Date: Tue, 18 Dec 2007 11:43:02 +0300 From: "Yuriy Tsibizov" <Yuriy.Tsibizov@gfk.com> To: <freebsd-current@freebsd.org> Cc: ume@freebsd.org Subject: RE: story about lost %ebx (stack corruption in inet_aton ?) Message-ID: <78664C02FF341B4FAC63E561846E3BCC0EEA57@ex.hhp.local> In-Reply-To: <78664C02FF341B4FAC63E561846E3BCC0EEA56@ex.hhp.local> References: <78664C02FF341B4FAC63E561846E3BCC0EEA52@ex.hhp.local> <78664C02FF341B4FAC63E561846E3BCC0EEA56@ex.hhp.local>
index | next in thread | previous in thread | raw e-mail
> > My first impression was that there is a bug in gcc compiler
> on 7-BETA
> > and 8-CURRENT (i386 only, and only if optimization is
> enabled), but it
> > seems to be incorrect. Most probably source is stack corruption in
> > inet_aton()
>
> mistyped, it is inet_network() that fails...
>
> testcase:
>
> #include <sys/cdefs.h>
> #include <sys/types.h>
> #include <netinet/in.h>
> #include <arpa/inet.h>
> #include <ctype.h>
>
> int main(){
> int val;
> char s[]="10.10.0.10.0/12"; // four dots here!
> char *q;
>
> q = strchr(s,'/');
> if (q) {
> *q = '\0';
> if ((val = inet_network(s)) != INADDR_NONE) {
> printf("OK\n");
> return (0);
> }
> printf("q= %08x\n", q);
> *q = '/';
> }
> }
>
>
> (should be built with -O1 or -O2 to expose that bug)
patch is simple:
-------------
--- inet_network.c.orig 2007-06-03 21:20:26.000000000 +0400
+++ inet_network.c 2007-12-18 11:11:33.000000000 +0300
@@ -53,7 +53,7 @@
{
in_addr_t val, base, n;
char c;
- in_addr_t parts[4], *pp = parts;
+ in_addr_t parts[5], *pp = parts;
int i, digit;
again:
-------------
Yuriy.
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?78664C02FF341B4FAC63E561846E3BCC0EEA57>