[issue1481] panic: assertion: kva_p(buf) in soopt_from_kbuf (after ipfw pipe show, 2.2.1-R)
Matthew Dillon
dillon at apollo.backplane.com
Fri Sep 4 20:43:09 PDT 2009
:Hmm, it is very strange to me. I reproduced the bug myself today and
:the above patch does fix the panic.
:Have you recompiled/reinstall the patched kernel (at least quickkernel
:+ installkernel)?
:
:Best Regards,
:sephe
Hmm. min() uses a signed integer for arguments and result. len
is a size_t. Is sopt->sopt_valsize initialized in that path? If
it is uninitialized and >= 0x80000000 it will turn up negative in
the min() and a very bad value will be returned for the bcopy().
-Matt
Matthew Dillon
<dillon at backplane.com>
More information about the Bugs
mailing list