NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

port-macppc/50228: bzero with zero length crashes

>Number:         50228
>Category:       port-macppc
>Synopsis:       bzero with zero length crashes
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    port-macppc-maintainer
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Sep 10 21:15:00 +0000 2015
>Originator:     Christian Groessler
>Release:        NetBSD 7.99.21
System: NetBSD muc-twinppc 7.99.21 NetBSD 7.99.21 (TWINPPC.MP) #0: Thu Sep 10 07:31:03 CEST 2015 chris@muc-twinppc:/local/netbsd-src/obj/sys/arch/macppc/compile/TWINPPC.MP macppc
Architecture: powerpc
Machine: macppc
	bzero(buffer, 0) zeroes out everything from <buffer> to 0xffffefff, then it crashes.
	Here's a test program:

$ cat test.c 
#include <stdio.h>
#include <stdlib.h>
#include <strings.h>

extern int ret0(void);

int main(void)
        char *x;
        int len = ret0();

        x = alloca(0);
        printf("x: %p\n", x);

        bzero(x, len);


        return 0;
$ cat test1.c 
int ret0(void) { return 0; }

$ gcc -o t test.c test1.c 
$ ./t 
x: 0xffffdc78
Segmentation fault (core dumped)

bzero(xxx, 0) is optimized away by the compiler, therefore the length comes from the test1.c file. 


Home | Main Index | Thread Index | Old Index