Re: kern/43185: bpf_validate() uses BPF_RVAL() when it should use BPF_SRC()

[Guy Harris <guy%alum.mit.edu@localhost>]

The following reply was made to PR kern/43185; it has been noted by GNATS.

From: Guy Harris <guy%alum.mit.edu@localhost>
To: gnats-bugs%netbsd.org@localhost
Cc: kern-bug-people%netbsd.org@localhost, gnats-admin%netbsd.org@localhost, 
netbsd-bugs%netbsd.org@localhost
Subject: Re: kern/43185: bpf_validate() uses BPF_RVAL() when it should use 
BPF_SRC()
Date: Wed, 21 Apr 2010 02:12:12 -0700

 On Apr 21, 2010, at 1:45 AM, Martin Husemann wrote:
 
 > The following reply was made to PR kern/43185; it has been noted by =
 GNATS.
 >=20
 > From: Martin Husemann <martin%duskware.de@localhost>
 > To: gnats-bugs%NetBSD.org@localhost
 > Cc:=20
 > Subject: Re: kern/43185: bpf_validate() uses BPF_RVAL() when it should =
 use BPF_SRC()
 > Date: Wed, 21 Apr 2010 10:41:31 +0200
 >=20
 > Yeah, that looks correct. Do you happen to have a test case =
 demonstrating
 > the failure?
 
 I don't have a NetBSD VM on which to try this, and I'm not sure why I'm =
 not getting a crash on my OpenBSD 4.2 VM (OpenBSD has the same bug), but =
 a live tcpdump capture with a filter of "link[0:4]/0 =3D 2" *should* get =
 the filter rejected:
 
 (000) ld       [0]
 (001) div      #0
 (002) jeq      #0x2             jt 3    jf 4
 (003) ret      #65535
 (004) ret      #0
 
 but it doesn't (at least not on OpenBSD 4.2 - the NetBSD bpf_validate() =
 has the same code).=