Re: pkg/50995: sigsegv in recv()

To: pkg-manager%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,pkgsrc-bugs%netbsd.org@localhost,prlw1%cam.ac.uk@localhost
Subject: Re: pkg/50995: sigsegv in recv()
From: Patrick Welche <prlw1%cam.ac.uk@localhost>
Date: Fri, 1 Apr 2016 08:20:01 +0000 (UTC)

The following reply was made to PR pkg/50995; it has been noted by GNATS.

From: Patrick Welche <prlw1%cam.ac.uk@localhost>
To: gnats-bugs%NetBSD.org@localhost
Cc: pkg-manager%netbsd.org@localhost, gnats-admin%netbsd.org@localhost, pkgsrc-bugs%netbsd.org@localhost
Subject: Re: pkg/50995: sigsegv in recv()
Date: Fri, 1 Apr 2016 09:19:40 +0100

 On Thu, Mar 31, 2016 at 05:00:01AM +0000, David Holland wrote:
 > The following reply was made to PR pkg/50995; it has been noted by GNATS.
 > 
 > From: David Holland <dholland-pbugs%netbsd.org@localhost>
 > To: gnats-bugs%NetBSD.org@localhost
 > Cc: 
 > Subject: Re: pkg/50995: sigsegv in recv()
 > Date: Thu, 31 Mar 2016 04:56:35 +0000
 > 
 >  On Wed, Mar 30, 2016 at 04:15:00PM +0000, Patrick Welche wrote:
 >   >  > (gdb) print this
 >   >  > $7 = (BaseSocket * const) 0x7f7f00000001
 >   >  > 
 >   >  > isn't == 0x7f7fffffd320, I don't know...
 >   >  > 
 >   >  > > | #0  BaseSocket::readFromSocket (this=0x7f7f00000001, 
 >   >  > > |     this@entry=0x7f7fffffd320, buff=buff@entry=0x7f7fffffd25e "", 
 >   >  
 >   >  Note that @entry *this is the expected 0x7f7fffffd320, and all that
 >   >  happens of note is a call to select() and the recv() mentioned above.
 >  
 >  Wild speculation: is the number-of-fds argument to select larger than
 >  FD_SETSIZE?
 
 Good point! The fd handling in general in dansguardian is a mess...
 
 Looking at the coredump:
 
 fd.sck = 256
 
         fd_set fdSet;
         FD_ZERO(&fdSet);  // clear the set
         FD_SET(sck, &fdSet);  // add fd to the set
         timeval t;  // timeval struct
         t.tv_sec = 0;
         t.tv_usec = 0;  
 
         if (selectEINTR(sck + 1, &fdSet, NULL, NULL, &t) < 1) {
                 return false;
         }
 
 so the number-of-fds argument is 257
 
 src/sys/sys/fd_set.h:
 
 /*
  * Select uses bit fields of file descriptors.  These macros manipulate
  * such bit fields.  Note: FD_SETSIZE may be defined by the user.
  */
 
 #ifndef FD_SETSIZE
 #define FD_SETSIZE      256
 #endif
 
 so you have a hole in one! (I don't see FD_SETSIZE defined by the user...)
 
 (How can this trash the stack?)

Prev by Date: Re: pkg/50995: sigsegv in recv()
Next by Date: Re: pkg/50995: sigsegv in recv()
Previous by Thread: Re: pkg/50995: sigsegv in recv()
Next by Thread: Re: pkg/50995: sigsegv in recv()
Indexes:

Home | Main Index | Thread Index | Old Index