Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 2 Jul 2012 18:40:02 GMT
From:      deeptech71@gmail.com
To:        freebsd-bugs@FreeBSD.org
Subject:   Re: misc/169608: the mmap(), mprotect(), and munmap() functions get fucked by some corner-case arguments
Message-ID:  <201207021840.q62Ie2Xv080846@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The following reply was made to PR misc/169608; it has been noted by GNATS.

From: deeptech71@gmail.com
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: misc/169608: the mmap(), mprotect(), and munmap() functions get
 fucked by some corner-case arguments
Date: Mon, 02 Jul 2012 20:42:32 +0200

 This is a multi-part message in MIME format.
 --------------050908070503090907040505
 Content-Type: text/plain; charset=ISO-8859-1; format=flowed
 Content-Transfer-Encoding: 7bit
 
 
 --------------050908070503090907040505
 Content-Type: text/plain; charset=UTF-8;
  name="xs.c"
 Content-Transfer-Encoding: 7bit
 Content-Disposition: attachment;
  filename="xs.c"
 
 #include <sys/mman.h>
 #include <stdlib.h>
 #include <stdio.h>
 
 void test1(unsigned num, unsigned total, int func, void *addr, size_t size)
 {
   switch (func)
   {
     case 1:
     {
       printf("[%u/%u] mmap(%p, %zu, PROT_READ | PROT_WRITE, MAP_ANON, -1, 0)... ", num, total, addr, size);
       fflush(stdout);
       void *m = mmap(addr, size, PROT_READ | PROT_WRITE, MAP_ANON, -1, 0);
       if (m == MAP_FAILED)
         perror(NULL);
       else
       {
         printf("success: got %p; writing here... ", m);
         fflush(stdout);
         *((int *)m) = 1337;
         printf("success!\n");
       }
     }
     break;
 
     case 2:
     {
       printf("[%u/%u] mprotect(%p, %zu, PROT_NONE)... ", num, total, addr, size);
       fflush(stdout);
       int ret = mprotect(addr, size, PROT_NONE);
       if (ret)
         perror(NULL);
       else
         printf("success!\n");
     }
     break;
 
     case 3:
     {
       printf("[%u/%u] munmap(%p, %zu)... ", num, total, addr, size);
       fflush(stdout);
       int ret = munmap(addr, size);
       if (ret)
         perror(NULL);
       else
         printf("success!\n");
     }
     break;
   }
 }
 
 #define ARRAY_LEN(x) (sizeof(x) / sizeof(*(x)))
 #define PAGE_SIZE 4096
 
 int main(int argc, char *argv[])
 {
   void *addrs[] = { NULL, (void *)0xBEEF, (void *)0xDEADBEEF, (void *)-PAGE_SIZE, (void *)-1 };
   size_t sizes[] = { (size_t)0, (size_t)PAGE_SIZE, (size_t)2000000000, (size_t)4000000000, (size_t)-PAGE_SIZE, (size_t)-1 };
 
   int func = atoi(argv[1]);
   int num = atoi(argv[2]);
 
   test1(num, ARRAY_LEN(addrs) * ARRAY_LEN(sizes), func, addrs[(num - 1) / ARRAY_LEN(sizes)], sizes[(num - 1) % ARRAY_LEN(sizes)]);
 
   return 0;
 }
 
 --------------050908070503090907040505--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201207021840.q62Ie2Xv080846>