From owner-freebsd-current Sun Nov 19 7:45:41 2000 Delivered-To: freebsd-current@freebsd.org Received: from pcnet1.pcnet.com (pcnet1.pcnet.com [204.213.232.3]) by hub.freebsd.org (Postfix) with ESMTP id 43E1837B479 for ; Sun, 19 Nov 2000 07:45:38 -0800 (PST) Received: from vigrid.com (pm3-pt18.pcnet.net [206.105.29.92]) by pcnet1.pcnet.com (8.8.7/PCNet) with ESMTP id KAA01273; Sun, 19 Nov 2000 10:45:17 -0500 (EST) Message-ID: <3A17F630.6E1B6F45@vigrid.com> Date: Sun, 19 Nov 2000 10:48:00 -0500 From: "Daniel M. Eischen" X-Mailer: Mozilla 4.5 [en] (X11; I; FreeBSD 5.0-CURRENT i386) X-Accept-Language: en MIME-Version: 1.0 To: current@freebsd.org Subject: pccardd dies with SIGSEGV [PATCH included] Content-Type: multipart/mixed; boundary="------------3A4C922084D75946AE21466B" Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG This is a multi-part message in MIME format. --------------3A4C922084D75946AE21466B Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Many weeks ago, I noticed that pccardd died with a SIGSEGV when I inserted my Motorola Montana 33.6 fax/modem. I'm not sure of the exact time as to when this occurred, but I know that pccardd had been working just fine with this card. I finally found the time to track down the problem (now that I really need to use it). Here's an excerpt from `pccardc dumpcis`: Tuple #2, code = 0x15 (Version 1 info), length = 39 000: 04 01 4d 6f 74 6f 72 6f 6c 61 00 4d 4f 4e 54 41 010: 4e 41 20 33 33 2e 36 20 46 41 58 2f 4d 4f 44 45 020: 4d 00 56 32 2e 30 00 Version = 4.1, Manuf = [Motorola], card vers = [MONTANA 33.6 FAX/MODEM] Addit. info = [V2.0],[] ^^ Note this field is empty When pccardd reads the field above, the length is supposedly 4, but garbage is read in and the field is not terminated with a null character. This causes problems later on when the field is copied using strdup(). Attach is a patch that fixes the problem for me. I can offer a `pccardc dumpcis` and a full gdb session that shows the problem to anyone interested. -- Dan Eischen --------------3A4C922084D75946AE21466B Content-Type: text/plain; charset=us-ascii; name="read_cis.diffs" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="read_cis.diffs" Index: readcis.c =================================================================== RCS file: /opt/b/CVS/src/usr.sbin/pccard/pccardd/readcis.c,v retrieving revision 1.20 diff -u -r1.20 readcis.c --- readcis.c 2000/06/18 20:22:11 1.20 +++ readcis.c 2000/11/19 16:30:57 @@ -202,7 +202,9 @@ cp->manuf = NULL; } if (len > 1 && *p != 0xff) { - cp->manuf = strdup(p); + /* cp->manuf = strdup(p); */ + cp->manuf = xmalloc(len + 1); + strncat(cp->manuf, p, len); while (*p++ && --len > 0); } if (cp->vers) { --------------3A4C922084D75946AE21466B-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message