From owner-freebsd-bugs@FreeBSD.ORG Mon Jul 2 18:40:03 2012 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2DFDF106567F for ; Mon, 2 Jul 2012 18:40:03 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id F11708FC1E for ; Mon, 2 Jul 2012 18:40:02 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q62Ie279080847 for ; Mon, 2 Jul 2012 18:40:02 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q62Ie2Xv080846; Mon, 2 Jul 2012 18:40:02 GMT (envelope-from gnats) Date: Mon, 2 Jul 2012 18:40:02 GMT Message-Id: <201207021840.q62Ie2Xv080846@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org From: deeptech71@gmail.com Cc: Subject: Re: misc/169608: the mmap(), mprotect(), and munmap() functions get fucked by some corner-case arguments X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: deeptech71@gmail.com List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Jul 2012 18:40:03 -0000 The following reply was made to PR misc/169608; it has been noted by GNATS. From: deeptech71@gmail.com To: bug-followup@FreeBSD.org Cc: Subject: Re: misc/169608: the mmap(), mprotect(), and munmap() functions get fucked by some corner-case arguments Date: Mon, 02 Jul 2012 20:42:32 +0200 This is a multi-part message in MIME format. --------------050908070503090907040505 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit --------------050908070503090907040505 Content-Type: text/plain; charset=UTF-8; name="xs.c" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="xs.c" #include #include #include void test1(unsigned num, unsigned total, int func, void *addr, size_t size) { switch (func) { case 1: { printf("[%u/%u] mmap(%p, %zu, PROT_READ | PROT_WRITE, MAP_ANON, -1, 0)... ", num, total, addr, size); fflush(stdout); void *m = mmap(addr, size, PROT_READ | PROT_WRITE, MAP_ANON, -1, 0); if (m == MAP_FAILED) perror(NULL); else { printf("success: got %p; writing here... ", m); fflush(stdout); *((int *)m) = 1337; printf("success!\n"); } } break; case 2: { printf("[%u/%u] mprotect(%p, %zu, PROT_NONE)... ", num, total, addr, size); fflush(stdout); int ret = mprotect(addr, size, PROT_NONE); if (ret) perror(NULL); else printf("success!\n"); } break; case 3: { printf("[%u/%u] munmap(%p, %zu)... ", num, total, addr, size); fflush(stdout); int ret = munmap(addr, size); if (ret) perror(NULL); else printf("success!\n"); } break; } } #define ARRAY_LEN(x) (sizeof(x) / sizeof(*(x))) #define PAGE_SIZE 4096 int main(int argc, char *argv[]) { void *addrs[] = { NULL, (void *)0xBEEF, (void *)0xDEADBEEF, (void *)-PAGE_SIZE, (void *)-1 }; size_t sizes[] = { (size_t)0, (size_t)PAGE_SIZE, (size_t)2000000000, (size_t)4000000000, (size_t)-PAGE_SIZE, (size_t)-1 }; int func = atoi(argv[1]); int num = atoi(argv[2]); test1(num, ARRAY_LEN(addrs) * ARRAY_LEN(sizes), func, addrs[(num - 1) / ARRAY_LEN(sizes)], sizes[(num - 1) % ARRAY_LEN(sizes)]); return 0; } --------------050908070503090907040505--