FreeBSD Bugzilla – Attachment 141646 Details for
Bug 188510
rtadvd(8): "rtadvctl show" crashes on BeagleBone Black due to unaligned access
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
file.diff
file.diff (text/plain), 2.98 KB, created by
guyyur
on 2014-04-12 14:10:01 UTC
(
hide
)
Description:
file.diff
Filename:
MIME Type:
Creator:
guyyur
Created:
2014-04-12 14:10:01 UTC
Size:
2.98 KB
patch
obsolete
>Index: usr.sbin/rtadvd/control.c >=================================================================== >--- usr.sbin/rtadvd/control.c (revision 264366) >+++ usr.sbin/rtadvd/control.c (working copy) >@@ -343,7 +343,10 @@ struct ctrl_msg_pl * > cm_bin2pl(char *str, struct ctrl_msg_pl *cp) > { > size_t len; >- size_t *lenp; >+ struct unaligned_len { >+ size_t len; >+ } __packed; >+ struct unaligned_len *lenp; > char *p; > > memset(cp, 0, sizeof(*cp)); >@@ -350,9 +353,9 @@ cm_bin2pl(char *str, struct ctrl_msg_pl *cp) > > p = str; > >- lenp = (size_t *)p; >- len = *lenp++; >- p = (char *)lenp; >+ lenp = (struct unaligned_len *)p; >+ len = lenp->len; >+ p = (char *)(lenp + 1); > syslog(LOG_DEBUG, "<%s> len(ifname) = %zu", __func__, len); > if (len > 0) { > cp->cp_ifname = malloc(len + 1); >@@ -365,9 +368,9 @@ cm_bin2pl(char *str, struct ctrl_msg_pl *cp) > p += len; > } > >- lenp = (size_t *)p; >- len = *lenp++; >- p = (char *)lenp; >+ lenp = (struct unaligned_len *)p; >+ len = lenp->len; >+ p = (char *)(lenp + 1); > syslog(LOG_DEBUG, "<%s> len(key) = %zu", __func__, len); > if (len > 0) { > cp->cp_key = malloc(len + 1); >@@ -380,9 +383,9 @@ cm_bin2pl(char *str, struct ctrl_msg_pl *cp) > p += len; > } > >- lenp = (size_t *)p; >- len = *lenp++; >- p = (char *)lenp; >+ lenp = (struct unaligned_len *)p; >+ len = lenp->len; >+ p = (char *)(lenp + 1); > syslog(LOG_DEBUG, "<%s> len(val) = %zu", __func__, len); > if (len > 0) { > cp->cp_val = malloc(len + 1); >@@ -403,7 +406,10 @@ size_t > cm_pl2bin(char *str, struct ctrl_msg_pl *cp) > { > size_t len; >- size_t *lenp; >+ struct unaligned_len { >+ size_t len; >+ } __packed; >+ struct unaligned_len *lenp; > char *p; > struct ctrl_msg_hdr *cm; > >@@ -425,38 +431,38 @@ cm_pl2bin(char *str, struct ctrl_msg_pl *cp) > syslog(LOG_DEBUG, "<%s> msglen=%zu", __func__, len); > memset(str, 0, len); > p = str; >- lenp = (size_t *)p; >- >+ lenp = (struct unaligned_len *)p; >+ > if (cp->cp_ifname != NULL) { >- *lenp++ = strlen(cp->cp_ifname); >- p = (char *)lenp; >+ lenp->len = strlen(cp->cp_ifname); >+ p = (char *)(lenp + 1); > memcpy(p, cp->cp_ifname, strlen(cp->cp_ifname)); > p += strlen(cp->cp_ifname); > } else { >- *lenp++ = '\0'; >- p = (char *)lenp; >+ lenp->len = 0; >+ p = (char *)(lenp + 1); > } > >- lenp = (size_t *)p; >+ lenp = (struct unaligned_len *)p; > if (cp->cp_key != NULL) { >- *lenp++ = strlen(cp->cp_key); >- p = (char *)lenp; >+ lenp->len = strlen(cp->cp_key); >+ p = (char *)(lenp + 1); > memcpy(p, cp->cp_key, strlen(cp->cp_key)); > p += strlen(cp->cp_key); > } else { >- *lenp++ = '\0'; >- p = (char *)lenp; >+ lenp->len = 0; >+ p = (char *)(lenp + 1); > } > >- lenp = (size_t *)p; >+ lenp = (struct unaligned_len *)p; > if (cp->cp_val != NULL && cp->cp_val_len > 0) { >- *lenp++ = cp->cp_val_len; >- p = (char *)lenp; >+ lenp->len = cp->cp_val_len; >+ p = (char *)(lenp + 1); > memcpy(p, cp->cp_val, cp->cp_val_len); > p += cp->cp_val_len; > } else { >- *lenp++ = '\0'; >- p = (char *)lenp; >+ lenp->len = 0; >+ p = (char *)(lenp + 1); > } > > return (len); >--- rtadvd_control_packed.patch ends here ---
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=141646">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 188510
:
141645
| 141646