Date: Wed, 1 Dec 2004 01:06:59 -0600 From: Dan Nelson <dnelson@allantgroup.com> To: "JINMEI Tatuya / ?$B?@L@C#:H" <jinmei@isl.rdc.toshiba.co.jp> Cc: current@freebsd.org Subject: Re: malloc(0) returns an invalid address Message-ID: <20041201070659.GU5518@dan.emsphone.com> In-Reply-To: <y7vfz2qpltw.wl@ocean.jinmei.org> References: <y7vis7mppd8.wl@ocean.jinmei.org> <MDEHLPKNGKAHNMBLJOLKAEOHACAB.davids@webmaster.com> <y7vfz2qpltw.wl@ocean.jinmei.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In the last episode (Dec 01), JINMEI Tatuya / ?$B?@L@C#:H said:
> The first call to sysctl sets 'l' to 0, since the list is empty. Then
> the malloc returns '0x800' as a *valid pointer*. But in the second
> call to sysctl, kernel rejects this pointer at line 1299 of
> sys/kern/kern_sysctl.c:
>
> userland_sysctl(struct thread *td, int *name, u_int namelen, void *old,
> size_t *oldlenp, int inkernel, void *new, size_t newlen, size_t *retval)
> {
>
> (...)
>
> if (old) {
> --> if (!useracc(old, req.oldlen, VM_PROT_WRITE))
> --> return (EFAULT);
>
> and so we'll see
The bug is in useracc, I think. It should probably return true
immediately if len is zero, since it's okay to read or write zero bytes
from any pointer. A workaround would be to just skip the sysctl if
there is nothing to read.
--
Dan Nelson
dnelson@allantgroup.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041201070659.GU5518>