Date: Wed, 20 Mar 2002 16:13:11 +0000 From: Ian Dowse <iedowse@maths.tcd.ie> To: Eugene Grosbein <eugen@grosbein.pp.ru> Cc: Matthew Dillon <dillon@apollo.backplane.com>, FreeBSD-gnats-submit@FreeBSD.ORG, freebsd-bugs@FreeBSD.ORG, Kirk McKusick <mckusick@mckusick.com> Subject: Re: kern/35969: kernel option PPP_DEFLATE often procudes kernel panics; PPP_BSDCOMP sometimes procudes stalled connections Message-ID: <200203201613.aa16423@salmon.maths.tcd.ie> In-Reply-To: Your message of "Wed, 20 Mar 2002 21:35:03 %2B0700." <20020320213503.A344@grosbein.pp.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <20020320213503.A344@grosbein.pp.ru>, Eugene Grosbein writes: >It seems, that commit affected src/lib/libz/infblock.c >and it's possible it still contatins the bug that is fixed now in the kernel. Yes, I had seen the libc/libz code too. At first glance it appears to have a similar problem: >@@ -329,6 +334,7 @@ > } > s->sub.decode.codes = c; > } >+ ZFREE(z, s->sub.trees.blens); > s->mode = CODES; > case CODES: > UPDATE However the structure of struct inflate_blocks_state is different in libz, so it is mostly safe because decode.codes and trees.blens are unlikely to overlap on most platforms: union { uInt left; /* if STORED, bytes left to copy */ struct { uInt table; /* table lengths (14 bits) */ uInt index; /* index into blens (or border) */ uIntf *blens; /* bit lengths of codes */ uInt bb; /* bit length tree depth */ inflate_huft *tb; /* bit length decoding tree */ } trees; /* if DTREE, decoding info for trees */ struct { inflate_codes_statef *codes; } decode; /* if CODES, current state */ } sub; /* submode */ The patch applied to libc/libz seems to match exactly what appeared in the official zlib 1.1.4 release, but it is still very dodgy programming by the zlib people... Ian To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200203201613.aa16423>