innfeed segfaults on NULL buffer in getBanner() - mine too..
Julien ÉLIE
julien at trigofacile.com
Mon Sep 17 19:50:22 UTC 2007
Hi all,
> I do not know what to do with that system signal flag 16 on FreeBSD 6.2 (*64* bits).
> It is perhaps not INN's fault and the problem should be reported to the maintainers
> of the port of INN for FreeBSD <http://www.freebsd.org/cgi/cvsweb.cgi/ports/news/inn/>,
> unless someone here has an idea of what is going on.
Thanks to the great help of Ollivier Robert, the problem has just been identified:
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
sigFlags (in endpoint.c) is defined as a pointer to sig_atomic_t entities.
sig_atomic_t is defined as "long" (64 bits) in machine/signal.h.
But, it is allocated like this:
sigFlags = xmalloc (sizeof(int) * NSIG) ;
in setSigHandler()...
So it allocating half the space needed but fill it as long leading to I
believe a buffer overflow, smashing something else that happen to be I
guess priorityList...
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
For portability reasons, he suggests to use proper #define to say whether it is
sizeof(int) of sizeof(long).
Do you want to do that or can we use sizeof(sig_atomic_t)?
innfeed now works great there and so does INN.
Many thanks to Kai Gallasch for having reported the problem and provided the
FreeBSD server to test, and also to Robert Watson.
I have also done:
grep -r "sizeof" * | grep "(int)"
grep -r "sizeof" * | grep "(long)"
and checked the few occurrences it returns but they seem OK (they are
used with int or long properly defined before). So I do not think
there are other similar problems.
However, feel free to tell in case you think about another similar issue.
--
Julien ÉLIE
« Vinum spumosum nisi defluat est uitiosum. »
More information about the inn-workers
mailing list