crc32c calculation at sctp_crc32.c
Yehuda Sadeh Weinraub
yehudasa at gmail.com
Thu Oct 16 00:37:28 UTC 2008
It looks like there is some bug in the crc32c calculation at sctp_crc32.c.
The update_crc32() does the following:
...
offset = ((uintptr_t) buffer) & 0x3;
return (sctp_crc32c_sb8_64_bit(crc32c, buffer, length, offset));
Now, note that it passes the 'offset' parameter. However, the
sctp_crc32c_sb8_64_bit() treats the 4th parameter as init_bytes. This is
wrong. Also it does the following:
running_length = ((length - init_bytes) / 8) * 8;
Now, if init_bytes is 3 and length is 1, running_length will overlap.
The following patch seems to fix it.
Yehuda
--- a/src/common/sctp_crc32.c
+++ b/src/common/sctp_crc32.c
@@ -518,12 +518,18 @@ static uint32_t sctp_crc32c_sb8_64_bit(uint32_t crc,
unsigned char const *p_buf,
uint32_t length,
- uint32_t init_bytes)
+ uint32_t offset)
{
uint32_t li;
uint32_t term1, term2;
uint32_t running_length;
uint32_t end_bytes;
+ uint32_t init_bytes;
+
+ init_bytes = (4-offset) & 0x3;
+
+ if (init_bytes > length)
+ init_bytes = length;
running_length = ((length - init_bytes) / 8) * 8;
end_bytes = length - init_bytes - running_length;
More information about the freebsd-bugs
mailing list