RE: story about lost %ebx (stack corruption in inet_aton ?)

From: Yuriy Tsibizov <Yuriy.Tsibizov_at_gfk.com>
Date: Tue, 18 Dec 2007 11:43:02 +0300
> > My first impression was that there is a bug in gcc compiler 
> on 7-BETA
> > and 8-CURRENT (i386 only, and only if optimization is 
> enabled), but it
> > seems to be incorrect. Most probably source is stack corruption in
> > inet_aton()
> 
> mistyped, it is inet_network() that fails...
> 
> testcase:
> 
> #include <sys/cdefs.h>
> #include <sys/types.h>
> #include <netinet/in.h>
> #include <arpa/inet.h>
> #include <ctype.h>
> 
> int main(){
> int val;
> char s[]="10.10.0.10.0/12"; // four dots here!
> char *q;
> 
>         q = strchr(s,'/');
>         if (q) {
>                 *q = '\0';
>                 if ((val = inet_network(s)) != INADDR_NONE) {
>                         printf("OK\n");
>                         return (0);
>                 }
>                 printf("q= %08x\n", q);
>                 *q = '/';
>         }
> }
> 
> 
> (should be built with -O1 or -O2 to expose that bug)
patch is simple:
-------------
--- inet_network.c.orig 2007-06-03 21:20:26.000000000 +0400
+++ inet_network.c      2007-12-18 11:11:33.000000000 +0300
_at__at_ -53,7 +53,7 _at__at_
 {
        in_addr_t val, base, n;
        char c;
-       in_addr_t parts[4], *pp = parts;
+      in_addr_t parts[5], *pp = parts;
        int i, digit;
 
 again:
-------------

Yuriy.
Received on Tue Dec 18 2007 - 07:42:27 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:24 UTC