From owner-freebsd-hackers@FreeBSD.ORG  Tue Aug 14 19:49:53 2007
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 687AE16A419
	for <freebsd-hackers@freebsd.org>; Tue, 14 Aug 2007 19:49:53 +0000 (UTC)
	(envelope-from davej@codemonkey.org.uk)
Received: from mx1.redhat.com (mx1.redhat.com [66.187.233.31])
	by mx1.freebsd.org (Postfix) with ESMTP id 32BB013C4B5
	for <freebsd-hackers@freebsd.org>; Tue, 14 Aug 2007 19:49:53 +0000 (UTC)
	(envelope-from davej@codemonkey.org.uk)
Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com
	[172.16.52.254])
	by mx1.redhat.com (8.13.1/8.13.1) with ESMTP id l7EJnq4x017134
	for <freebsd-hackers@freebsd.org>; Tue, 14 Aug 2007 15:49:52 -0400
Received: from gelk.kernelslacker.org (vpn-248-3.boston.redhat.com
	[10.13.248.3])
	by int-mx1.corp.redhat.com (8.13.1/8.13.1) with ESMTP id l7EJnpDF012374
	for <freebsd-hackers@freebsd.org>; Tue, 14 Aug 2007 15:49:51 -0400
Received: from gelk.kernelslacker.org (localhost.localdomain [127.0.0.1])
	by gelk.kernelslacker.org (8.14.1/8.13.8) with ESMTP id l7EJnpPR009807
	for <freebsd-hackers@freebsd.org>; Tue, 14 Aug 2007 15:49:51 -0400
Received: (from davej@localhost)
	by gelk.kernelslacker.org (8.14.1/8.14.1/Submit) id l7EJnoLe009806
	for freebsd-hackers@freebsd.org; Tue, 14 Aug 2007 15:49:50 -0400
X-Authentication-Warning: gelk.kernelslacker.org: davej set sender to
	davej@codemonkey.org.uk using -f
Date: Tue, 14 Aug 2007 15:49:50 -0400
From: Dave Jones <davej@codemonkey.org.uk>
To: freebsd-hackers@freebsd.org
Message-ID: <20070814194950.GA19943@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.14 (2007-02-12)
X-Mailman-Approved-At: Tue, 14 Aug 2007 20:09:59 +0000
Subject: memset bugs.
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Aug 2007 19:49:53 -0000

A grep I crafted to pick up on some common bugs happened upon
a copy of the FreeBSD CVS tree that I happened to have handy
and found the bugs below where the 2nd & 3rd arguments to
memset calls have been swapped.

I'm unfamiliar with how patch submission works in FreeBSD,
but hopefully someone can eyeball this for correctness
and get it committed, or forward it on to the right people.

Thanks,

	Dave

--- src/sys/netinet/sctp_output.c~	2007-08-14 15:44:11.000000000 -0400
+++ src/sys/netinet/sctp_output.c	2007-08-14 15:44:27.000000000 -0400
@@ -6331,7 +6331,7 @@ out_gu:
 		rcv_flags |= SCTP_DATA_UNORDERED;
 	}
 	/* clear out the chunk before setting up */
-	memset(chk, sizeof(*chk), 0);
+	memset(chk, 0, sizeof(*chk));
 	chk->rec.data.rcv_flags = rcv_flags;
 	if (SCTP_BUF_IS_EXTENDED(sp->data)) {
 		chk->copy_by_ref = 1;
--- src/usr.sbin/nscd/agents/services.c~	2007-08-14 15:44:33.000000000 -0400
+++ src/usr.sbin/nscd/agents/services.c	2007-08-14 15:44:41.000000000 -0400
@@ -171,7 +171,7 @@ services_lookup_func(const char *key, si
 		if (size > 0) {
 			proto = (char *)malloc(size + 1);
 			assert(proto != NULL);
-			memset(proto, size + 1, 0);
+			memset(proto, 0, size + 1);
 			memcpy(proto, key + sizeof(enum nss_lookup_type) +
 				sizeof(int), size);
 		}
--- src/usr.sbin/cached/agents/services.c~	2007-08-14 15:44:45.000000000 -0400
+++ src/usr.sbin/cached/agents/services.c	2007-08-14 15:44:52.000000000 -0400
@@ -171,7 +171,7 @@ services_lookup_func(const char *key, si
 		if (size > 0) {
 			proto = (char *)malloc(size + 1);
 			assert(proto != NULL);
-			memset(proto, size + 1, 0);
+			memset(proto, 0, size + 1);
 			memcpy(proto, key + sizeof(enum nss_lookup_type) +
 				sizeof(int), size);
 		}
--- src/contrib/gdb/gdb/std-regs.c~	2007-08-14 15:44:56.000000000 -0400
+++ src/contrib/gdb/gdb/std-regs.c	2007-08-14 15:45:22.000000000 -0400
@@ -61,7 +61,7 @@ value_of_builtin_frame_reg (struct frame
   val = allocate_value (builtin_type_frame_reg);
   VALUE_LVAL (val) = not_lval;
   buf = VALUE_CONTENTS_RAW (val);
-  memset (buf, TYPE_LENGTH (VALUE_TYPE (val)), 0);
+  memset (buf, 0, TYPE_LENGTH (VALUE_TYPE (val)));
   /* frame.base.  */
   if (frame != NULL)
     ADDRESS_TO_POINTER (builtin_type_void_data_ptr, buf,
@@ -87,7 +87,7 @@ value_of_builtin_frame_fp_reg (struct fr
       struct value *val = allocate_value (builtin_type_void_data_ptr);
       char *buf = VALUE_CONTENTS_RAW (val);
       if (frame == NULL)
-	memset (buf, TYPE_LENGTH (VALUE_TYPE (val)), 0);
+	memset (buf, 0, TYPE_LENGTH (VALUE_TYPE (val)));
       else
 	ADDRESS_TO_POINTER (builtin_type_void_data_ptr, buf,
 			    get_frame_base_address (frame));
@@ -105,7 +105,7 @@ value_of_builtin_frame_pc_reg (struct fr
       struct value *val = allocate_value (builtin_type_void_data_ptr);
       char *buf = VALUE_CONTENTS_RAW (val);
       if (frame == NULL)
-	memset (buf, TYPE_LENGTH (VALUE_TYPE (val)), 0);
+	memset (buf, 0, TYPE_LENGTH (VALUE_TYPE (val)));
       else
 	ADDRESS_TO_POINTER (builtin_type_void_data_ptr, buf,
 			    get_frame_pc (frame));
--- src/contrib/gdb/gdb/remote.c~	2007-08-14 15:45:25.000000000 -0400
+++ src/contrib/gdb/gdb/remote.c	2007-08-14 15:45:37.000000000 -0400
@@ -3463,7 +3463,7 @@ remote_store_registers (int regnum)
   {
     int i;
     regs = alloca (rs->sizeof_g_packet);
-    memset (regs, rs->sizeof_g_packet, 0);
+    memset (regs, 0, rs->sizeof_g_packet);
     for (i = 0; i < NUM_REGS + NUM_PSEUDO_REGS; i++)
       {
 	struct packet_reg *r = &rs->regs[i];

-- 
http://www.codemonkey.org.uk