This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

FW: buffer size calculation in gethostby_helper()


[bounced message]

Hi Jan,

Thanks for your help. 
For some reason my message below is taking time to appear on Cygwin.com
If it does not appear could you forward it?
It's not the first time that that particular list ignores my messages :(

By the way, if you still get an error with the fixes suggested below tell me what dns query you are making and I will try to duplicate it next week.

Pierre

-----Original Message-----
From: Pierre A. Humblet [mailto:Pierre dot Humblet at ieee dot org] 
Sent: Friday, August 12, 2011 10:41 AM
To: cygwin at cygwin dot com  
Subject: RE: buffer size calculation in gethostby_helper()

> -----Original Message-----
> From: Corinna Vinschen 
> Sent: Friday, August 12, 2011 6:29 AM
> 
> On Aug 12 03:10, Jan Kolar wrote:
> >
> > Dear Corinna,
> > Please note that in net.cc, some kind of
> >               string_size += addrsize_out; is missing somewhere, 
> > which affects a buffer allocation.
> > See the two locations in diff.
> > [...]
> > DIFF
> > $ cd /usr/src/cygwin-1.7.6-1/winsup/ && diff -up 
> > ../rozbalene-orig-src.tar.bz2/cygwin-1.7.6-1/winsup/cygwin/net.cc
> > cygwin/net.cc
> > ---
> > ../rozbalene-orig-src.tar.bz2/cygwin-1.7.6-1/winsup/cygwin/net.cc
> > 2010-08-16 15:55:07.000000000 +0200
> > +++ cygwin/net.cc    2011-08-12 00:07:51.709992400 +0200
> > @@ -1109,6 +1109,8 @@ gethostby_helper (const char *name, cons
> >        else if (address_len != namelen1)
> >          continue;
> >        address_count++;
> > +          string_size += addrsize_out; // jk-2011 hope this fixes 
> > + the BUG below

The initial logic seems to be OK: In the following statement
sz = DWORD_round (sizeof(hostent))
       + sizeof (char *) * (alias_count + address_count + 2)
       + string_size
       + address_count * addrsize_out;
the incremented address_count generates two increases in sz:
a chunk of size sizeof(char *) and another one of size addrsize_out.
So the patch adding addrsize_out shouldn't be needed.

> > +          system_printf ("Note: JK hopping to fix the -4 bug in net.cc saying (if defed DEBUGGING) 'Please debug.' ");
> >      }
> >        /* Update the records */
> >        curptr->type = antype; /* Host byte order */ @@ -1192,7 
> > +1194,7 @@ gethostby_helper (const char *name, cons
> >            else
> >          memcpy (string_ptr, curptr->data, addrsize_in);
> >            string_ptr += addrsize_out;
> > -          string_size -= addrsize_out;
> > +          string_size -= addrsize_out; // jk-2011 FIXME BUG:   this makes it -4 sometimes - before my fix.

The bug is here: logically string_size shouldn't be decremented as it is used to account for name sizes, not for addresses.
Note that at this point string_size is only used for debugging and the bug generates a false alarm.
It's weird that it only shows up now.
I see two ways of fixing it:
1) add string_size += addrsize_out; as in the patch but then adjust the computation of sz or
2)  remove the extraneous string_size -= addrsize_out and in the  #ifdef DEBUGGING below replace
    if (string_size < 0)  by
        if (string_ptr > ((char *) ret) + sz) 

> >            continue;
> >          }
> >  #ifdef DEBUGGING
> 
> This looks basically correct to me, but the original code is not from me.
> Pierre, would you mind to have a look?
 
Sorry about that. I could fix it myself next week if desired.

Pierre





--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]