NetBSD Problem Report #47154
From www@NetBSD.org Sat Nov 3 03:50:14 2012
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66])
by www.NetBSD.org (Postfix) with ESMTP id 947E663CAFB
for <gnats-bugs@gnats.NetBSD.org>; Sat, 3 Nov 2012 03:50:14 +0000 (UTC)
Message-Id: <20121103035013.8658563CAFB@www.NetBSD.org>
Date: Sat, 3 Nov 2012 03:50:13 +0000 (UTC)
From: ben@hl9.net
Reply-To: ben@hl9.net
To: gnats-bugs@NetBSD.org
Subject: dd gives strange error on 4095m blocksize
X-Send-Pr-Version: www-1.0
>Number: 47154
>Category: bin
>Synopsis: dd gives strange error on 4095m blocksize
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: bin-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sat Nov 03 03:55:00 +0000 2012
>Last-Modified: Fri Dec 26 23:35:00 +0000 2014
>Originator: Ben Carroll
>Release: 6.0 release
>Organization:
>Environment:
No uname; on installer shell
>Description:
I am using the shell provided by the installer. I'm not sure if the bug is present elsewhere, but my guess is yes so I did categorize this as an installer bug. This is a 64 bit intel xeon e3 cpu.
I have a picture from my KVM session here:
http://tinypic.com/view.php?pic=2qx19o8&s=6
If you notice, I try to use a 4096m blocksize and it informs me that this is 1 byte too large. If you don't want to look at the picture or the picture is no longer available, to reproduce:
# dd if=/dev/zero of=/dev/rwd0d bs=4096m progress=1
dd: block size 4294967296 is greater than 4294967295
.. a perfectly resonable error... however, any larger and:
# dd if=/dev/zero of=/dev/rwd0d bs=4095m progress=1
dd: /dev/rwd0d: Invalid Argument
And, I tried again with a more reasonable block size to proove I did not detach or do anything to cause rwd0d to become invalid
>How-To-Repeat:
# dd if=/dev/zero of=/dev/rwd0d bs=4095m progress=1
dd: /dev/rwd0d: Invalid Argument
>Fix:
>Audit-Trail:
From: Miwa Susumu <miwarin@gmail.com>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: bin/47154
Date: Sat, 1 Nov 2014 00:06:12 +0900
Is this malloc() bug?
In my machine( NetBSD 6.1.5 i386 ), dd is segmentation fault.
% dd if=/dev/zero of=hoge bs=4095m progress=1
zsh: segmentation fault dd if=/dev/zero of=hoge bs=4095m progress=1
What is happening here.
dd.c setup()
if (!(ddflags & (C_BLOCK|C_UNBLOCK))) {
if ((in.db = malloc(out.dbsz + in.dbsz - 1)) == NULL) { <====
err(EXIT_FAILURE, NULL);
/* NOTREACHED */
}
out.db = in.db;
note that, in.dbsz and out.dbsz is 4293918720.
Do you need to limit size of malloc() ?
--
miwarin
From: miwarin@gmail.com
To: gnats-bugs@NetBSD.org,
gnats-admin@netbsd.org,
netbsd-bugs@netbsd.org,
ben@hl9.neta
Cc:
Subject: Re: bin/47154
Date: Sat, 01 Nov 2014 21:26:06 +0900
On Fri, 31 Oct 2014 15:10:01 +0000 (UTC)
Miwa Susumu <miwarin@gmail.com> wrote:
> The following reply was made to PR bin/47154; it has been noted by GNATS.
>
> From: Miwa Susumu <miwarin@gmail.com>
> To: gnats-bugs@NetBSD.org
> Cc:
> Subject: Re: bin/47154
> Date: Sat, 1 Nov 2014 00:06:12 +0900
>
> dd.c setup()
>
> if (!(ddflags & (C_BLOCK|C_UNBLOCK))) {
> if ((in.db = malloc(out.dbsz + in.dbsz - 1)) == NULL) { <====
> err(EXIT_FAILURE, NULL);
> /* NOTREACHED */
> }
> out.db = in.db;
I was modified to check the arguments before malloc().
