Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 16 Jul 2003 03:19:21 -0700
From:      Marcel Moolenaar <marcel@xcllnt.net>
To:        Kris Kennaway <kris@obsecurity.org>
Cc:        current@FreeBSD.org
Subject:   Re: Fix for rman [was: Re: [-CURRENT tinderbox] ...]
Message-ID:  <20030716101921.GB18693@dhcp01.pn.xcllnt.net>
In-Reply-To: <20030716085944.GB26428@rot13.obsecurity.org>
References:  <xzp65m3vfw1.fsf@dwp.des.no> <20030715185438.GB15674@dhcp01.pn.xcllnt.net> <xzpy8yzty2m.fsf@dwp.des.no> <20030715190456.GC15674@dhcp01.pn.xcllnt.net> <20030715193518.GA1660@crow.dom2ip.de> <20030716010908.GA24218@rot13.obsecurity.org> <20030716051103.GB17596@dhcp01.pn.xcllnt.net> <20030716051601.GA25527@rot13.obsecurity.org> <20030716074337.GA17997@dhcp01.pn.xcllnt.net> <20030716085944.GB26428@rot13.obsecurity.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jul 16, 2003 at 01:59:44AM -0700, Kris Kennaway wrote:
> On Wed, Jul 16, 2003 at 12:43:37AM -0700, Marcel Moolenaar wrote:
> > On Tue, Jul 15, 2003 at 10:16:01PM -0700, Kris Kennaway wrote:
> > > > 
> > > > malloc, you say? I have build failures in XFree4-clients because
> > > > rman coredumps and I have a backtrace full of free() frames...
> > > > 
> > > > Coincidence?
> > > 
> > > Some of the XFree86 utilities contain malloc bugs..rman in particular
> > > has been dumping core on certain ports for a couple of years.  I tried
> > > to track it down once but couldn't find it.
> > 
> > [cc anholt@]
> > 
> > The attached patch fixes rman. The faulting case is "\\\0". The '\0'
> > was handled in the default case for escaped characters, which also
> > incremented the pointer p beyond the terminating '\0'. 
> > 
> > Oh: this goes to devel/imake-4 of course.
> > 
> > -- 
> >  Marcel Moolenaar	  USPA: A-39004		 marcel@xcllnt.net
> 
> The print/gv port has patch-ad to work around another rman bug.  This
> bug is only exposed by malloc debugging.

Probably a different bug. The ^G is assumed to be a delimiter. The
code will look for the closing delimiter, but will not find one.
This too can result in runnaway pointers. I haven't analyzed the
code that closely though.

-- 
 Marcel Moolenaar	  USPA: A-39004		 marcel@xcllnt.net



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030716101921.GB18693>