On Thu, Aug 30, 2018 at 6:00 PM Kristof Provost <k...@freebsd.org> wrote:
> On 14 Aug 2018, at 19:17, Jonathan T. Looney wrote: > > + uint32_t hash, hashkey[sizeof(struct in6_addr) * 2 + 1], *hashkeyp; > > I’m pretty sure you didn’t mean for the hashkey to be 1028 bytes long. > Yikes. Yep, that's a bug. I originally spelled this as 9; however, decided to rewrite it to avoid "magic numbers". It made it through all my manual testing; but, that makes sense since all my positive functional tests were on an unloaded machine, so the extra stack garbage would be more likely to be consistent. > I’ve done this, which fixes the problem: > > diff --git a/sys/netinet6/frag6.c b/sys/netinet6/frag6.c > index 0f30801540a..e1f2b3f5842 100644 > --- a/sys/netinet6/frag6.c > +++ b/sys/netinet6/frag6.c > @@ -218,7 +218,9 @@ frag6_input(struct mbuf **mp, int *offp, int proto) > int offset = *offp, nxt, i, next; > int first_frag = 0; > int fragoff, frgpartlen; /* must be larger than u_int16_t */ > - uint32_t hash, hashkey[sizeof(struct in6_addr) * 2 + 1], *hashkeyp; > + uint32_t hashkey[(sizeof(struct in6_addr) * 2 + sizeof(u_int32_t)) / > + sizeof(uint32_t)]; > + uint32_t hash, *hashkeyp; > struct ifnet *dstifp; > u_int8_t ecn, ecn0; > #ifdef RSS > > That looks fine to me, either with or without the followup suggestion of using sizeof(ip6f->ip6f_ident). Feel free to commit this change (after appropriate re@ approval). Or, let me know if you prefer I do it. Either way, I'll wear the pointy hat (sadly, I suspect it is neither the first nor last I will earn). Jonathan _______________________________________________ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
