Summary: | [libpcap] tcpdump compiles complex expression to incorrect BPF code | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Product: | Base System | Reporter: | Vadim Goncharov <vadim_nuclight> | ||||||||||
Component: | kern | Assignee: | freebsd-bugs (Nobody) <bugs> | ||||||||||
Status: | Open --- | ||||||||||||
Severity: | Affects Only Me | CC: | archit, delphij, gharris, guy, imp | ||||||||||
Priority: | Normal | ||||||||||||
Version: | 7.2-RELEASE | ||||||||||||
Hardware: | Any | ||||||||||||
OS: | Any | ||||||||||||
Attachments: |
|
Description
Vadim Goncharov
2010-02-26 16:00:13 UTC
For bugs matching the following criteria: Status: In Progress Changed: (is less than) 2014-06-01 Reset to default assignee and clear in-progress tags. Mail being skipped Created attachment 218830 [details]
test file demonstrating the bug
Created attachment 218831 [details]
expression demonstrating the bug
Created attachment 218832 [details]
shell script to run the test case
Created attachment 218833 [details]
Proposed patch
The bug appears to be in libpcap. The libpcap optimizer (contrib/libpcap/optimizer.c) removes statements as dead that store certain values but does not account for the fact that a successor block may attempt to read the value written by the dead statemenent. The proposed patch marks the "val" data structure as having unknown value when statements are removed as dead to indicate to successor blocks that the value is not available. (I will also report this upstream.)
(In reply to Archit Shah from comment #5) Hi, was this reported to the upstream? (I haven't found one at https://github.com/the-tcpdump-group/libpcap/issues?q=is%3Aissue ) If so, could you please give us a URL for reference? (also +guy@ for visibility) Upstream pull request is here: https://github.com/the-tcpdump-group/libpcap/pull/976 Since the import of 1.10.3, this patch conflicts. I don't know if the changes related to detecting the optimizer loop or not will fix this issue though. Can you confirm either that (a) the upstream fix in 1.10.3 fixes your issue or (b) making the trivial modifications to your patch will fix the still lingering issue? I see that the upstream pull request remains open, so I'm unsure what the status is... The import was just a couple of weeks after the last comment... Thanks and sorry for the delay. It appears that upstream just merged my proposed fix today and I don't believe 1.10.3 addresses the bug. However, trivial modifications to the patch to work with 1.10.3 should also work until the next upstream release is made and imported into FreeBSD. |