% diff -u dd.c.orig dd.c
--- dd.c.orig 2014-11-01 21:13:47.000000000 +0900
+++ dd.c 2014-11-01 21:15:57.000000000 +0900
@@ -1,4 +1,4 @@
-/* $NetBSD: dd.c,v 1.47.4.2 2012/04/17 00:01:36 yamt Exp $ */
+/* $NetBSD: dd.c,v 1.48 2011/11/06 21:22:23 jym Exp $ */
/*-
* Copyright (c) 1991, 1993, 1994
@@ -43,7 +43,7 @@
#if 0
static char sccsid[] = "@(#)dd.c 8.5 (Berkeley) 4/2/94";
#else
-__RCSID("$NetBSD: dd.c,v 1.47.4.2 2012/04/17 00:01:36 yamt Exp $");
+__RCSID("$NetBSD: dd.c,v 1.48 2011/11/06 21:22:23 jym Exp $");
#endif
#endif /* not lint */
@@ -212,10 +212,10 @@
* record oriented I/O, only need a single buffer.
*/
if (!(ddflags & (C_BLOCK|C_UNBLOCK))) {
- size_t dbsz = out.dbsz;
- if (!(ddflags & C_BS))
- dbsz += in.dbsz - 1;
- if ((in.db = malloc(dbsz)) == NULL) {
+ if((out.dbsz + in.dbsz - 1) > SIZE_T_MAX) {
+ errx(EXIT_FAILURE, "bs must be less than %u", SIZE_T_MAX);
+ }
+ if ((in.db = malloc(out.dbsz + in.dbsz - 1)) == NULL) {
err(EXIT_FAILURE, NULL);
/* NOTREACHED */
}
--
miwarin
From: Miwa Susumu <miwarin@gmail.com>
To: gnats-bugs@netbsd.org, gnats-admin@netbsd.org, netbsd-bugs@netbsd.org,
ben@hl9.neta
Cc:
Subject: Re: bin/47154
Date: Sun, 2 Nov 2014 00:19:22 +0900
2014-11-01 21:26 GMT+09:00 <miwarin@gmail.com>:
>
>
> On Fri, 31 Oct 2014 15:10:01 +0000 (UTC)
> Miwa Susumu <miwarin@gmail.com> wrote:
>
>
> I was modified to check the arguments before malloc().
>
Ah.....
my source code looks like it was older.
forget me.
I should use the current....
--
miwarin
From: David Holland <dholland-bugs@netbsd.org>
To: gnats-bugs@netbsd.org
Cc:
Subject: Re: bin/47154: dd gives strange error on 4095m blocksize
Date: Fri, 26 Dec 2014 23:33:05 +0000
Not sent to gnats.
(the procedure is: send mail to gnats-bugs; that goes into the bug
database and it remails to ~everywhere)
------
From: Miwa Susumu <miwarin@gmail.com>
To: gnats-admin@netbsd.org, netbsd-bugs@netbsd.org, ben@hl9.net
Subject: Re: bin/47154
Date: Mon, 3 Nov 2014 01:11:38 +0900
It would post many times, I'm sorry.
2014-11-02 0:20 GMT+09:00 Miwa Susumu <miwarin@gmail.com>:
> The following reply was made to PR bin/47154; it has been noted by GNATS.
>
> From: Miwa Susumu <miwarin@gmail.com>
> To: gnats-bugs@netbsd.org, gnats-admin@netbsd.org, netbsd-bugs@netbsd.org,
> ben@hl9.neta
> >
> > I was modified to check the arguments before malloc().
> >
>
> my source code looks like it was older.
> I should use the current....
% uname -msr
NetBSD 7.99.1 i386
Again I will die here.
dd.c setup()
if (!(ddflags & (C_BLOCK|C_UNBLOCK))) {
size_t dbsz = out.dbsz;
if (!(ddflags & C_BS))
dbsz += in.dbsz - 1;
if ((in.db = malloc(dbsz)) == NULL) { <====
err(EXIT_FAILURE, NULL);
/* NOTREACHED */
}
out.db = in.db;
By the way Do you know behavior of malloc?
example:
4294967295u (SIZE_T_MAX) is an error. that's ok.
4293918720u (4095m) segmetation fault. It is not an error.
#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
int main(int ac, char** av)
{
char* buf0;
char* buf1;
buf0 = malloc( 4294967295u );
if(buf0 == NULL) printf("%s\n", strerror(errno));
if(buf0 != NULL) free(buf0);
buf1 = malloc( 4293918720u );
if(buf1 == NULL) printf("%s\n", strerror(errno));
if(buf1 != NULL) free(buf1);
return 0;
}
4293918720u is 4294967295u smaller.
However, why do you not in error?
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2014
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.