On Dec 15, 2010, at 8:46 AM, 罗钰 wrote: > Hi, all experts: I find a suspect point in function of > sctp_process_a_data_chunk in all FreeBSD branches.for example:Line 1900 of > sctp_indata: (asoc->strmin[strmno].last_sequence_delivered + 1) == > strmseqThis is a logical judgement sentence.last_sequence_delivered is > unsigned short type, strmseq is also.there is a problem: if > last_sequence_delivered equal 0xffff, and the result of > last_sequence_delivered + 1 must be 0x10000, rather than 0x0000, and if > strmseq is also be 0x0, then this judgement will give you wrong value. > so i think put a (uint16_t) before this sentence will be more secure. so how > do you think?like this: > (uint16_t)(asoc->strmin[strmno].last_sequence_delivered + 1) == strmseqThanks > and i hope your response. In head and FreeBSD 8.0 and 8.1 sctp_structs.h contains: struct sctp_stream_in { struct sctp_readhead inqueue; uint16_t stream_no; uint16_t last_sequence_delivered; /* used for re-order */ uint8_t delivery_started; };
Furthermore sctp_process_a_data_chunk() contains: uint16_t strmno, strmseq; So I do not think the problem "is in all branches". Can you be more specific, which version your are talking about? Best regards Michael > > > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org" > _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"