Subject: Re: kern/34751: regular panics in tcp_sack_option on NetBSD/alpha 3.0_STABLE
To: None <kern-bug-people@netbsd.org, gnats-admin@netbsd.org,>
From: Izumi Tsutsui <tsutsui@ceres.dti.ne.jp>
List: netbsd-bugs
Date: 10/09/2006 04:00:05
The following reply was made to PR kern/34751; it has been noted by GNATS.
From: Izumi Tsutsui <tsutsui@ceres.dti.ne.jp>
To: christianbiere@gmx.de
Cc: netbsd-bugs@NetBSD.org, gnats-bugs@NetBSD.org,
tsutsui@ceres.dti.ne.jp
Subject: Re: kern/34751: regular panics in tcp_sack_option on NetBSD/alpha 3.0_STABLE
Date: Mon, 9 Oct 2006 12:57:13 +0900
I guess christos missed that your private function also include
ntohl() function but providing a right patch (just based on mouse's)
is more worth than confirming yours anyway.
---
Izumi Tsutsui
Index: tcp_sack.c
===================================================================
RCS file: /cvsroot/src/sys/netinet/tcp_sack.c,v
retrieving revision 1.19
diff -u -r1.19 tcp_sack.c
--- tcp_sack.c 7 Oct 2006 20:16:04 -0000 1.19
+++ tcp_sack.c 9 Oct 2006 02:34:45 -0000
@@ -243,7 +243,7 @@
struct sackblk *sack = NULL;
struct sackhole *cur = NULL;
struct sackhole *tmp = NULL;
- u_int32_t *lp = (u_int32_t *) (cp + 2);
+ char *lp = cp + 2;
int i, j, num_sack_blks;
tcp_seq left, right, acked;
@@ -276,9 +276,9 @@
*/
num_sack_blks = optlen / 8;
acked = (SEQ_GT(th->th_ack, tp->snd_una)) ? th->th_ack : tp->snd_una;
- for (i = 0; i < num_sack_blks; i++, lp += 2) {
- memcpy(&left, lp, sizeof(*lp));
- memcpy(&right, lp + 1, sizeof(*lp));
+ for (i = 0; i < num_sack_blks; i++, lp += sizeof(uint32_t) * 2) {
+ memcpy(&left, lp, sizeof(uint32_t));
+ memcpy(&right, lp + sizeof(uint32_t), sizeof(uint32_t));
left = ntohl(left);
right = ntohl(right);
---