From owner-freebsd-bugs  Wed Jun  7 11:20: 5 2000
Delivered-To: freebsd-bugs@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
	by hub.freebsd.org (Postfix) with ESMTP id 8657E37B6B0
	for <freebsd-bugs@FreeBSD.org>; Wed,  7 Jun 2000 11:20:02 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.9.3/8.9.2) id LAA12599;
	Wed, 7 Jun 2000 11:20:01 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Date: Wed, 7 Jun 2000 11:20:01 -0700 (PDT)
Message-Id: <200006071820.LAA12599@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
Cc: 
From: Ruslan Ermilov <ru@sunbay.com>
Subject: Re: bin/19096: core dump using ftp and telnet
Reply-To: Ruslan Ermilov <ru@sunbay.com>
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

The following reply was made to PR bin/19096; it has been noted by GNATS.

From: Ruslan Ermilov <ru@sunbay.com>
To: liveevil@tasam.com
Cc: freebsd-gnats-submit@FreeBSD.org
Subject: Re: bin/19096: core dump using ftp and telnet
Date: Wed, 7 Jun 2000 21:12:59 +0300

 On Wed, Jun 07, 2000 at 09:50:03AM -0700, liveevil@tasam.com wrote:
 > 
 > Number:         19096
 > Synopsis:       core dump using ftp and telnet
 > Severity:       non-critical
 > Priority:       low
 > Release:        4.0-STABLE FreeBSD 4.0-STABLE
 > 
 It turns out to be the problem with libc.
 Maybe, _hpcopy() should check for value of *errp???
 
 Script started on Wed Jun  7 21:06:04 2000
 GNU gdb 4.18
 Copyright 1998 Free Software Foundation, Inc.
 GDB is free software, covered by the GNU General Public License, and you are
 welcome to change it and/or distribute copies of it under certain conditions.
 Type "show copying" to see the conditions.
 There is absolutely no warranty for GDB.  Type "show warranty" for details.
 This GDB was configured as "i386-unknown-freebsd"...
 Core was generated by `ftp'.
 Program terminated with signal 11, Segmentation fault.
 #0  0x807321e in _hpcopy (hp=0xbfbff4a0, errp=0xbfbff590)
     at /usr/src/lib/libc/../libc/net/name6.c:559
 559				if (**pp != '\0') {
 (gdb) l
 554		size = sizeof(struct hostent);
 555		if (hp->h_name != NULL && *hp->h_name != '\0')
 556			size += strlen(hp->h_name) + 1;
 557		if ((pp = hp->h_aliases) != NULL) {
 558			for (i = 0; *pp != NULL; i++, pp++) {
 559				if (**pp != '\0') {
 560					size += strlen(*pp) + 1;
 561					nalias++;
 562				}
 563			}
 (gdb) print pp
 $1 = (char **) 0xbfbff0a4
 (gdb) print *pp
 $2 = 0x1000100 <Address 0x1000100 out of bounds>
 (gdb) up
 #1  0x8074714 in _res_search_multi (name=0x80bb0a0 "*.exitmoney.com", 
     rtl=0xbfbff4dc, errp=0xbfbff590)
     at /usr/src/lib/libc/../libc/net/name6.c:1352
 1352					hp = _hpcopy(&hpbuf, errp);
 (gdb) l
 1347					hpbuf.h_addrtype = (rtl->rtl_type == T_AAAA)
 1348					    ? AF_INET6 : AF_INET;
 1349					hpbuf.h_length = ADDRLEN(hpbuf.h_addrtype);
 1350					hp = getanswer(&buf, ret, name, rtl->rtl_type,
 1351							    &hpbuf, errp);
 1352					hp = _hpcopy(&hpbuf, errp);
 1353					hp0 = _hpmerge(hp0, hp, errp);
 1354				}
 1355			}
 1356			if (hp0 != NULL)
 (gdb) print *errp
 $3 = 3
 (gdb) quit
 
 Script done on Wed Jun  7 21:07:30 2000
 
 -- 
 Ruslan Ermilov		Oracle Developer/DBA,
 ru@sunbay.com		Sunbay Software AG,
 ru@FreeBSD.org		FreeBSD committer,
 +380.652.512.251	Simferopol, Ukraine
 
 http://www.FreeBSD.org	The Power To Serve
 http://www.oracle.com	Enabling The Information Age
 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message