X-Recipient: archive-cygwin AT delorie DOT com
X-SWARE-Spam-Status: No, hits=1.3 required=5.0	tests=AWL,BAYES_00,RP_MATCHES_RCVD,TW_CP
X-Spam-Check-By: sourceware.org
Resent-Message-Id: <201108121855 DOT p7CItTwe009953 AT matsrv DOT math DOT cas DOT cz>
From: "Pierre A. Humblet" <Pierre DOT Humblet AT ieee DOT org>
To: <kolar AT math DOT cas DOT cz>
Cc: cygwin AT cygwin DOT com
Subject: FW: buffer size calculation in gethostby_helper()
Date: Fri, 12 Aug 2011 12:03:45 -0400
Message-id: <015301cc5909$6afc9e60$40f5db20$@ieee.org>
MIME-version: 1.0
Content-type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-UID: 132589
Resent-From: kolar AT math DOT cas DOT cz
Resent-Date: Fri, 12 Aug 2011 20:55:29 +0200
Resent-To: cygwin AT cygwin DOT com
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

[bounced message]

Hi Jan,

Thanks for your help. 
For some reason my message below is taking time to appear on Cygwin.com
If it does not appear could you forward it?
It's not the first time that that particular list ignores my messages :(

By the way, if you still get an error with the fixes suggested below tell me what dns query you are making and I will try to duplicate it next week.

Pierre

-----Original Message-----
From: Pierre A. Humblet [mailto:Pierre dot Humblet at ieee dot org] 
Sent: Friday, August 12, 2011 10:41 AM
To: cygwin at cygwin dot com  
Subject: RE: buffer size calculation in gethostby_helper()

> -----Original Message-----
> From: Corinna Vinschen 
> Sent: Friday, August 12, 2011 6:29 AM
> 
> On Aug 12 03:10, Jan Kolar wrote:
> >
> > Dear Corinna,
> > Please note that in net.cc, some kind of
> >               string_size += addrsize_out; is missing somewhere, 
> > which affects a buffer allocation.
> > See the two locations in diff.
> > [...]
> > DIFF
> > $ cd /usr/src/cygwin-1.7.6-1/winsup/ && diff -up 
> > ../rozbalene-orig-src.tar.bz2/cygwin-1.7.6-1/winsup/cygwin/net.cc
> > cygwin/net.cc
> > ---
> > ../rozbalene-orig-src.tar.bz2/cygwin-1.7.6-1/winsup/cygwin/net.cc
> > 2010-08-16 15:55:07.000000000 +0200
> > +++ cygwin/net.cc    2011-08-12 00:07:51.709992400 +0200
> > @@ -1109,6 +1109,8 @@ gethostby_helper (const char *name, cons
> >        else if (address_len != namelen1)
> >          continue;
> >        address_count++;
> > +          string_size += addrsize_out; // jk-2011 hope this fixes 
> > + the BUG below

The initial logic seems to be OK: In the following statement
sz = DWORD_round (sizeof(hostent))
       + sizeof (char *) * (alias_count + address_count + 2)
       + string_size
       + address_count * addrsize_out;
the incremented address_count generates two increases in sz:
a chunk of size sizeof(char *) and another one of size addrsize_out.
So the patch adding addrsize_out shouldn't be needed.

> > +          system_printf ("Note: JK hopping to fix the -4 bug in net.cc saying (if defed DEBUGGING) 'Please debug.' ");
> >      }
> >        /* Update the records */
> >        curptr->type = antype; /* Host byte order */ @@ -1192,7 
> > +1194,7 @@ gethostby_helper (const char *name, cons
> >            else
> >          memcpy (string_ptr, curptr->data, addrsize_in);
> >            string_ptr += addrsize_out;
> > -          string_size -= addrsize_out;
> > +          string_size -= addrsize_out; // jk-2011 FIXME BUG:   this makes it -4 sometimes - before my fix.

The bug is here: logically string_size shouldn't be decremented as it is used to account for name sizes, not for addresses.
Note that at this point string_size is only used for debugging and the bug generates a false alarm.
It's weird that it only shows up now.
I see two ways of fixing it:
1) add string_size += addrsize_out; as in the patch but then adjust the computation of sz or
2)  remove the extraneous string_size -= addrsize_out and in the  #ifdef DEBUGGING below replace
    if (string_size < 0)  by
        if (string_ptr > ((char *) ret) + sz) 

> >            continue;
> >          }
> >  #ifdef DEBUGGING
> 
> This looks basically correct to me, but the original code is not from me.
> Pierre, would you mind to have a look?
 
Sorry about that. I could fix it myself next week if desired.

Pierre





--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple