From owner-freebsd-bugs@FreeBSD.ORG Thu Oct 16 00:37:27 2008 Return-Path: Delivered-To: freebsd-bugs@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E44241065688 for ; Thu, 16 Oct 2008 00:37:27 +0000 (UTC) (envelope-from yehudasa@gmail.com) Received: from wa-out-1112.google.com (wa-out-1112.google.com [209.85.146.179]) by mx1.freebsd.org (Postfix) with ESMTP id B94798FC19 for ; Thu, 16 Oct 2008 00:37:27 +0000 (UTC) (envelope-from yehudasa@gmail.com) Received: by wa-out-1112.google.com with SMTP id n4so1854556wag.27 for ; Wed, 15 Oct 2008 17:37:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:mime-version:content-type; bh=s+INtKMbsumne0Gyn+Hnpev7ElR22DGGAMuz2/lpzGU=; b=rZ+RKZbVsdhZuHZ/8sNQ3PrT3BDl4rB4roZApSPZIIEO011YjVn5Jy2X1NhTT/oucO PoGgeysvG6IVGck3c2an4QpS47anFwA/UBMJY/W1Yrtm+mJsjbSTboi+N8aAHT5l8vd9 Ya4kPRipt63faST95/2OR8UdK6lVQwoQhE+7g= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type; b=voQV05xfAYXOhRkeWPrTEPsDuuJ/sQ9rv2DnM0MxHgKCztxbmZLehIpijQLQvhfNaK rd6UkvvwrUZceq3N3R+Gc753Z2qRaqcn8TDR5IXuNuZGove9La1XeJixmD69JsKJF93+ TOJ9uREEnpgkkCHaeFqy6PSI5/spKpmp7Hg6o= Received: by 10.115.111.1 with SMTP id o1mr1606600wam.114.1224116177062; Wed, 15 Oct 2008 17:16:17 -0700 (PDT) Received: by 10.115.75.1 with HTTP; Wed, 15 Oct 2008 17:16:17 -0700 (PDT) Message-ID: Date: Wed, 15 Oct 2008 17:16:17 -0700 From: "Yehuda Sadeh Weinraub" To: freebsd-bugs@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: crc32c calculation at sctp_crc32.c X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Oct 2008 00:37:28 -0000 It looks like there is some bug in the crc32c calculation at sctp_crc32.c. The update_crc32() does the following: ... offset = ((uintptr_t) buffer) & 0x3; return (sctp_crc32c_sb8_64_bit(crc32c, buffer, length, offset)); Now, note that it passes the 'offset' parameter. However, the sctp_crc32c_sb8_64_bit() treats the 4th parameter as init_bytes. This is wrong. Also it does the following: running_length = ((length - init_bytes) / 8) * 8; Now, if init_bytes is 3 and length is 1, running_length will overlap. The following patch seems to fix it. Yehuda --- a/src/common/sctp_crc32.c +++ b/src/common/sctp_crc32.c @@ -518,12 +518,18 @@ static uint32_t sctp_crc32c_sb8_64_bit(uint32_t crc, unsigned char const *p_buf, uint32_t length, - uint32_t init_bytes) + uint32_t offset) { uint32_t li; uint32_t term1, term2; uint32_t running_length; uint32_t end_bytes; + uint32_t init_bytes; + + init_bytes = (4-offset) & 0x3; + + if (init_bytes > length) + init_bytes = length; running_length = ((length - init_bytes) / 8) * 8; end_bytes = length - init_bytes - running_length;