ipfw bug on i386

Mon Apr 12 06:12:54 UTC 2010

В Mon, 12 Apr 2010 10:07:56 +0400
Hizel Ildar <hizel at vyborg.ru> пишет:

> В Sun, 11 Apr 2010 11:23:59 +0400
> Alex Keda <admin at lissyara.su> пишет:
> 
> > srv5# more /tmp/a.sh
> > table="24"
> > ipfw table $table flush
> > for octet3 in `jot - 1 60`
> > do
> >   for octet4 in `jot - 1 254`
> >    do
> >      echo "table $table add 192.168.$octet3.$octet4" >> /tmp/$$.txt
> >    done
> > done
> > ipfw /tmp/$$.txt
> > rm -f /tmp/$$.txt
> > 
> > effect:
> > 
> > srv5# sh /tmp/a.sh
> > Abort trap (core dumped)
> > srv5#
> > srv5# ll ipfw.core
> > -rw-------  1 root  wheel  -  1,9M 11 апр 11:22 ipfw.core
> > srv5#
> > 
> > Tested on 8,9 i386 - core dump, amd64 - all OK
> > 7 - all OK
> > 
> > _______________________________________________
> > freebsd-current at freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-current
> > To unsubscribe, send any mail to
> > "freebsd-current-unsubscribe at freebsd.org"
> > 
> 
> Hey! I'm fix this bug :D
> 
> patch:
> 
> foo# diff -ruN main.c~ main.c
> --- main.c~     2010-03-04 19:54:56.000000000 +0300
> +++ main.c      2010-04-12 09:37:21.000000000 +0400
> @@ -553,7 +553,7 @@
>         }
>  
>         while (fgets(buf, BUFSIZ, f)) {         /* read commands */
> -               char linename[10];
> +               char linename[11];
>                 char *args[2];
>  
>                 lineno++;
> _______________________________________________
> freebsd-current at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to
> "freebsd-current-unsubscribe at freebsd.org"
> 

this is backtrace without my patch:
foo# gdb /sbin/ipfw ipfw.core 
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd"...
Core was generated by `ipfw'.
Program terminated with signal 6, Aborted.
Reading symbols from /lib/libutil.so.9...done.
Loaded symbols for /lib/libutil.so.9
Reading symbols from /lib/libc.so.7...done.
Loaded symbols for /lib/libc.so.7
Reading symbols from /libexec/ld-elf.so.1...done.
Loaded symbols for /libexec/ld-elf.so.1
#0  0x281eee1b in kill () at kill.S:3
3       RSYSCALL(kill)
(gdb) bt
#0  0x281eee1b in kill () at kill.S:3
#1  0x280e8ef5 in __fail (msg=0x281f3730 "stack overflow detected; terminated") at /usr/src/lib/libc/sys/stack_protector.c:95
#2  0x280e8f30 in __stack_chk_fail () at /usr/src/lib/libc/sys/stack_protector.c:102
#3  0x08057f44 in ipfw_readfile (ac=2, av=0xbfbfecac) at /usr/src/sbin/ipfw/main.c:581
#4  0x08057fca in main (ac=2, av=0xbfbfecac) at /usr/src/sbin/ipfw/main.c:606
Current language:  auto; currently asm

foo# uname -a
FreeBSD foo.vyborg.ru 9.0-CURRENT FreeBSD 9.0-CURRENT #1: Sun Apr 11
21:00:05 MSD 2010     root at foo.vyborg.ru:/usr/obj/usr/src/sys/GENERIC
i386