[issue1891] sftp utility crashes
YONETANI Tomokazu
qhwt.dfly at les.ath.cx
Thu Nov 11 02:22:25 PST 2010
On Wed, Nov 10, 2010 at 05:19:13PM +0000, vasily postnicov (via DragonFly issue tracker) wrote:
> I have something interesting for you. Size of glob_t (type for glob() ) is 88
> (at least on my machine):
:
> In glob () function it is 88 too, but in process_get() and remote_glob() it is
> 72. How could it be?
Hum, apparently sftp uses the OpenBSD definition of glob_t from
/usr/src/crypto/openssh/openbsd-compat/glob.h, whereas the glob()
in libc uses the one from /usr/include/glob.h. Unlike OpenBSD,
FreeBSD and Dragonfly use size_t for the first three members.
Since sizeof(size_t) == sizeof(int) this is not a problem on 32-bit
version of i386 CPUs, but in x86_64 sizeof(size_t) > sizeof(int),
so glob() uses the memory location different from what the caller
intended for function pointers, which led to a crash. BTW at least
gl_pathc and gl_offs are mentioned to be size_t according to the
following URL (the site may be down at the moment):
http://www.opengroup.org/onlinepubs/009695399/basedefs/glob.h.html
Can you try replacing the first three members in glob_t from int
to size_t, that is,
/usr/src/crypto/openssh/openbsd-compat/glob.h:
typedef struct {
int gl_pathc; /* Count of total paths so far. */
int gl_matchc; /* Count of paths matching pattern. */
int gl_offs; /* Reserved at beginning of gl_pathv. */
typedef struct {
size_t gl_pathc; /* Count of total paths so far. */
size_t gl_matchc; /* Count of paths matching pattern. */
size_t gl_offs; /* Reserved at beginning of gl_pathv. */
then rebuild sftp and see if that helps?
> _____________________________________________________
> DragonFly issue tracker <bugs at lists.dragonflybsd.org>
> <http://bugs.dragonflybsd.org/issue1891>
> _____________________________________________________
More information about the Bugs
mailing list