Date: Tue, 14 Aug 2007 15:49:50 -0400 From: Dave Jones <davej@codemonkey.org.uk> To: freebsd-hackers@freebsd.org Subject: memset bugs. Message-ID: <20070814194950.GA19943@redhat.com>
next in thread | raw e-mail | index | archive | help
A grep I crafted to pick up on some common bugs happened upon
a copy of the FreeBSD CVS tree that I happened to have handy
and found the bugs below where the 2nd & 3rd arguments to
memset calls have been swapped.
I'm unfamiliar with how patch submission works in FreeBSD,
but hopefully someone can eyeball this for correctness
and get it committed, or forward it on to the right people.
Thanks,
Dave
--- src/sys/netinet/sctp_output.c~ 2007-08-14 15:44:11.000000000 -0400
+++ src/sys/netinet/sctp_output.c 2007-08-14 15:44:27.000000000 -0400
@@ -6331,7 +6331,7 @@ out_gu:
rcv_flags |= SCTP_DATA_UNORDERED;
}
/* clear out the chunk before setting up */
- memset(chk, sizeof(*chk), 0);
+ memset(chk, 0, sizeof(*chk));
chk->rec.data.rcv_flags = rcv_flags;
if (SCTP_BUF_IS_EXTENDED(sp->data)) {
chk->copy_by_ref = 1;
--- src/usr.sbin/nscd/agents/services.c~ 2007-08-14 15:44:33.000000000 -0400
+++ src/usr.sbin/nscd/agents/services.c 2007-08-14 15:44:41.000000000 -0400
@@ -171,7 +171,7 @@ services_lookup_func(const char *key, si
if (size > 0) {
proto = (char *)malloc(size + 1);
assert(proto != NULL);
- memset(proto, size + 1, 0);
+ memset(proto, 0, size + 1);
memcpy(proto, key + sizeof(enum nss_lookup_type) +
sizeof(int), size);
}
--- src/usr.sbin/cached/agents/services.c~ 2007-08-14 15:44:45.000000000 -0400
+++ src/usr.sbin/cached/agents/services.c 2007-08-14 15:44:52.000000000 -0400
@@ -171,7 +171,7 @@ services_lookup_func(const char *key, si
if (size > 0) {
proto = (char *)malloc(size + 1);
assert(proto != NULL);
- memset(proto, size + 1, 0);
+ memset(proto, 0, size + 1);
memcpy(proto, key + sizeof(enum nss_lookup_type) +
sizeof(int), size);
}
--- src/contrib/gdb/gdb/std-regs.c~ 2007-08-14 15:44:56.000000000 -0400
+++ src/contrib/gdb/gdb/std-regs.c 2007-08-14 15:45:22.000000000 -0400
@@ -61,7 +61,7 @@ value_of_builtin_frame_reg (struct frame
val = allocate_value (builtin_type_frame_reg);
VALUE_LVAL (val) = not_lval;
buf = VALUE_CONTENTS_RAW (val);
- memset (buf, TYPE_LENGTH (VALUE_TYPE (val)), 0);
+ memset (buf, 0, TYPE_LENGTH (VALUE_TYPE (val)));
/* frame.base. */
if (frame != NULL)
ADDRESS_TO_POINTER (builtin_type_void_data_ptr, buf,
@@ -87,7 +87,7 @@ value_of_builtin_frame_fp_reg (struct fr
struct value *val = allocate_value (builtin_type_void_data_ptr);
char *buf = VALUE_CONTENTS_RAW (val);
if (frame == NULL)
- memset (buf, TYPE_LENGTH (VALUE_TYPE (val)), 0);
+ memset (buf, 0, TYPE_LENGTH (VALUE_TYPE (val)));
else
ADDRESS_TO_POINTER (builtin_type_void_data_ptr, buf,
get_frame_base_address (frame));
@@ -105,7 +105,7 @@ value_of_builtin_frame_pc_reg (struct fr
struct value *val = allocate_value (builtin_type_void_data_ptr);
char *buf = VALUE_CONTENTS_RAW (val);
if (frame == NULL)
- memset (buf, TYPE_LENGTH (VALUE_TYPE (val)), 0);
+ memset (buf, 0, TYPE_LENGTH (VALUE_TYPE (val)));
else
ADDRESS_TO_POINTER (builtin_type_void_data_ptr, buf,
get_frame_pc (frame));
--- src/contrib/gdb/gdb/remote.c~ 2007-08-14 15:45:25.000000000 -0400
+++ src/contrib/gdb/gdb/remote.c 2007-08-14 15:45:37.000000000 -0400
@@ -3463,7 +3463,7 @@ remote_store_registers (int regnum)
{
int i;
regs = alloca (rs->sizeof_g_packet);
- memset (regs, rs->sizeof_g_packet, 0);
+ memset (regs, 0, rs->sizeof_g_packet);
for (i = 0; i < NUM_REGS + NUM_PSEUDO_REGS; i++)
{
struct packet_reg *r = &rs->regs[i];
--
http://www.codemonkey.org.uk
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070814194950.GA19943>