From owner-freebsd-current@FreeBSD.ORG Tue Dec 18 09:25:34 2007 Return-Path: Delivered-To: freebsd-current@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6D10C16A417 for ; Tue, 18 Dec 2007 09:25:34 +0000 (UTC) (envelope-from das@FreeBSD.ORG) Received: from VARK.MIT.EDU (VARK.MIT.EDU [18.95.3.179]) by mx1.freebsd.org (Postfix) with ESMTP id 2C50513C467 for ; Tue, 18 Dec 2007 09:25:33 +0000 (UTC) (envelope-from das@FreeBSD.ORG) Received: from VARK.MIT.EDU (localhost [127.0.0.1]) by VARK.MIT.EDU (8.14.2/8.14.1) with ESMTP id lBI8rGGe046173; Tue, 18 Dec 2007 03:53:16 -0500 (EST) (envelope-from das@FreeBSD.ORG) Received: (from das@localhost) by VARK.MIT.EDU (8.14.2/8.14.1/Submit) id lBI8rGCH046172; Tue, 18 Dec 2007 03:53:16 -0500 (EST) (envelope-from das@FreeBSD.ORG) Date: Tue, 18 Dec 2007 03:53:16 -0500 From: David Schultz To: Yuriy Tsibizov Message-ID: <20071218085316.GB24316@VARK.MIT.EDU> Mail-Followup-To: Yuriy Tsibizov , freebsd-current@FreeBSD.ORG References: <78664C02FF341B4FAC63E561846E3BCC0EEA52@ex.hhp.local> <78664C02FF341B4FAC63E561846E3BCC0EEA56@ex.hhp.local> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <78664C02FF341B4FAC63E561846E3BCC0EEA56@ex.hhp.local> Cc: freebsd-current@FreeBSD.ORG Subject: Re: story about lost %ebx (stack corruption in inet_aton ?) X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Dec 2007 09:25:34 -0000 On Tue, Dec 18, 2007, Yuriy Tsibizov wrote: > > My first impression was that there is a bug in gcc compiler on 7-BETA > > and 8-CURRENT (i386 only, and only if optimization is enabled), but it > > seems to be incorrect. Most probably source is stack corruption in > > inet_aton() > > mistyped, it is inet_network() that fails... > > testcase: > > #include > #include > #include > #include > #include > > int main(){ > int val; > char s[]="10.10.0.10.0/12"; // four dots here! > char *q; > > q = strchr(s,'/'); > if (q) { > *q = '\0'; > if ((val = inet_network(s)) != INADDR_NONE) { > printf("OK\n"); > return (0); > } > printf("q= %08x\n", q); > *q = '/'; > } > } > > > (should be built with -O1 or -O2 to expose that bug) This isn't the compiler's fault. It looks like an off-by-one error in BIND 9.4.1 that's clobbering the saved %ebx on the stack. Try this: Index: lib/libc/inet/inet_network.c =================================================================== RCS file: /usr/cvs/src/lib/libc/inet/inet_network.c,v retrieving revision 1.4 diff -u -r1.4 inet_network.c --- lib/libc/inet/inet_network.c 3 Jun 2007 17:20:26 -0000 1.4 +++ lib/libc/inet/inet_network.c 18 Dec 2007 08:50:08 -0000 @@ -83,7 +83,7 @@ if (!digit) return (INADDR_NONE); if (*cp == '.') { - if (pp >= parts + 4 || val > 0xffU) + if (pp >= parts + 3 || val > 0xffU) return (INADDR_NONE); *pp++ = val, cp++; goto again;