From owner-freebsd-current@FreeBSD.ORG Tue Dec 18 08:42:27 2007 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B424316A46B for ; Tue, 18 Dec 2007 08:42:27 +0000 (UTC) (envelope-from Yuriy.Tsibizov@gfk.com) Received: from mx2.gfk.ru (mx2.gfk.ru [84.21.231.139]) by mx1.freebsd.org (Postfix) with ESMTP id ED0D913C467 for ; Tue, 18 Dec 2007 08:42:26 +0000 (UTC) (envelope-from Yuriy.Tsibizov@gfk.com) Received: from ex.hhp.local by mx2.gfk.ru (MDaemon PRO v9.6.0) with ESMTP id md50000728586.msg; Tue, 18 Dec 2007 11:43:14 +0300 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Date: Tue, 18 Dec 2007 11:43:02 +0300 Message-ID: <78664C02FF341B4FAC63E561846E3BCC0EEA57@ex.hhp.local> In-Reply-To: <78664C02FF341B4FAC63E561846E3BCC0EEA56@ex.hhp.local> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: story about lost %ebx (stack corruption in inet_aton ?) thread-index: AchA1XTzC+2gKXXYRPmGbS9V4nLlUAAaYhZQAALFXPAAAQ8MUA== References: <78664C02FF341B4FAC63E561846E3BCC0EEA52@ex.hhp.local> <78664C02FF341B4FAC63E561846E3BCC0EEA56@ex.hhp.local> From: "Yuriy Tsibizov" To: X-Spam-Processed: mx2.gfk.ru, Tue, 18 Dec 2007 11:43:14 +0300 (not processed: message from valid local sender) X-MDRemoteIP: 10.0.0.30 X-Return-Path: Yuriy.Tsibizov@gfk.com X-Envelope-From: Yuriy.Tsibizov@gfk.com X-MDAV-Processed: mx2.gfk.ru, Tue, 18 Dec 2007 11:43:14 +0300 Cc: ume@freebsd.org Subject: RE: story about lost %ebx (stack corruption in inet_aton ?) X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Dec 2007 08:42:27 -0000 > > My first impression was that there is a bug in gcc compiler=20 > on 7-BETA > > and 8-CURRENT (i386 only, and only if optimization is=20 > enabled), but it > > seems to be incorrect. Most probably source is stack corruption in > > inet_aton() >=20 > mistyped, it is inet_network() that fails... >=20 > testcase: >=20 > #include > #include > #include > #include > #include >=20 > int main(){ > int val; > char s[]=3D"10.10.0.10.0/12"; // four dots here! > char *q; >=20 > q =3D strchr(s,'/'); > if (q) { > *q =3D '\0'; > if ((val =3D inet_network(s)) !=3D INADDR_NONE) { > printf("OK\n"); > return (0); > } > printf("q=3D %08x\n", q); > *q =3D '/'; > } > } >=20 >=20 > (should be built with -O1 or -O2 to expose that bug) patch is simple: ------------- --- inet_network.c.orig 2007-06-03 21:20:26.000000000 +0400 +++ inet_network.c 2007-12-18 11:11:33.000000000 +0300 @@ -53,7 +53,7 @@ { in_addr_t val, base, n; char c; - in_addr_t parts[4], *pp =3D parts; + in_addr_t parts[5], *pp =3D parts; int i, digit; =20 again: ------------- Yuriy.