NetBSD Problem Report #44594
From www@NetBSD.org Thu Feb 17 17:54:57 2011
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
by www.NetBSD.org (Postfix) with ESMTP id E171763B11D
for <gnats-bugs@gnats.NetBSD.org>; Thu, 17 Feb 2011 17:54:56 +0000 (UTC)
Message-Id: <20110217175456.3721563B100@www.NetBSD.org>
Date: Thu, 17 Feb 2011 17:54:56 +0000 (UTC)
From: M.Drochner@fz-juelich.de
Reply-To: M.Drochner@fz-juelich.de
To: gnats-bugs@NetBSD.org
Subject: kernel zlib reports false errors on decompression
X-Send-Pr-Version: www-1.0
>Number: 44594
>Category: kern
>Synopsis: kernel zlib reports false errors on decompression
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: kern-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Thu Feb 17 17:55:00 +0000 2011
>Last-Modified: Fri May 27 04:08:27 +0000 2011
>Originator: Matthias Drochner
>Release: current
>Organization:
FZJ
>Environment:
NetBSD zelz27 5.99.45 NetBSD 5.99.45 (MIST+MP+MODS) #220: Thu Feb 17 17:44:37 ME
T 2011 drochner@zelz27:/home/drochner/netbsd/work.src.usbdev/sys/arch/i386/comp
ile/MIST+MP+MODS i386
>Description:
The inflate() function in sys/net/zlib.c reports a Z_BUF_ERROR (-5)
sometimes after a successful decompression. A condition for this
seems to be that the decompressed data end exactly at the end
of the output buffer.
This caused sporadic problems with FAST_IPSEC's IPCOMP, but
other clients might be affected too.
>How-To-Repeat:
I'll attach a small test program. Build against the kernel zlib code:
mkdir tmpdir
cd tmpdir
cp .../compbug.c .
cp ${BSDSRCDIR}/sys/net/zlib.* .
cc -I. compbug.c zlib.c
./a.out
To test against system libz:
cc compbug.c -lz
./a.out
>Fix:
Either hunt it down in the current code, or update to a newer
version.
>Release-Note:
>Audit-Trail:
From: Matthias Drochner <M.Drochner@fz-juelich.de>
To: <gnats-bugs@NetBSD.org>
Cc:
Subject: Re: kern/44594: kernel zlib reports false errors on decompression
Date: Thu, 17 Feb 2011 19:19:30 +0100
--==_Exmh_792027469890
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Here is the test program.
---------------------------------------------------------------------------=
---------------------
---------------------------------------------------------------------------=
---------------------
Forschungszentrum Juelich GmbH
52425 Juelich
Sitz der Gesellschaft: Juelich
Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
Vorsitzender des Aufsichtsrats: MinDirig Dr. Karl Eugen Huthmacher
Geschaeftsfuehrung: Prof. Dr. Achim Bachem (Vorsitzender),
Dr. Ulrich Krafft (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt,
Prof. Dr. Sebastian M. Schmidt
---------------------------------------------------------------------------=
---------------------
---------------------------------------------------------------------------=
---------------------
--==_Exmh_792027469890
Content-Type: text/plain; name="compbug.c"; charset="us-ascii"
Content-Description: compbug.c
Content-Disposition: attachment; filename="compbug.c"
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <err.h>
#include "zlib.h"
/* This unpacks into 1508, exactly 52*29. */
unsigned char text[29] = {
0xe3,0x60,0xa8,0x9d,0x5e,0xf9,0x9d,0x81,0xc1,0x37,
0x56,0xc5,0x8f,0x81,0xb7,0x6f,0x07,0xc3,0x28,0x18,
0x05,0xa3,0x60,0x14,0x8c,0x82,0x61,0x03,0x00
};
#define FACTOR 4 /* fails with 1, 2, 4, 13, 26, 52 */
static void *
myalloc(void *o, unsigned int n, unsigned int s)
{
return calloc(n, s);
}
static void
myfree(void *o, void *p)
{
free(p);
}
int
main()
{
int res, nbuf;
unsigned char buf1[10000];
z_stream z;
memset(&z, 0, sizeof(z));
z.next_in = text;
z.avail_in = sizeof(text);
z.zalloc = myalloc;
z.zfree = myfree;
z.opaque = 0;
z.next_out = buf1;
z.avail_out = FACTOR * sizeof(text);
res = inflateInit2(&z, -15);
if (res != Z_OK)
errx(1, "inflateInit: %d", res);
nbuf = 1;
for(;;) {
res = inflate(&z, Z_SYNC_FLUSH);
if (res != Z_OK)
break;
if (z.avail_out == 0) {
z.next_out = buf1;
z.avail_out = FACTOR * sizeof(text);
nbuf++;
}
}
if (res != Z_STREAM_END) {
printf("ai=%d ao=%d bufs=%d out=%ld\n",
z.avail_in, z.avail_out, nbuf, z.total_out);
errx(1, "inflate: %d", res);
}
printf("got %ld bytes in %d bufs\n", z.total_out, nbuf);
return 0;
}
--==_Exmh_792027469890--
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.