From owner-freebsd-bugs  Tue Oct  5  9:10:25 1999
Delivered-To: freebsd-bugs@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
	by hub.freebsd.org (Postfix) with ESMTP id 92AF4150D6
	for <freebsd-bugs@FreeBSD.org>; Tue,  5 Oct 1999 09:10:09 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.9.3/8.9.2) id JAA53680;
	Tue, 5 Oct 1999 09:10:02 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Received: from aleph.carrier.kiev.ua (aleph.carrier.kiev.ua [193.193.193.3])
	by hub.freebsd.org (Postfix) with ESMTP id B91D315608
	for <FreeBSD-gnats-submit@freebsd.org>; Tue,  5 Oct 1999 09:01:12 -0700 (PDT)
	(envelope-from netch@aleph.carrier.kiev.ua)
Received: (from netch@localhost)
	by aleph.carrier.kiev.ua (8.9.3-lucky-netch-pl10/8.9.3) id TAL07778;
	Tue, 5 Oct 1999 19:01:09 +0300 (EEST)
	(envelope-from netch)
Message-Id: <199910051601.TAL07778@aleph.carrier.kiev.ua>
Date: Tue, 5 Oct 1999 19:01:09 +0300 (EEST)
From: netch@lucky.net (Valentin Nechayev)
Reply-To: netch@lucky.net
To: FreeBSD-gnats-submit@freebsd.org
X-Send-Pr-Version: 3.2
Subject: bin/14144: bad conversions in kern_fork()
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


>Number:         14144
>Category:       bin
>Synopsis:       bad conversions in kern_fork()
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Oct  5 09:10:01 PDT 1999
>Closed-Date:
>Last-Modified:
>Originator:     Valentin Nechayev
>Release:        FreeBSD 3.3-STABLE alpha
>Organization:
Lucky Net Ltd.
>Environment:

FreeBSD kernel sources ;) (3.3-stable)

>Description:

kern_fork.c, since line 357:
=== cut here ===
                MALLOC (p2->p_procsig, struct procsig *, sizeof(struct procsig),
                        M_SUBPROC, M_WAITOK);
                bcopy(&p1->p_procsig->ps_begincopy, &p2->p_procsig->ps_begincopy,
                        (unsigned)&p1->p_procsig->ps_endcopy -
                        (unsigned)&p1->p_procsig->ps_begincopy);
                p2->p_procsig->ps_refcnt = 1;
=== end cut ===
 
This piece of code converts two pointers to integer values and then calculates
difference of the values to calculate difference between pointers.
It is ugly hack but it works on i386; but on alpha sizeof(int)==4,
size of pointer is 8, and conversion loses bits. I cannot understand is this
losing significant but in case of really huge memory it shall be.

>How-To-Repeat:

>Fix:
	
Change it to calculate difference of two pointers converted to caddr_t.

>Release-Note:
>Audit-Trail:
>Unformatted:


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message