pkgsrc-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: pkg/50995: sigsegv in recv()
On Thu, Mar 31, 2016 at 05:00:01AM +0000, David Holland wrote:
> The following reply was made to PR pkg/50995; it has been noted by GNATS.
>
> From: David Holland <dholland-pbugs%netbsd.org@localhost>
> To: gnats-bugs%NetBSD.org@localhost
> Cc:
> Subject: Re: pkg/50995: sigsegv in recv()
> Date: Thu, 31 Mar 2016 04:56:35 +0000
>
> On Wed, Mar 30, 2016 at 04:15:00PM +0000, Patrick Welche wrote:
> > > (gdb) print this
> > > $7 = (BaseSocket * const) 0x7f7f00000001
> > >
> > > isn't == 0x7f7fffffd320, I don't know...
> > >
> > > > | #0 BaseSocket::readFromSocket (this=0x7f7f00000001,
> > > > | this@entry=0x7f7fffffd320, buff=buff@entry=0x7f7fffffd25e "",
> >
> > Note that @entry *this is the expected 0x7f7fffffd320, and all that
> > happens of note is a call to select() and the recv() mentioned above.
>
> Wild speculation: is the number-of-fds argument to select larger than
> FD_SETSIZE?
Good point! The fd handling in general in dansguardian is a mess...
Looking at the coredump:
fd.sck = 256
fd_set fdSet;
FD_ZERO(&fdSet); // clear the set
FD_SET(sck, &fdSet); // add fd to the set
timeval t; // timeval struct
t.tv_sec = 0;
t.tv_usec = 0;
if (selectEINTR(sck + 1, &fdSet, NULL, NULL, &t) < 1) {
return false;
}
so the number-of-fds argument is 257
src/sys/sys/fd_set.h:
/*
* Select uses bit fields of file descriptors. These macros manipulate
* such bit fields. Note: FD_SETSIZE may be defined by the user.
*/
#ifndef FD_SETSIZE
#define FD_SETSIZE 256
#endif
so you have a hole in one! (I don't see FD_SETSIZE defined by the user...)
(How can this trash the stack?)
Home |
Main Index |
Thread Index |
Old Index