Date: Fri, 10 Jan 2025 07:12:57 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 283970] [PATCH] netpfil/ipfw: Fix wrong indent number to dump ctl3_handlers Message-ID: <bug-283970-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D283970 Bug ID: 283970 Summary: [PATCH] netpfil/ipfw: Fix wrong indent number to dump ctl3_handlers Product: Base System Version: Unspecified Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: nakayamakenjiro@gmail.com Created attachment 256593 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D256593&action= =3Dedit ip_fw_sockopt.patch ctl3_handlers dump_soptcodes() accesses to ctl3_handlers with a wrong indent: ``` for (n =3D 1; n <=3D count; n++) { ... omit ... sh =3D &ctl3_handlers[n]; # when "n =3D=3D count" out of b= ounds. ``` Here is the observation on FreeBSD 14.0 with kgdb: --- 1. proceed steps in dump_soptcodes() by the problem code. ``` (kgdb) frame #0 dump_soptcodes (chain=3D<optimized out>, op3=3D<optimized out>, sd=3D0xfffffe007325eb58) at /usr/src/sys/netpfil/ipfw/ip_fw_sockopt.c:3137 = 3137 for (n =3D 1; n <=3D count; n++){code} ``` 2. print the value in "count", which is 29. ``` (kgdb) print count $24 =3D 29 ``` 3. From ctl3_handlers[0] to ctl3_handlers[28] contains values but ctl3_handlers[29] is empty. ``` (kgdb) print ctl3_handlers[0]@30 $26 =3D {{opcode =3D 86, version =3D 0 '\000', dir =3D 3 '\003', handler =3D 0xffffffff82e3a010 <manage_table_ent_v0>, refcnt =3D 0}, {opcode =3D 86, ve= rsion =3D 1 '\001', dir =3D 3 '\003', handler =3D 0xffffffff82e3a120 <manage_table_ent_v1>,= refcnt =3D 0}, {opcode =3D 87, version =3D 0 '\000', dir =3D 3 '\003', handler =3D 0xffffffff82e3a010 <manage_table_ent_v0>, refcnt =3D 0}, {o= pcode =3D 87, version =3D 1 '\001', dir =3D 3 '\003', handler =3D 0xffffffff82e3a120 <manage_table_ent_v1>, refcnt =3D 0}, {opcode =3D 88, version =3D 0 '\000', dir =3D 2 '\002', = handler =3D 0xffffffff82e3ac10 <get_table_size>, refcnt =3D 0}, {opcode =3D 89, version= =3D 0 '\000', dir =3D 2 '\002', handler =3D 0xffffffff82e39c80 <dump_table_v0>, refcn= t =3D 0}, {opcode =3D 89, version =3D 1 '\001', dir =3D 2 '\002', handler =3D 0xffffffff82e39e80 <dump_table_v1>, refcnt =3D 0}, {opcode = =3D 90, version =3D 0 '\000', dir =3D 1 '\001', handler =3D 0xffffffff82e395a0 <flush_table_v0>, refcnt =3D 0}, {opcode =3D 92, version =3D 0 '\000', dir =3D 2 '\002', = handler =3D 0xffffffff82e39bb0 <list_tables>, refcnt =3D 0}, {opcode =3D 93, version = =3D 0 '\000', dir =3D 2 '\002', handler =3D 0xffffffff82e39ac0 <describe_table>, refc= nt =3D 0}, {opcode =3D 94, version =3D 0 '\000', dir =3D 1 '\001', handler =3D 0xffffffff82e395a0 <flush_table_v0>, refcnt =3D 0}, {opcode= =3D 95, version =3D 0 '\000', dir =3D 1 '\001', handler =3D 0xffffffff82e39430 <create_table>, refcnt =3D 0}, {opcode =3D 96, version =3D 0 '\000', dir =3D 3 '\003', = handler =3D 0xffffffff82e398a0 <modify_table>, refcnt =3D 0}, {opcode =3D 97, version = =3D 0 '\000', dir =3D 2 '\002', handler =3D 0xffffffff82e31730 <dump_config>, refcnt = =3D 0}, {opcode =3D 98, version =3D 0 '\000', dir =3D 3 '\003', handler =3D 0xfffff= fff82e320a0 <add_rules>, refcnt =3D 0}, {opcode =3D 99, version =3D 0 '\000', dir =3D 3 '\003', = handler =3D 0xffffffff82e32640 <del_rules>, refcnt =3D 0}, {opcode =3D 100, version =3D= 0 '\000', dir =3D 1 '\001', handler =3D 0xffffffff82e32af0 <move_rules>, refcnt = =3D 0}, {opcode =3D 101, version =3D 0 '\000', dir =3D 1 '\001', handler =3D 0xffff= ffff82e327a0 <clear_rules>, refcnt =3D 0}, {opcode =3D 102, version =3D 0 '\000', dir =3D 1 '\001',= handler =3D 0xffffffff82e327a0 <clear_rules>, refcnt =3D 0}, {opcode =3D 103, version = =3D 0 '\000', dir =3D 1 '\001', handler =3D 0xffffffff82e32c30 <manage_sets>, refcnt = =3D 0}, {opcode =3D 104, version =3D 0 '\000', dir =3D 1 '\001', handler =3D 0xffffffff82e32c30 <manage_sets>, refcnt =3D 0}, {opcode = =3D 105, version =3D 0 '\000', dir =3D 1 '\001', handler =3D 0xffffffff82e32c30 <man= age_sets>, refcnt =3D 0}, { opcode =3D 106, version =3D 0 '\000', dir =3D 2 '\002', handler =3D 0xffffffff82e3a3b0 <find_table_entry>, refcnt =3D 0}, {opcode =3D 107, vers= ion =3D 0 '\000', dir =3D 2 '\002', handler =3D 0xffffffff82e3fbd0 <list_ifaces>, refcnt =3D 0}, {opcode = =3D 108, version =3D 0 '\000', dir =3D 2 '\002', handler =3D 0xffffffff82e3aaf0 <list_table_algo>, refcnt =3D 0}, {opcode =3D 109, version =3D 0 '\000', dir =3D 1 '\001',= handler =3D 0xffffffff82e3a510 <swap_table>, refcnt =3D 0}, {opcode =3D 110, version = =3D 0 '\000', dir =3D 2 '\002', handler =3D 0xffffffff82e40f10 <list_table_values>, r= efcnt =3D 0}, {opcode =3D 116, version =3D 0 '\000', dir =3D 2 '\002', handler =3D 0xffffffff82e32e80 <dump_soptcodes>, refcnt =3D 1}, {opcode= =3D 117, version =3D 0 '\000', dir =3D 2 '\002', handler =3D 0xffffffff82e330a0 <dump_srvobjects>, refcnt =3D 0}, {opcode =3D 0, version =3D 0 '\000', dir =3D 0 '\000', h= andler =3D 0x0, refcnt =3D 0}} (kgdb) print ctl3_handlers[0] $28 =3D {opcode =3D 86, version =3D 0 '\000', dir =3D 3 '\003', handler =3D 0xffffffff82e3a010 <manage_table_ent_v0>, refcnt =3D 0} (kgdb) print ctl3_handlers[28] $29 =3D {opcode =3D 117, version =3D 0 '\000', dir =3D 2 '\002', handler =3D 0xffffffff82e330a0 <dump_srvobjects>, refcnt =3D 0} (kgdb) print ctl3_handlers[29] $30 =3D {opcode =3D 0, version =3D 0 '\000', dir =3D 0 '\000', handler =3D = 0x0, refcnt =3D 0} ``` --- --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-283970-227>