Date: Mon, 16 Dec 1996 22:39:55 -0600 (CST) From: randy@zyzzyva.com To: FreeBSD-gnats-submit@freebsd.org Subject: kern/2230: SEGV in sysctl for version 2.2 Message-ID: <199612170439.WAA06974@sierra.zyzzyva.com> Resent-Message-ID: <199612170440.UAA26377@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 2230
>Category: kern
>Synopsis: SEGV in sysctl
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-bugs
>State: open
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Dec 16 20:40:01 PST 1996
>Last-Modified:
>Originator: Randy Terbush
>Organization:
Zyzzyva Enterprises
>Release: FreeBSD 2.2-RELEASE i386
>Environment:
2.2-RELEASE supped 6:00amCST 16/12/96
P5-133
64MB RAM
The following kernel variables have been "tweaked".
maxusers 256
options NMBCLUSTERS=4096
options DFLDSIZ=33554432
options DFLSSIZ=1048576
options CHILD_MAX=1536
options OPEN_MAX=1536
options "FD_SETSIZE=1024"
>Description:
'sysctl kern' dumps core
>How-To-Repeat:
(gdb) r kern
Starting program: /usr/obj/nfs/zwww1/var/src/usr.sbin/sysctl/sysctl kern
kern.ostype: FreeBSD
kern.osrelease: 2.2-RELEASE
kern.osrevision: 199506
kern.version: FreeBSD 2.2-RELEASE #1: Sat Dec 14 11:50:01 CST 1996
kroot@sierra:/nfs/zwww1/var/src/sys/compile/SIERRA
kern.maxvnodes: 7881
kern.maxproc: 4116
kern.maxfiles: 8232
kern.argmax: 65536
kern.securelevel: -1
kern.hostname: sierra
kern.hostid: 0
kern.clockrate: { hz = 100, tick = 10000, profhz = 1024, stathz = 128 }
Program received signal SIGSEGV, Segmentation fault.
show_var (oid=0xefbfd750, nlen=2)
at /nfs/zwww1/var/src/usr.sbin/sysctl/sysctl.c:349
349 i = sysctl(oid, nlen, val, &len, 0, 0);
(gdb) bt
#0 show_var (oid=0xefbfd750, nlen=2)
at /nfs/zwww1/var/src/usr.sbin/sysctl/sysctl.c:349
#1 0x2807 in sysctl_all (oid=0xefbfdc1c, len=1)
at /nfs/zwww1/var/src/usr.sbin/sysctl/sysctl.c:456
#2 0x1b38 in parse (string=0xefbfdd26 "kern")
at /nfs/zwww1/var/src/usr.sbin/sysctl/sysctl.c:154
#3 0x189b in main (argc=0, argv=0xefbfdcac)
at /nfs/zwww1/var/src/usr.sbin/sysctl/sysctl.c:107
(gdb) l
344 i = sysctl(oid, nlen, 0, &j, 0, 0);
345 j += j; /* we want to be sure :-) */
346
347 val = alloca(j);
348 len = j;
349 i = sysctl(oid, nlen, val, &len, 0, 0);
350 if (i || !len)
351 return (1);
352
353 if (bflag) {
(gdb)
After several calls to this piece of code, alloca() allocates a
bogus address which is not being checked for here.
Breakpoint 1, show_var (oid=0xefbfd750, nlen=2)
at /nfs/zwww1/var/src/usr.sbin/sysctl/sysctl.c:345
345 j += j; /* we want to be sure :-) */
(gdb) s
347 val = alloca(j);
(gdb)
348 len = j;
(gdb) p val
$20 = (
unsigned char *) 0xefa3df98 <Error reading address 0xefa3df98: Invalid argument>
(gdb)
>Fix:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199612170439.WAA06974>