In AliasSctpInit(): la->sctpNatTimer.TimerQ = sn_calloc(SN_TIMER_QUEUE_SIZE, sizeof(struct sctpTimerQ)); since SN_TIMER_QUEUE_SIZE is defined as SN_MAX_TIMER+2, and sn_calloc is defined as sn_malloc(x * n) if _SYS_MALLOC_H_ is defined, the size of calloced memory will be wrong, because the macro will be expanded to SN_MAX_TIMER+2*sizeof(struct sctpTimerQ). This was found when i compiled the code on Linux, i don't know whether it's a problem or not if compiled on FreeBSD system.
(In reply to logwang from comment #0) a description mistake: sn_calloc will be expanded to sizeof(struct sctpTimerQ)*SN_MAX_TIMER+2
A commit references this bug: Author: tuexen Date: Tue Dec 26 14:37:48 UTC 2017 New revision: 327203 URL: https://svnweb.freebsd.org/changeset/base/327203 Log: Allow the first (and second) argument of sn_calloc() be a sum. This fixes a bug reported in https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=224103 PR: 224103 Changes: head/sys/netinet/libalias/alias_sctp.c
A commit references this bug: Author: tuexen Date: Sun Apr 8 14:09:27 UTC 2018 New revision: 332276 URL: https://svnweb.freebsd.org/changeset/base/332276 Log: MFC r327203: Allow the first (and second) argument of sn_calloc() be a sum. This fixes a bug reported in https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=224103 PR: 224103 Changes: _U stable/11/ stable/11/sys/netinet/libalias/alias_sctp.c
A commit references this bug: Author: tuexen Date: Sun Apr 8 16:24:37 UTC 2018 New revision: 332282 URL: https://svnweb.freebsd.org/changeset/base/332282 Log: MFC r327203: Allow the first (and second) argument of sn_calloc() be a sum. This fixes a bug reported in https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=224103 PR: 224103 Changes: _U stable/10/ stable/10/sys/netinet/libalias/alias_sctp.c