This is the mail archive of the libc-hacker@sources.redhat.com mailing list for the glibc project.
Note that libc-hacker is a closed list. You may look at the archives of this list, but subscription and posting are not open.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Other format: | [Raw text] |
Hi! xdr_rmtcall_args first encodes arglen just to allocate space for it, then outputs the actual arguments and once they are output, XDR_SETPOS to the location of argument length and outputs the newly computed arglen. The problem is that cap->arglen is usually uninitialized value (it makes no sense to initialize it, as xdr_rmtcall_args is supposed to set it and on 32-bit arches doesn't rely on its previous value). But on 64-bit, if the unitialized cap->arglen happens to have any of the upper 32 bits set, xdr_u_long will fail. Fixed thusly: 2005-04-04 Jakub Jelinek <jakub@redhat.com> * sunrpc/pmap_rmt.c (xdr_rmtcall_args): Use a dummy arglen instead of trying to encode uninitialized arglen. --- libc/sunrpc/pmap_rmt.c.jj 2004-10-01 12:05:01.000000000 +0200 +++ libc/sunrpc/pmap_rmt.c 2005-04-04 08:39:19.000000000 +0200 @@ -125,8 +125,9 @@ xdr_rmtcall_args (XDR *xdrs, struct rmtc INTUSE(xdr_u_long) (xdrs, &(cap->vers)) && INTUSE(xdr_u_long) (xdrs, &(cap->proc))) { + u_long dummy_arglen = 0; lenposition = XDR_GETPOS (xdrs); - if (!INTUSE(xdr_u_long) (xdrs, &(cap->arglen))) + if (!INTUSE(xdr_u_long) (xdrs, &dummy_arglen)) return FALSE; argposition = XDR_GETPOS (xdrs); if (!(*(cap->xdr_args)) (xdrs, cap->args_ptr)) Jakub
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |