Re: lib/46773: librpc segfaults when out of memory

To: lib-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,brehm%gmx.de@localhost
Subject: Re: lib/46773: librpc segfaults when out of memory
From: Matthew Mondor <mm_lists%pulsar-zone.net@localhost>
Date: Tue, 7 Aug 2012 07:45:01 +0000 (UTC)

The following reply was made to PR lib/46773; it has been noted by GNATS.

From: Matthew Mondor <mm_lists%pulsar-zone.net@localhost>
To: gnats-bugs%NetBSD.org@localhost
Cc: 
Subject: Re: lib/46773: librpc segfaults when out of memory
Date: Tue, 7 Aug 2012 03:40:24 -0400

 On Mon,  6 Aug 2012 07:05:00 +0000 (UTC)
 brehm%gmx.de@localhost wrote:
 
 > When system is out of or low on memory, "xdrrec_create" in 
 > "src/lib/libc/rpc/xdrrec_create.c" bails out, prints the warning 
 > "xdrrec_create: out of memory", and leaves xdrs->x_private == NULL.
 > 
 > However, the "makefd_xprt" does not check if "xdrrec_create" was successful 
 > and will segfault in this case (by dereferencing "xdrs->x_private" 
 > unconditionally).
 > 
 > Attached patch adds appropriate checks to "xdrrec_create" callers, so they 
 > also bail out when "xdrrec_create" did.
 
 By looking briefly at the netbsd-6 code, it appears that it also has
 this issue.
 
 Thanks,
 -- 
 Matt

Prev by Date: port-alpha/46776: NetBSD alpha crashes with Delock 81940 multifunction PCI card
Next by Date: Re: kern/40949 (cdce0 does not support suspend/resume)
Previous by Thread: lib/46773: librpc segfaults when out of memory
Next by Thread: Re: port-i386/46036 - ACPI Error: [ECPU] Namespace lookup failure, AE_NOT_FOUND
Indexes:

Home | Main Index | Thread Index | Old Index