From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 17102 invoked by alias); 9 Aug 2012 17:02:10 -0000 Received: (qmail 17056 invoked by uid 22791); 9 Aug 2012 17:02:00 -0000 X-SWARE-Spam-Status: No, hits=-2.8 required=5.0 tests=AWL,BAYES_00,KHOP_THREADED X-Spam-Check-By: sourceware.org Received: from hagrid.ecoscentric.com (HELO mail.ecoscentric.com) (212.13.207.197) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Thu, 09 Aug 2012 17:01:46 +0000 Received: from localhost (hagrid.ecoscentric.com [127.0.0.1]) by mail.ecoscentric.com (Postfix) with ESMTP id E53252F7800B for ; Thu, 9 Aug 2012 18:01:45 +0100 (BST) Received: from mail.ecoscentric.com ([127.0.0.1]) by localhost (hagrid.ecoscentric.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GGIYmAcZz2M9; Thu, 9 Aug 2012 18:01:44 +0100 (BST) From: bugzilla-daemon@bugs.ecos.sourceware.org To: ecos-bugs@ecos.sourceware.org Subject: [Bug 1001522] Array index out of bounds in tftp_server.c X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: eCos X-Bugzilla-Component: TCP/IP X-Bugzilla-Keywords: X-Bugzilla-Severity: minor X-Bugzilla-Who: bernd.edlinger@hotmail.de X-Bugzilla-Status: NEW X-Bugzilla-Priority: low X-Bugzilla-Assigned-To: unassigned@bugs.ecos.sourceware.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Changed-Fields: In-Reply-To: References: X-Bugzilla-URL: http://bugs.ecos.sourceware.org/ Auto-Submitted: auto-generated Content-Type: text/plain; charset="UTF-8" MIME-Version: 1.0 Date: Thu, 09 Aug 2012 17:02:00 -0000 Message-Id: <20120809170143.2EEE52F78009@mail.ecoscentric.com> Mailing-List: contact ecos-bugs-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: ecos-bugs-owner@sourceware.org X-SW-Source: 2012/txt/msg01156.txt.bz2 Please do not reply to this email. Use the web interface provided at: http://bugs.ecos.sourceware.org/show_bug.cgi?id=1001522 --- Comment #11 from Bernd Edlinger 2012-08-09 18:01:40 BST --- (In reply to comment #10) > Yes, you're correct. > Using 0 as a "none" sentinal value for a socket/file descriptor is a > bug. It's not an unusual mistake to make, and for Unix programs it's > never detected because stdin is (almost) always fd 0, but I tripped > over the same thing in some other eCos code I wrote years ago. > Want to submit a patch? Well, ok. But is no one working on the idea with the blocking socket reads? If I am to fix that issue I would prefer a completely simple solution. 1. let only one thread enter the select. 2. never close the sockets, because that throws any additionally received packets away. 3. post the semaphore before the switch(ntohs(hdr->th_opcode)) 4. wait for the semaphore again, and go directly to the select. Bernd. -- Configure bugmail: http://bugs.ecos.sourceware.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.