[issue1481] panic: assertion: kva_p(buf) in soopt_from_kbuf (after ipfw pipe show, 2.2.1-R)

Matthew Dillon dillon at apollo.backplane.com
Fri Sep 4 20:43:09 PDT 2009


:Hmm, it is very strange to me.  I reproduced the bug myself today and
:the above patch does fix the panic.
:Have you recompiled/reinstall the patched kernel (at least quickkernel
:+ installkernel)?
:
:Best Regards,
:sephe

    Hmm.  min() uses a signed integer for arguments and result.   len
    is a size_t.  Is sopt->sopt_valsize initialized in that path?  If
    it is uninitialized and >= 0x80000000 it will turn up negative in
    the min() and a very bad value will be returned for the bcopy().

					-Matt
					Matthew Dillon 
					<dillon at backplane.com>






More information about the Bugs mailing list