Re: sysctl hacks

2004-08-21 Thread Alfred Perlstein
* Poul-Henning Kamp <[EMAIL PROTECTED]> [040821 13:29] wrote: > In message <[EMAIL PROTECTED]>, Alfred Perlstein writes: > >I'm doing some work that requires that I have a sysctl structure > >be passed around, but inside that structure are several pointers I > >may need to dereference. > > > >Basic

Re: sysctl hacks

2004-08-21 Thread Poul-Henning Kamp
In message <[EMAIL PROTECTED]>, Alfred Perlstein writes: >I'm doing some work that requires that I have a sysctl structure >be passed around, but inside that structure are several pointers I >may need to dereference. > >Basically: > >struct mysysctldata { > (data here) > void *moredata; >

sysctl hacks

2004-08-21 Thread Alfred Perlstein
I'm doing some work that requires that I have a sysctl structure be passed around, but inside that structure are several pointers I may need to dereference. Basically: struct mysysctldata { (data here) void *moredata; size_t morelen; }; What is the proper way of sysctl'ing IN the d

Re: off by one bounds

2004-08-21 Thread Skip Ford
Maxim Konovalov wrote: > On Sat, 21 Aug 2004, 13:19+0400, Maxim Konovalov wrote: > > On Sat, 21 Aug 2004, 05:00-0400, Skip Ford wrote: > > > Maxim Konovalov wrote: > > > > On Fri, 20 Aug 2004, 12:36-0700, Ted Unangst wrote: > > > > > > > > > errors in freebsd 4.10 found by Coverity's analysis. > >

Re: off by one bounds

2004-08-21 Thread Maxim Konovalov
On Sat, 21 Aug 2004, 13:19+0400, Maxim Konovalov wrote: > On Sat, 21 Aug 2004, 05:00-0400, Skip Ford wrote: > > > Maxim Konovalov wrote: > > > On Fri, 20 Aug 2004, 12:36-0700, Ted Unangst wrote: > > > > > >> errors in freebsd 4.10 found by Coverity's analysis. > > > > > >> ip_icmp.c:ip_next_mtu, i

Re: off by one bounds

2004-08-21 Thread Maxim Konovalov
On Sat, 21 Aug 2004, 05:00-0400, Skip Ford wrote: > Maxim Konovalov wrote: > > On Fri, 20 Aug 2004, 12:36-0700, Ted Unangst wrote: > > > >> errors in freebsd 4.10 found by Coverity's analysis. > > > >> ip_icmp.c:ip_next_mtu, i == sizeof, dir >= 0 > > > > If i == sizeof then mtutab[i] == 0 > > If "

Re: off by one bounds

2004-08-21 Thread Skip Ford
Maxim Konovalov wrote: > On Fri, 20 Aug 2004, 12:36-0700, Ted Unangst wrote: > >> errors in freebsd 4.10 found by Coverity's analysis. > >> ip_icmp.c:ip_next_mtu, i == sizeof, dir >= 0 > > If i == sizeof then mtutab[i] == 0 If "i == sizeof" then mtutab[i] is out of bounds, off by one. There is

Re: off by one bounds

2004-08-21 Thread Maxim Konovalov
Hi Ted, On Fri, 20 Aug 2004, 12:36-0700, Ted Unangst wrote: > errors in freebsd 4.10 found by Coverity's analysis. [...] > ip_icmp.c:ip_next_mtu, i == sizeof, dir >= 0 This one is not a bug really. If i == sizeof then mtutab[i] == 0 and we return 0 at the line 818. Or I miss something? -- M

Re: use after free bugs

2004-08-21 Thread Julian Elischer
Ted Unangst wrote: these are results from running Coverity's analysis over Freebsd 4.10 kernel. two improper loops: if_ef.c:566 and atapi-all.c ng_socket.c: possible double free of resp 815 and 870, depending on caller context. is this possible? I'm not seeing it.. Can you show the lines in t