Subject: Re: kern/34751: regular panics in tcp_sack_option on NetBSD/alpha 3.0_STABLE
To: None <christianbiere@gmx.de>
From: Izumi Tsutsui <tsutsui@ceres.dti.ne.jp>
List: netbsd-bugs
Date: 10/09/2006 12:57:13
I guess christos missed that your private function also include
ntohl() function but providing a right patch (just based on mouse's)
is more worth than confirming yours anyway.
---
Izumi Tsutsui


Index: tcp_sack.c
===================================================================
RCS file: /cvsroot/src/sys/netinet/tcp_sack.c,v
retrieving revision 1.19
diff -u -r1.19 tcp_sack.c
--- tcp_sack.c	7 Oct 2006 20:16:04 -0000	1.19
+++ tcp_sack.c	9 Oct 2006 02:34:45 -0000
@@ -243,7 +243,7 @@
 	struct sackblk *sack = NULL;
 	struct sackhole *cur = NULL;
 	struct sackhole *tmp = NULL;
-	u_int32_t *lp = (u_int32_t *) (cp + 2);
+	char *lp = cp + 2;
 	int i, j, num_sack_blks;
 	tcp_seq left, right, acked;
 
@@ -276,9 +276,9 @@
 	 */
 	num_sack_blks = optlen / 8;
 	acked = (SEQ_GT(th->th_ack, tp->snd_una)) ? th->th_ack : tp->snd_una;
-	for (i = 0; i < num_sack_blks; i++, lp += 2) {
-		memcpy(&left, lp, sizeof(*lp));
-		memcpy(&right, lp + 1, sizeof(*lp));
+	for (i = 0; i < num_sack_blks; i++, lp += sizeof(uint32_t) * 2) {
+		memcpy(&left, lp, sizeof(uint32_t));
+		memcpy(&right, lp + sizeof(uint32_t), sizeof(uint32_t));
 		left = ntohl(left);
 		right = ntohl(right);
 

---