From owner-freebsd-current@FreeBSD.ORG Sat Jan 14 18:24:17 2006 Return-Path: X-Original-To: current@freebsd.org Delivered-To: freebsd-current@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E477116A41F for ; Sat, 14 Jan 2006 18:24:16 +0000 (GMT) (envelope-from q@galgenberg.net) Received: from wrzx28.rz.uni-wuerzburg.de (wrzx28.rz.uni-wuerzburg.de [132.187.3.28]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7E17A43D45 for ; Sat, 14 Jan 2006 18:24:14 +0000 (GMT) (envelope-from q@galgenberg.net) Received: from amavis.mail (amavis2.rz.uni-wuerzburg.de [132.187.3.47]) by wrzx28.rz.uni-wuerzburg.de (Postfix) with ESMTP id 8D9BE14563B; Sat, 14 Jan 2006 19:24:13 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by amavis.mail (Postfix) with ESMTP id 819CD1893; Sat, 14 Jan 2006 19:24:13 +0100 (CET) Received: from wrzx28.rz.uni-wuerzburg.de (wrzx28.rz.uni-wuerzburg.de [132.187.3.28]) by amavis.mail (Postfix) with ESMTP id 5661D1891; Sat, 14 Jan 2006 19:24:13 +0100 (CET) Received: from frodo.galgenberg.net (wwsx14.win-screen.uni-wuerzburg.de [132.187.253.14]) by wrzx28.rz.uni-wuerzburg.de (Postfix) with ESMTP id 3B8F714563B; Sat, 14 Jan 2006 19:24:13 +0100 (CET) Received: from coyote.q.local (gb-21-237.galgenberg.net [172.16.21.237]) by frodo.galgenberg.net (8.13.1/8.13.1) with ESMTP id k0EIOD0m085447; Sat, 14 Jan 2006 19:24:13 +0100 (CET) (envelope-from q@galgenberg.net) Received: from roadrunner.q.local (roadrunner.q.local [192.168.0.148]) by coyote.q.local (8.13.4/8.13.4) with ESMTP id k0EIOCLd013052; Sat, 14 Jan 2006 19:24:12 +0100 (CET) (envelope-from q@galgenberg.net) Received: from roadrunner.q.local (localhost [127.0.0.1]) by roadrunner.q.local (8.13.4/8.13.4) with ESMTP id k0EIOCPQ022763; Sat, 14 Jan 2006 19:24:12 +0100 (CET) (envelope-from q@galgenberg.net) Received: (from q@localhost) by roadrunner.q.local (8.13.4/8.13.4/Submit) id k0EIOB3U022762; Sat, 14 Jan 2006 19:24:11 +0100 (CET) (envelope-from q@galgenberg.net) Date: Sat, 14 Jan 2006 19:24:10 +0100 From: Ulrich Spoerlein To: Rong-En Fan Message-ID: <20060114182410.GA1108@galgenberg.net> Mail-Followup-To: Rong-En Fan , current@freebsd.org References: <6eb82e0601140926n3d86e146m99aa9f47569b24aa@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable In-Reply-To: <6eb82e0601140926n3d86e146m99aa9f47569b24aa@mail.gmail.com> X-Virus-Scanned: by amavisd-new at uni-wuerzburg.de X-Spam-Status: No, hits=0.0 tagged_above=0.0 required=8.0 tests= X-Spam-Level: Cc: current@freebsd.org Subject: Re: change mac address via ifconfig causes corrupted redzone X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 14 Jan 2006 18:24:17 -0000 Rong-En Fan wrote: > Hi all, >=20 > I'm running -current as of Jan 15 on i386. After upgrading, I saw > following messages >=20 > # ifconfig fxp0 link aa:bb:cc:dd:ee:ff > ifconfig: (malloc) Corrupted redzone 1 byte after 0xa000150 (size 18) (0x= 0) >=20 > I tried with MALLOC_OPTIONS=3DA to get a core dump, but the backtrace > does not help (corrupted). My /etc/malloc.conf is 'aj'. Problem does exist in RELENG_6 too, running it within valgrind give this =3D=3D4389=3D=3D Invalid write of size 1 =3D=3D4389=3D=3D at 0x3C031B24: strcpy (in /usr/local/lib/valgrind/vgpre= load_memcheck.so) =3D=3D4389=3D=3D by 0x804B34C: (within /sbin/ifconfig) =3D=3D4389=3D=3D by 0x804A983: (within /sbin/ifconfig) =3D=3D4389=3D=3D by 0x8049645: (within /sbin/ifconfig) =3D=3D4389=3D=3D Address 0x3C11C0FE is 0 bytes after a block of size 18 al= loc'd =3D=3D4389=3D=3D at 0x3C032183: malloc (in /usr/local/lib/valgrind/vgpre= load_memcheck.so) =3D=3D4389=3D=3D by 0x804B331: (within /sbin/ifconfig) =3D=3D4389=3D=3D by 0x804A983: (within /sbin/ifconfig) =3D=3D4389=3D=3D by 0x8049645: (within /sbin/ifconfig) =3D=3D4389=3D=3D=20 =3D=3D4389=3D=3D Invalid read of size 1 =3D=3D4389=3D=3D at 0x3C09579B: link_addr (in /lib/libc.so.6) =3D=3D4389=3D=3D by 0x804B35C: (within /sbin/ifconfig) =3D=3D4389=3D=3D by 0x804A983: (within /sbin/ifconfig) =3D=3D4389=3D=3D by 0x8049645: (within /sbin/ifconfig) =3D=3D4389=3D=3D Address 0x3C11C0FE is 0 bytes after a block of size 18 al= loc'd =3D=3D4389=3D=3D at 0x3C032183: malloc (in /usr/local/lib/valgrind/vgpre= load_memcheck.so) =3D=3D4389=3D=3D by 0x804B331: (within /sbin/ifconfig) =3D=3D4389=3D=3D by 0x804A983: (within /sbin/ifconfig) =3D=3D4389=3D=3D by 0x8049645: (within /sbin/ifconfig) (yeah, sorry, no debugging symbols) I'm pretty sure it's the link_getaddr in af_link.c, there are two possible fixes, depending on the requirements of link_addr() If link_addr *needs* a terminating '\0', then we need to malloc(strlen(addr) + 2), if it doesn't need the terminating zero, we should get away with strncpy(temp + 1, addr, strlen(addr)) I'm currently rebuilding world with debugging symbols and will report back. Ulrich Spoerlein --=20 PGP Key ID: F0DB9F44 Encrypted mail welcome! Fingerprint: F1CE D062 0CA9 ADE3 349B 2FE8 980A C6B5 F0DB 9F44 Which is worse: ignorance or apathy? Don't know. Don't care.