[Xorp-cvs] XORP cvs commit: xorp/libxorp
Atanu Ghosh
atanu@ICSI.Berkeley.EDU
Tue, 20 Dec 2005 23:20:56 -0800
The function x_vasprintf takes printf style arguments (varargs) and returns a
malloc'd buffer with all the output. Internally this function starts
with a buffer of size 1025, it then calls vsnprintf with the buffer. If
the buffer is not large enough a new buffer is allocated and a second
try is made to format the arguments. The problem is that in the second
and subsequent calls to vnsprintf the varargs pointer is in the wrong
place. I therefore used va_copy to pass the same varargs pointer to
vsnprintf every time.
I saw the problem when tracing BGP an update message packed with NLRIs
required a buffer of 21060 bytes. The vsnprintf routine ends up
accessing parts of that stack that it shouldn't.
I should have guessed that va_copy was new. I'll fix the problem in
x_asprintf.
Atanu.
>>>>> "Pavlin" == Pavlin Radoslavov <pavlin@icir.org> writes:
>> CVSROOT: /usr/local/www/data/cvs Module name: xorp Changes by:
>> atanu@xorpc.icir.org 2005-12-21 01:24:47 UTC
>>
>> XORP CVS repository
>>
>>
>> Modified files: libxorp xlog.c
>>
>> Log message: Take a copy of the variable arguments so they can be
>> used multiple times.
Pavlin> Introducing va_copy() breaks the compilation on FreeBSD-4.10
Pavlin> with the default compiler (gcc-2.95.4):
Pavlin> xlog.c: In function `x_vasprintf': xlog.c:1162: warning:
Pavlin> implicit declaration of function `va_copy' gmake[3]: ***
Pavlin> [xlog.lo] Error 1
Pavlin> Can you give an example where the original implementation
Pavlin> fails.
Pavlin> Pavlin
>> Also fix a possible double free issue which could never happen.
>>
>> Revision Changes Path 1.13 +5 -2; commitid: af7343a8aede7ea6;
>> xorp/libxorp/xlog.c
>> _______________________________________________ Xorp-cvs mailing
>> list Xorp-cvs@icir.org
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/xorp-cvs