if (frame == NULL)
- memset (buf, TYPE_LENGTH (VALUE_TYPE (val)), 0);
+ memset (buf, 0, TYPE_LENGTH (VALUE_TYPE (val)));
else
ADDRESS_TO_POINTER (builtin_type_void_data_ptr, buf,
get_frame_pc (frame));
--- src/contrib/gdb/gdb/remote.c~ 2007-08-14 15:45:25.0 -0400
+++ src/contrib/gdb/gdb/remote.c2007-08-14 15:45:37.0 -0400
@@ -3463,7 +3463,7 @@ remote_store_registers (int regnum)
{
int i;
regs = alloca (rs-sizeof_g_packet);
-memset (regs, rs-sizeof_g_packet, 0);
+memset (regs, 0, rs-sizeof_g_packet);
for (i = 0; i NUM_REGS + NUM_PSEUDO_REGS; i++)
{
struct packet_reg *r = rs-regs[i];
--
http://www.codemonkey.org.uk
___
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: memset bugs.
Dave Jones [EMAIL PROTECTED] writes:
A grep I crafted to pick up on some common bugs happened upon
a copy of the FreeBSD CVS tree that I happened to have handy
and found the bugs below where the 2nd 3rd arguments to
memset calls have been swapped.
[...]
--- src/sys/netinet/sctp_output.c~2007-08-14 15:44:11.0 -0400
+++ src/sys/netinet/sctp_output.c 2007-08-14 15:44:27.0 -0400
@@ -6331,7 +6331,7 @@ out_gu:
rcv_flags |= SCTP_DATA_UNORDERED;
}
/* clear out the chunk before setting up */
- memset(chk, sizeof(*chk), 0);
+ memset(chk, 0, sizeof(*chk));
chk-rec.data.rcv_flags = rcv_flags;
if (SCTP_BUF_IS_EXTENDED(sp-data)) {
chk-copy_by_ref = 1;
Pointy hat to [EMAIL PROTECTED]
--- src/usr.sbin/nscd/agents/services.c~ 2007-08-14 15:44:33.0
-0400
+++ src/usr.sbin/nscd/agents/services.c 2007-08-14 15:44:41.0
-0400
@@ -171,7 +171,7 @@ services_lookup_func(const char *key, si
if (size 0) {
proto = (char *)malloc(size + 1);
assert(proto != NULL);
- memset(proto, size + 1, 0);
+ memset(proto, 0, size + 1);
memcpy(proto, key + sizeof(enum nss_lookup_type) +
sizeof(int), size);
}
--- src/usr.sbin/cached/agents/services.c~2007-08-14 15:44:45.0
-0400
+++ src/usr.sbin/cached/agents/services.c 2007-08-14 15:44:52.0
-0400
@@ -171,7 +171,7 @@ services_lookup_func(const char *key, si
if (size 0) {
proto = (char *)malloc(size + 1);
assert(proto != NULL);
- memset(proto, size + 1, 0);
+ memset(proto, 0, size + 1);
memcpy(proto, key + sizeof(enum nss_lookup_type) +
sizeof(int), size);
}
These two are actually the same file - cached is in the process of being
renamed to nscd. Pointy hat to [EMAIL PROTECTED]
--- src/contrib/gdb/gdb/std-regs.c~ 2007-08-14 15:44:56.0 -0400
+++ src/contrib/gdb/gdb/std-regs.c2007-08-14 15:45:22.0 -0400
@@ -61,7 +61,7 @@ value_of_builtin_frame_reg (struct frame
val = allocate_value (builtin_type_frame_reg);
VALUE_LVAL (val) = not_lval;
buf = VALUE_CONTENTS_RAW (val);
- memset (buf, TYPE_LENGTH (VALUE_TYPE (val)), 0);
+ memset (buf, 0, TYPE_LENGTH (VALUE_TYPE (val)));
/* frame.base. */
if (frame != NULL)
ADDRESS_TO_POINTER (builtin_type_void_data_ptr, buf,
@@ -87,7 +87,7 @@ value_of_builtin_frame_fp_reg (struct fr
struct value *val = allocate_value (builtin_type_void_data_ptr);
char *buf = VALUE_CONTENTS_RAW (val);
if (frame == NULL)
- memset (buf, TYPE_LENGTH (VALUE_TYPE (val)), 0);
+ memset (buf, 0, TYPE_LENGTH (VALUE_TYPE (val)));
else
ADDRESS_TO_POINTER (builtin_type_void_data_ptr, buf,
get_frame_base_address (frame));
@@ -105,7 +105,7 @@ value_of_builtin_frame_pc_reg (struct fr
struct value *val = allocate_value (builtin_type_void_data_ptr);
char *buf = VALUE_CONTENTS_RAW (val);
if (frame == NULL)
- memset (buf, TYPE_LENGTH (VALUE_TYPE (val)), 0);
+ memset (buf, 0, TYPE_LENGTH (VALUE_TYPE (val)));
else
ADDRESS_TO_POINTER (builtin_type_void_data_ptr, buf,
get_frame_pc (frame));
--- src/contrib/gdb/gdb/remote.c~ 2007-08-14 15:45:25.0 -0400
+++ src/contrib/gdb/gdb/remote.c 2007-08-14 15:45:37.0 -0400
@@ -3463,7 +3463,7 @@ remote_store_registers (int regnum)
{
int i;
regs = alloca (rs-sizeof_g_packet);
-memset (regs, rs-sizeof_g_packet, 0);
+memset (regs, 0, rs-sizeof_g_packet);
for (i = 0; i NUM_REGS + NUM_PSEUDO_REGS; i++)
{
struct packet_reg *r = rs-regs[i];
These should go upstream to the gdb maintainers ([EMAIL PROTECTED]).
DES
--
Dag-Erling Smørgrav - [EMAIL PROTECTED]
___
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: memset bugs.
Thanks for the pointer...
Julian and Sam also sent this to me on the SCTP side.
The local CVS repository on lakerest.net now has this fix
in it.. and others... I have added this to the queue to
go in to patchset 15.. (I am still waiting on re for patchset 14).
R
Dag-Erling Smørgrav wrote:
Dave Jones [EMAIL PROTECTED] writes:
A grep I crafted to pick up on some common bugs happened upon
a copy of the FreeBSD CVS tree that I happened to have handy
and found the bugs below where the 2nd 3rd arguments to
memset calls have been swapped.
[...]
--- src/sys/netinet/sctp_output.c~ 2007-08-14 15:44:11.0 -0400
+++ src/sys/netinet/sctp_output.c 2007-08-14 15:44:27.0 -0400
@@ -6331,7 +6331,7 @@ out_gu:
rcv_flags |= SCTP_DATA_UNORDERED;
}
/* clear out the chunk before setting up */
- memset(chk, sizeof(*chk), 0);
+ memset(chk, 0, sizeof(*chk));
chk-rec.data.rcv_flags = rcv_flags;
if (SCTP_BUF_IS_EXTENDED(sp-data)) {
chk-copy_by_ref = 1;
Pointy hat to [EMAIL PROTECTED]
--- src/usr.sbin/nscd/agents/services.c~2007-08-14 15:44:33.0
-0400
+++ src/usr.sbin/nscd/agents/services.c 2007-08-14 15:44:41.0 -0400
@@ -171,7 +171,7 @@ services_lookup_func(const char *key, si
if (size 0) {
proto = (char *)malloc(size + 1);
assert(proto != NULL);
- memset(proto, size + 1, 0);
+ memset(proto, 0, size + 1);
memcpy(proto, key + sizeof(enum nss_lookup_type) +
sizeof(int), size);
}
--- src/usr.sbin/cached/agents/services.c~ 2007-08-14 15:44:45.0
-0400
+++ src/usr.sbin/cached/agents/services.c 2007-08-14 15:44:52.0
-0400
@@ -171,7 +171,7 @@ services_lookup_func(const char *key, si
if (size 0) {
proto = (char *)malloc(size + 1);
assert(proto != NULL);
- memset(proto, size + 1, 0);
+ memset(proto, 0, size + 1);
memcpy(proto, key + sizeof(enum nss_lookup_type) +
sizeof(int), size);
}
These two are actually the same file - cached is in the process of being
renamed to nscd. Pointy hat to [EMAIL PROTECTED]
--- src/contrib/gdb/gdb/std-regs.c~ 2007-08-14 15:44:56.0 -0400
+++ src/contrib/gdb/gdb/std-regs.c 2007-08-14 15:45:22.0 -0400
@@ -61,7 +61,7 @@ value_of_builtin_frame_reg (struct frame
val = allocate_value (builtin_type_frame_reg);
VALUE_LVAL (val) = not_lval;
buf = VALUE_CONTENTS_RAW (val);
- memset (buf, TYPE_LENGTH (VALUE_TYPE (val)), 0);
+ memset (buf, 0, TYPE_LENGTH (VALUE_TYPE (val)));
/* frame.base. */
if (frame != NULL)
ADDRESS_TO_POINTER (builtin_type_void_data_ptr, buf,
@@ -87,7 +87,7 @@ value_of_builtin_frame_fp_reg (struct fr
struct value *val = allocate_value (builtin_type_void_data_ptr);
char *buf = VALUE_CONTENTS_RAW (val);
if (frame == NULL)
- memset (buf, TYPE_LENGTH (VALUE_TYPE (val)), 0);
+ memset (buf, 0, TYPE_LENGTH (VALUE_TYPE (val)));
else
ADDRESS_TO_POINTER (builtin_type_void_data_ptr, buf,
get_frame_base_address (frame));
@@ -105,7 +105,7 @@ value_of_builtin_frame_pc_reg (struct fr
struct value *val = allocate_value (builtin_type_void_data_ptr);
char *buf = VALUE_CONTENTS_RAW (val);
if (frame == NULL)
- memset (buf, TYPE_LENGTH (VALUE_TYPE (val)), 0);
+ memset (buf, 0, TYPE_LENGTH (VALUE_TYPE (val)));
else
ADDRESS_TO_POINTER (builtin_type_void_data_ptr, buf,
get_frame_pc (frame));
--- src/contrib/gdb/gdb/remote.c~ 2007-08-14 15:45:25.0 -0400
+++ src/contrib/gdb/gdb/remote.c2007-08-14 15:45:37.0 -0400
@@ -3463,7 +3463,7 @@ remote_store_registers (int regnum)
{
int i;
regs = alloca (rs-sizeof_g_packet);
-memset (regs, rs-sizeof_g_packet, 0);
+memset (regs, 0, rs-sizeof_g_packet);
for (i = 0; i NUM_REGS + NUM_PSEUDO_REGS; i++)
{
struct packet_reg *r = rs-regs[i];
These should go upstream to the gdb maintainers ([EMAIL PROTECTED]).
DES
--
Randall Stewart
NSSTG - Cisco Systems Inc.
803-345-0369 or 803-317-4952 (cell)
___
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: memset bugs.
On Tue, Aug 14, 2007 at 03:49:50PM -0400, Dave Jones wrote: I'm unfamiliar with how patch submission works in FreeBSD, but hopefully someone can eyeball this for correctness and get it committed, or forward it on to the right people. The way to make sure your patch doesn't just get lost in the mailing list noise is to send a Problem Report (PR). There's no guarantee that it will be handled promptly, however, as we have a large backlog (more people willing to report bugs than to do some of the dirty work :-/ Many of the developers are already stretched thin.) The documentation is available at http://www.freebsd.org/doc/en_US.ISO8859-1/articles/problem-reports/. If anything is unclear, you can email [EMAIL PROTECTED] and we'll try to clarify things. mcl ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to [EMAIL PROTECTED]
