From owner-freebsd-current@FreeBSD.ORG  Wed Dec  1 07:07:01 2004
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 9D5B516A4CE
	for <current@freebsd.org>; Wed,  1 Dec 2004 07:07:01 +0000 (GMT)
Received: from dan.emsphone.com (dan.emsphone.com [199.67.51.101])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 50A2B43D49
	for <current@freebsd.org>; Wed,  1 Dec 2004 07:07:01 +0000 (GMT)
	(envelope-from dan@dan.emsphone.com)
Received: (from dan@localhost)
	by dan.emsphone.com (8.13.1/8.13.1) id iB176x33068380;
	Wed, 1 Dec 2004 01:06:59 -0600 (CST)
	(envelope-from dan)
Date: Wed, 1 Dec 2004 01:06:59 -0600
From: Dan Nelson <dnelson@allantgroup.com>
To: "JINMEI Tatuya / ?$B?@L@C#:H" <jinmei@isl.rdc.toshiba.co.jp>
Message-ID: <20041201070659.GU5518@dan.emsphone.com>
References: <y7vis7mppd8.wl@ocean.jinmei.org>
	<MDEHLPKNGKAHNMBLJOLKAEOHACAB.davids@webmaster.com>
	<y7vfz2qpltw.wl@ocean.jinmei.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <y7vfz2qpltw.wl@ocean.jinmei.org>
X-OS: FreeBSD 5.3-STABLE
X-message-flag: Outlook Error
User-Agent: Mutt/1.5.6i
cc: current@freebsd.org
Subject: Re: malloc(0) returns an invalid address
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Dec 2004 07:07:01 -0000

In the last episode (Dec 01), JINMEI Tatuya / ?$B?@L@C#:H said:
> The first call to sysctl sets 'l' to 0, since the list is empty.  Then
> the malloc returns '0x800' as a *valid pointer*.  But in the second
> call to sysctl, kernel rejects this pointer at line 1299 of
> sys/kern/kern_sysctl.c:
> 
> userland_sysctl(struct thread *td, int *name, u_int namelen, void *old,
>     size_t *oldlenp, int inkernel, void *new, size_t newlen, size_t *retval)
> {
> 
> 	(...)
> 
> 	if (old) {
> -->		if (!useracc(old, req.oldlen, VM_PROT_WRITE))
> -->			return (EFAULT);
> 
> and so we'll see

The bug is in useracc, I think.   It should probably return true
immediately if len is zero, since it's okay to read or write zero bytes
from any pointer.  A workaround would be to just skip the sysctl if
there is nothing to read.

-- 
	Dan Nelson
	dnelson@allantgroup.com