This is the mail archive of the
mailing list for the Cygwin project.
Re: FW: buffer size calculation in gethostby_helper()
- From: Jan Kolar <kolar at math dot cas dot cz>
- To: "Pierre A. Humblet" <Pierre dot Humblet at ieee dot org>
- Cc: cygwin at cygwin dot com
- Date: Fri, 12 Aug 2011 22:30:13 +0200
- Subject: Re: FW: buffer size calculation in gethostby_helper()
- References: <firstname.lastname@example.org>
My final understanding is this:
for each of address_count we use (and have to allocate)
1. addrsize_out of bytes in the "string" area of buffer
2. sizeof (char *) of bytes in the h_addr_list area of buffer
For 2., both string_ptr and string_size should be untouched
for 1., both should be updated.
This implies the buffer should be allocated as it is allocated,
while string_size should be changed to include the value
of address_count * addrsize_out.
Only so the code can be readable (so far as 1. remains true).
(I prefer readability since only the readable code is likely to be correct.)
Therefore I also think (but I am not 100% convinced) that, as much
address_count is considered, the buffer usage is safe
and the debug message was wrong.
There might be more I doubt in the function.
We have to be careful since here the data come from outside.
Therefore I am willing to review the change -- instead of writing the
Once you are with the code, please would you check the safety of
1122: for (i = 0; i < >>>> ancount <<<<<
1122: for (i = 0; i < ancount; i++, >>>>> ptr = curptr->data + ansize
1201: ancount = alias_count + address_count; /* Valid records */
and other places before I start trying to understand it?
On 12.8.2011 18:03, Pierre A. Humblet wrote:
Yes. Thus it seems that the buffer is properly allocated, good. However
I got confused anyway:
The initial logic seems to be OK: In the following statement
sz = DWORD_round (sizeof(hostent))
+ sizeof (char *) * (alias_count + address_count + 2)
+ address_count * addrsize_out;
the incremented address_count generates two increases in sz:
a chunk of size sizeof(char *) and another one of size addrsize_out.
So the patch adding addrsize_out shouldn't be needed.
Yes, logically it shouldn't be decremented (but there is better logic
explained above!). And yes, used for debugging only.
+ system_printf ("Note: JK hopping to fix the -4 bug in net.cc saying (if defed DEBUGGING) 'Please debug.' ");
/* Update the records */
curptr->type = antype; /* Host byte order */ @@ -1192,7
+1194,7 @@ gethostby_helper (const char *name, cons
memcpy (string_ptr, curptr->data, addrsize_in);
string_ptr += addrsize_out;
- string_size -= addrsize_out;
+ string_size -= addrsize_out; // jk-2011 FIXME BUG: this makes it -4 sometimes - before my fix.
The bug is here: logically string_size shouldn't be decremented as it is used to account for name sizes, not for addresses.
Note that at this point string_size is only used for debugging and the bug generates a false alarm.
But then string_size and string_ptr are not a couple as I would expect.
My suggestion is above.
It's weird that it only shows up now.
I see two ways of fixing it:
1) add string_size += addrsize_out; as in the patch but then adjust the computation of sz or
2) remove the extraneous string_size -= addrsize_out and in the #ifdef DEBUGGING below replace
if (string_size< 0) by
if (string_ptr> ((char *) ret) + sz)
This looks basically correct to me, but the original code is not from me.
Pierre, would you mind to have a look?
Sorry about that. I could fix it myself next week if desired.
Problem reports: http://cygwin.com/problems.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple