Date: Sat, 14 Jan 2006 19:24:10 +0100 From: Ulrich Spoerlein <q@galgenberg.net> To: Rong-En Fan <grafan@gmail.com> Cc: current@freebsd.org Subject: Re: change mac address via ifconfig causes corrupted redzone Message-ID: <20060114182410.GA1108@galgenberg.net> In-Reply-To: <6eb82e0601140926n3d86e146m99aa9f47569b24aa@mail.gmail.com> References: <6eb82e0601140926n3d86e146m99aa9f47569b24aa@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Rong-En Fan wrote: > Hi all, >=20 > I'm running -current as of Jan 15 on i386. After upgrading, I saw > following messages >=20 > # ifconfig fxp0 link aa:bb:cc:dd:ee:ff > ifconfig: (malloc) Corrupted redzone 1 byte after 0xa000150 (size 18) (0x= 0) >=20 > I tried with MALLOC_OPTIONS=3DA to get a core dump, but the backtrace > does not help (corrupted). My /etc/malloc.conf is 'aj'. Problem does exist in RELENG_6 too, running it within valgrind give this =3D=3D4389=3D=3D Invalid write of size 1 =3D=3D4389=3D=3D at 0x3C031B24: strcpy (in /usr/local/lib/valgrind/vgpre= load_memcheck.so) =3D=3D4389=3D=3D by 0x804B34C: (within /sbin/ifconfig) =3D=3D4389=3D=3D by 0x804A983: (within /sbin/ifconfig) =3D=3D4389=3D=3D by 0x8049645: (within /sbin/ifconfig) =3D=3D4389=3D=3D Address 0x3C11C0FE is 0 bytes after a block of size 18 al= loc'd =3D=3D4389=3D=3D at 0x3C032183: malloc (in /usr/local/lib/valgrind/vgpre= load_memcheck.so) =3D=3D4389=3D=3D by 0x804B331: (within /sbin/ifconfig) =3D=3D4389=3D=3D by 0x804A983: (within /sbin/ifconfig) =3D=3D4389=3D=3D by 0x8049645: (within /sbin/ifconfig) =3D=3D4389=3D=3D=20 =3D=3D4389=3D=3D Invalid read of size 1 =3D=3D4389=3D=3D at 0x3C09579B: link_addr (in /lib/libc.so.6) =3D=3D4389=3D=3D by 0x804B35C: (within /sbin/ifconfig) =3D=3D4389=3D=3D by 0x804A983: (within /sbin/ifconfig) =3D=3D4389=3D=3D by 0x8049645: (within /sbin/ifconfig) =3D=3D4389=3D=3D Address 0x3C11C0FE is 0 bytes after a block of size 18 al= loc'd =3D=3D4389=3D=3D at 0x3C032183: malloc (in /usr/local/lib/valgrind/vgpre= load_memcheck.so) =3D=3D4389=3D=3D by 0x804B331: (within /sbin/ifconfig) =3D=3D4389=3D=3D by 0x804A983: (within /sbin/ifconfig) =3D=3D4389=3D=3D by 0x8049645: (within /sbin/ifconfig) (yeah, sorry, no debugging symbols) I'm pretty sure it's the link_getaddr in af_link.c, there are two possible fixes, depending on the requirements of link_addr() If link_addr *needs* a terminating '\0', then we need to malloc(strlen(addr) + 2), if it doesn't need the terminating zero, we should get away with strncpy(temp + 1, addr, strlen(addr)) I'm currently rebuilding world with debugging symbols and will report back. Ulrich Spoerlein --=20 PGP Key ID: F0DB9F44 Encrypted mail welcome! Fingerprint: F1CE D062 0CA9 ADE3 349B 2FE8 980A C6B5 F0DB 9F44 Which is worse: ignorance or apathy? Don't know. Don't care.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060114182410.GA1108>