Date: Tue, 5 Oct 1999 19:01:09 +0300 (EEST) From: netch@lucky.net (Valentin Nechayev) To: FreeBSD-gnats-submit@freebsd.org Subject: bin/14144: bad conversions in kern_fork() Message-ID: <199910051601.TAL07778@aleph.carrier.kiev.ua>
next in thread | raw e-mail | index | archive | help
>Number: 14144
>Category: bin
>Synopsis: bad conversions in kern_fork()
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue Oct 5 09:10:01 PDT 1999
>Closed-Date:
>Last-Modified:
>Originator: Valentin Nechayev
>Release: FreeBSD 3.3-STABLE alpha
>Organization:
Lucky Net Ltd.
>Environment:
FreeBSD kernel sources ;) (3.3-stable)
>Description:
kern_fork.c, since line 357:
=== cut here ===
MALLOC (p2->p_procsig, struct procsig *, sizeof(struct procsig),
M_SUBPROC, M_WAITOK);
bcopy(&p1->p_procsig->ps_begincopy, &p2->p_procsig->ps_begincopy,
(unsigned)&p1->p_procsig->ps_endcopy -
(unsigned)&p1->p_procsig->ps_begincopy);
p2->p_procsig->ps_refcnt = 1;
=== end cut ===
This piece of code converts two pointers to integer values and then calculates
difference of the values to calculate difference between pointers.
It is ugly hack but it works on i386; but on alpha sizeof(int)==4,
size of pointer is 8, and conversion loses bits. I cannot understand is this
losing significant but in case of really huge memory it shall be.
>How-To-Repeat:
>Fix:
Change it to calculate difference of two pointers converted to caddr_t.
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199910051601.TAL07778>