Date: Tue, 3 Nov 2020 12:46:29 +0300 From: xtouqh@hotmail.com To: hackers@freebsd.org Subject: KASSERT(val != 0) not triggering in linux_errno.c reading outside of array Message-ID: <AM0PR06MB39867F0AE62A737D2EE596F5C0110@AM0PR06MB3986.eurprd06.prod.outlook.com>
next in thread | raw e-mail | index | archive | help
I'm looking at the current sys/compat/linux/linux_errno.c source, specifically this function: https://svnweb.freebsd.org/base/head/sys/compat/linux/linux_errno.c?revision=367132&view=markup#l24, and noticed that sizeof() usage there seems to be bogus as I mentioned in https://reviews.freebsd.org/D26974#inline-168811. What I'm wondering about is why KASSERT() is not triggering there -- I have added the following printf() right below KASSERT() showing that we indeed read outside of the array, and some of the linux_errtbl[i] values are 0: printf("%s:linux_errtbl[%d]=%d\n", __func__, i, linux_errtbl[i]); But, if I add the following check before printf(), it seems to be never true: if (linux_errtbl[i] == 0) printf("%s:linux_errtbl[%d]=%d\n", __func__, i, linux_errtbl[i]); So how come printed values are 0, but KASSERT(value != 0) and if (value == 0) are never true? I tried to reproduce this in simple userland test case, but the check seems to be working correctly there (though still reading outside of array if using sizeof() for final index). What am I missing here?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AM0PR06MB39867F0AE62A737D2EE596F5C0110>