Date: Sat, 08 May 1999 00:15:36 +0800 From: Peter Wemm <peter@netplex.com.au> To: "Jordan K. Hubbard" <jkh@zippy.cdrom.com> Cc: current@FreeBSD.ORG Subject: Re: somebody has broken sysctlbyname() in -current Message-ID: <19990507161541.3EFE21F72@spinner.netplex.com.au> In-Reply-To: Your message of "Fri, 07 May 1999 06:49:31 MST." <99200.926084971@zippy.cdrom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
"Jordan K. Hubbard" wrote:
> > sysctlbyname("machdep.uc_devlist", buf, &len, NULL, NULL);
>
> Sorry for the vague first bug report; I hadn't collected a reasonable
> crashdump yet. It's in sysctl_machdep_uc_devlist(), specifically
> where it copies id->id_driver->name into a temporary stack variable.
> First time through, this thing's NULL and *boom* we're gone. I'm
> looking into it.
Urk. You are right. The problem is that id_driver is a wild pointer.
It was pointing to an entry in a malloc'ed array that was built to make
isadev->id_driver->name work for userconfig. After the exit of userconfig,
these tables are freed up, but the uc_devlist stuff still contains a
pointer to the original &isa_drvtab[i]; which is long gone...
Cheers,
-Peter
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990507161541.3EFE21F72>