Project

General

Profile

Actions

Bug #5915

open

msgpullup(9f) behaves as if len is always -1

Added by Marcel Telka over 7 years ago. Updated about 7 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
kernel
Start date:
2015-05-08
Due date:
% Done:

0%

Estimated time:
Difficulty:
Medium
Tags:
needs-triage
Gerrit CR:

Description

Because of the following piece of code in the msgpullup(9f) implementation, the function ignores the passed value of len and always behaves as if len is -1:

1446mblk_t *
1447msgpullup(mblk_t *mp, ssize_t len)
1448{

...

1462    totlen = xmsgsize(mp);
1463
1464    if ((len > 0) && (len > totlen))
1465        return (NULL);
1466
1467    /*
1468     * Copy all of the first msg type into one new mblk, then dupmsg
1469     * and link the rest onto this.
1470     */
1471
1472    len = totlen;

The msgpullup(9f) function should copy only the first len bytes of the data to the new message, but instead it always copies all the data.

The problem is easily reproducible using these steps (use the attached module.c file):

# /opt/gcc/4.4.4/bin/gcc -Wall -D_KERNEL -m64 -mcmodel=kernel -mno-red-zone -ffreestanding -nodefaultlibs -c module.c
# /usr/ccs/bin/ld -r -o module module.o
# modload module
# tail -n1  /var/adm/messages
May  8 20:48:00 t1 genunix: [ID 625953 kern.info] NOTICE: New len: 16
#

According the msgpullup(9f) man page the expected new len printed in the /var/adm/messages file is either 4 or 8.


Files

module.c (975 Bytes) module.c Marcel Telka, 2015-05-15 05:47 PM
Actions #1

Updated by Marcel Telka about 7 years ago

  • File deleted (module.c)
Actions #2

Updated by Marcel Telka about 7 years ago

Actions

Also available in: Atom PDF