From owner-freebsd-bugs Sun Dec 8 22:18:46 1996 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id WAA07275 for bugs-outgoing; Sun, 8 Dec 1996 22:18:46 -0800 (PST) Received: from precipice.shockwave.com (ppp-206-170-5-166.rdcy01.pacbell.net [206.170.5.166]) by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id WAA07269; Sun, 8 Dec 1996 22:18:36 -0800 (PST) Received: from shockwave.com (localhost.shockwave.com [127.0.0.1]) by precipice.shockwave.com (8.8.4/8.7.3) with ESMTP id WAA29356; Sun, 8 Dec 1996 22:18:31 -0800 (PST) Message-Id: <199612090618.WAA29356@precipice.shockwave.com> To: FreeBSD-gnats@freefall.freebsd.org, freebsd-bugs@freefall.freebsd.org Subject: Re: misc/2177: sysinstall via ppp fails In-reply-to: Your message of "Sun, 08 Dec 1996 16:30:03 PST." <199612090030.QAA03120@freefall.freebsd.org> Date: Sun, 08 Dec 1996 22:18:31 -0800 From: Paul Traina Sender: owner-bugs@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk I did some more debugging on this problem. It appears to occur when you're using a user-supplied URL and running with ppp. The memory pointed to by cp (in mediaSetFTP) is being corrupted by something in startPPP. It /appears/ to be the provider string (requested in "Enter the IP address of your service provider"). This is being copied into a 16 byte chunk of stack, and the value really shouldn't be more than 16 bytes, but that's a pretty obnoxious thing to be doing. You will get stack corruption there, however *I* was only entering "0" or the IP address of the remote side during my tests. The memory pointed to by cp (or cp itself, but that is less likely) is getting corrupted sometime after the strcpy(ftpDevice.name, cp) and before hostname = cp + 6) in mediaSetFTP(). The interesting tidbit is that pre-compiled URLs (in menus.c) are not getting corrupted, so I worked around this by hacking in my URL that way (ick).