• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Serious Bug
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Serious Bug

  • Subject: Re: Serious Bug
  • From: Terry Lambert <email@hidden>
  • Date: Tue, 26 Jul 2005 12:42:21 -0700
Thanks for investigating the bug.

You should file a bug report (http://bugreporter.apple.com). As Justin usually points out, this list isn't an official (or even an unofficial) channel for reporting bugs to Apple.

-- Terry

On Jul 26, 2005, at 10:46 AM, B. S. N. Lakshmipathy wrote:
Hi all,
The kernel released with 10.4.* (Tiger) has a serious bug. The following user program causes kernel panic.

/* @@@@@@@@@@@@@@@@@@@*/
#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/event.h>

int main (int argc, char **argv) {
  int kq;
  struct kevent ke;

  if (argc < 1)
    return -1;

  if ((kq = kqueue ()) < 0) {
    fprintf (stderr, "kqueue creation error\n");
    return -1;
  }

EV_SET (&ke, atoi (argv[1]), EVFILT_PROC, EV_ADD, NOTE_FORK | NOTE_TRACK, 0, NULL);

  if (kevent(kq, &ke, 1, NULL, 0, NULL) < 0) {
    fprintf (stderr, "kevent set error\n");
    return -1;
  }

  while (1) {
    memset(&ke, 0, sizeof(struct kevent));

    if (kevent(kq, NULL, 0, &ke, 1, NULL) < 0) {
      fprintf (stderr, "kevent get error\n");
      return -1;
    }

    if (ke.fflags & NOTE_FORK)
      printf("%d forked\n", ke.ident);

    if (ke.fflags & NOTE_CHILD)
      printf("child of %d is %d\n", ke.data, ke.ident);

    if (ke.fflags & NOTE_TRACKERR)
      printf("NOTE_TRACK error\n");
  }

  return 0;
}
/* @@@@@@@@@@@@@@@@@@@*/

LOCATION OF BUG:

The problem is with the NULL pointer reference in fp_lookup() in bsd/kern/kern_descrip.c. The function call sequence is fork() -> fork1 () -> knote () -> filt_proc () -> kevent_register () -> fp_lookup (). filt_proc () calls kevent_register () with NULL as third argument. (kern_event.c:501), which is referenced in fp_lookup () without check for NULL.

    Whoever re-organized the kqueue/kevent code, please fix it.

Thanks,
Lakshmipathy

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
40apple.com

This email sent to email@hidden


_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden




  • Follow-Ups:

      

    • Re: Serious Bug

      • From: lakshmipathy bsn <email@hidden>
      • 





References: 


 >Serious Bug (From: "B. S. N. Lakshmipathy" <email@hidden>)






    

  • Prev by Date:
Serious Bug

    • 

  • Next by Date:
Re: sock_receive_internal() and its (ab)use of uio

    • 

  • Previous by thread:
Serious Bug

    • 

  • Next by thread:
Re: Serious Bug

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •