Date: Wed, 15 Oct 2008 17:16:17 -0700 From: "Yehuda Sadeh Weinraub" <yehudasa@gmail.com> To: freebsd-bugs@freebsd.org Subject: crc32c calculation at sctp_crc32.c Message-ID: <a37615150810151716me5f9ac2udda143a9c56ac05f@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
It looks like there is some bug in the crc32c calculation at sctp_crc32.c.
The update_crc32() does the following:
...
offset = ((uintptr_t) buffer) & 0x3;
return (sctp_crc32c_sb8_64_bit(crc32c, buffer, length, offset));
Now, note that it passes the 'offset' parameter. However, the
sctp_crc32c_sb8_64_bit() treats the 4th parameter as init_bytes. This is
wrong. Also it does the following:
running_length = ((length - init_bytes) / 8) * 8;
Now, if init_bytes is 3 and length is 1, running_length will overlap.
The following patch seems to fix it.
Yehuda
--- a/src/common/sctp_crc32.c
+++ b/src/common/sctp_crc32.c
@@ -518,12 +518,18 @@ static uint32_t sctp_crc32c_sb8_64_bit(uint32_t crc,
unsigned char const *p_buf,
uint32_t length,
- uint32_t init_bytes)
+ uint32_t offset)
{
uint32_t li;
uint32_t term1, term2;
uint32_t running_length;
uint32_t end_bytes;
+ uint32_t init_bytes;
+
+ init_bytes = (4-offset) & 0x3;
+
+ if (init_bytes > length)
+ init_bytes = length;
running_length = ((length - init_bytes) / 8) * 8;
end_bytes = length - init_bytes - running_length;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?a37615150810151716me5f9ac2udda143a9c56ac05f>