NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: kern/47646: Test dev/scsipi/t_cd:noisyeject broken



The following reply was made to PR kern/47646; it has been noted by GNATS.

From: Martin Husemann <martin%duskware.de@localhost>
To: gnats-bugs%NetBSD.org@localhost
Cc: 
Subject: Re: kern/47646: Test dev/scsipi/t_cd:noisyeject broken
Date: Thu, 14 Mar 2013 22:34:33 +0100

 It dies in:
 
 #0  0x00007f7ff74185b2 in mmc_getdiscinfo (periph=0x7f7ff6301f08, 
     mmc_discinfo=0x7f7fffffd0b0)
     at /usr/src/sys/rump/dev/lib/libscsipi/../../../../dev/scsipi/cd.c:3056
 #1  0x00007f7ff741515d in cdioctl (dev=1539, cmd=1081631516, 
     addr=0x7f7fffffd0b0, flag=-2147483648, l=0x7f7ff7b4b000)
     at /usr/src/sys/rump/dev/lib/libscsipi/../../../../dev/scsipi/cd.c:1624
 #2  0x00007f7ff64666d7 in rumpns_bdev_ioctl () from /usr/lib/librump.so.0
 #3  0x00007f7ff70055a1 in rumpns_readdisklabel ()
    from /usr/lib/librumpdev_disk.so.0
 #4  0x00007f7ff741566a in cdgetdisklabel (cd=0x7f7ff6b26300)
     at /usr/src/sys/rump/dev/lib/libscsipi/../../../../dev/scsipi/cd.c:1765
 
 especially:
 
 3051                    fpos = &gc->feature_desc[0];
 3052                    while (pos < features_len - 4) {
 3053                            gcf = (struct scsipi_get_conf_feature *) fpos;
 
 and both pos and features_len seem to be way out of bounds:
 
 (gdb) print features_len
 $1 = 10547445
 (gdb) print pos
 $2 = 1087470
 
 
 Martin
 


Home | Main Index | Thread Index | Old Index