From owner-freebsd-hackers  Thu Jun  4 11:20:54 1998
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id LAA29898
          for freebsd-hackers-outgoing; Thu, 4 Jun 1998 11:20:54 -0700 (PDT)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from smtp04.primenet.com (daemon@smtp04.primenet.com [206.165.6.134])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA29861
          for <freebsd-hackers@FreeBSD.ORG>; Thu, 4 Jun 1998 11:20:27 -0700 (PDT)
          (envelope-from tlambert@usr05.primenet.com)
Received: (from daemon@localhost)
	by smtp04.primenet.com (8.8.8/8.8.8) id LAA18869;
	Thu, 4 Jun 1998 11:20:17 -0700 (MST)
Received: from usr05.primenet.com(206.165.6.205)
 via SMTP by smtp04.primenet.com, id smtpd018848; Thu Jun  4 11:20:12 1998
Received: (from tlambert@localhost)
	by usr05.primenet.com (8.8.5/8.8.5) id LAA02386;
	Thu, 4 Jun 1998 11:20:04 -0700 (MST)
From: Terry Lambert <tlambert@primenet.com>
Message-Id: <199806041820.LAA02386@usr05.primenet.com>
Subject: Re: Code Logic Question in 2.2 RELENG
To: dk+@ua.net
Date: Thu, 4 Jun 1998 18:20:04 +0000 (GMT)
Cc: barry@Lustig.COM, freebsd-hackers@FreeBSD.ORG, serge@yahoo.com
In-Reply-To: <199806040614.XAA11387@dog.farm.org> from "Dmitry Kohmanyuk" at Jun 3, 98 11:14:29 pm
X-Mailer: ELM [version 2.4 PL25]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> >                 switch (select(_rpc_dtablesize(), &readfds, NULL, NULL,
> >                                (struct timeval *)0)) {

This code is wrong.  You are not permitted to pass an initial value to
select which is larger than sizeof(readfds).

This is the same coding error that LDAP and ACAP had, except that
they were explicitly calling getdtablesize(2) or using the sysconf
return for _SC_OPEN_MAX.

Both of these are, of course, bogus as hell, and will result in you
accessing memory off the stack (unless you define FD_SETSIZE very
large before including sys/types.h).  Some of this memory will have
non-zero bits in it, and some of those bits will, when dereferenced
into kernel address space, appear to have data pending and/or will
appear to be attempts to select on bad file descriptors.


> what bothers me here is how come that select() returns -1 and yet
> errno != EINTR.  According to man page, it should be then one of
> EBADF or EINVAL, none of which can occur...


One thing that would help is if you were to tell us what *is*
returned, rather than what is *not*.  8-).


					Terry Lambert
					terry@lambert.org
---
Any opinions in this posting are my own and not those of my present
or previous employers.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message