• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Serious Bug
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Serious Bug

  • Subject: Re: Serious Bug
  • From: lakshmipathy bsn <email@hidden>
  • Date: Wed, 27 Jul 2005 10:58:09 +0530
I reported the bug in bugreporter. Thanks for the suggestion.

Thanks,
Lakshmipathy

On 7/27/05, Terry Lambert <email@hidden> wrote:
> Thanks for investigating the bug.
>
> You should file a bug report (http://bugreporter.apple.com).  As
> Justin usually points out, this list isn't an official (or even an
> unofficial) channel for reporting bugs to Apple.
>
> -- Terry
>
> On Jul 26, 2005, at 10:46 AM, B. S. N. Lakshmipathy wrote:
> > Hi all,
> >     The kernel released with 10.4.* (Tiger) has a serious bug. The
> > following user program causes kernel panic.
> >
> > /* @@@@@@@@@@@@@@@@@@@*/
> > #include <stdio.h>
> > #include <stdlib.h>
> > #include <sys/types.h>
> > #include <sys/event.h>
> >
> > int main (int argc, char **argv) {
> >   int kq;
> >   struct kevent ke;
> >
> >   if (argc < 1)
> >     return -1;
> >
> >   if ((kq = kqueue ()) < 0) {
> >     fprintf (stderr, "kqueue creation error\n");
> >     return -1;
> >   }
> >
> >   EV_SET (&ke, atoi (argv[1]), EVFILT_PROC, EV_ADD, NOTE_FORK |
> > NOTE_TRACK, 0, NULL);
> >
> >   if (kevent(kq, &ke, 1, NULL, 0, NULL) < 0) {
> >     fprintf (stderr, "kevent set error\n");
> >     return -1;
> >   }
> >
> >   while (1) {
> >     memset(&ke, 0, sizeof(struct kevent));
> >
> >     if (kevent(kq, NULL, 0, &ke, 1, NULL) < 0) {
> >       fprintf (stderr, "kevent get error\n");
> >       return -1;
> >     }
> >
> >     if (ke.fflags & NOTE_FORK)
> >       printf("%d forked\n", ke.ident);
> >
> >     if (ke.fflags & NOTE_CHILD)
> >       printf("child of %d is %d\n", ke.data, ke.ident);
> >
> >     if (ke.fflags & NOTE_TRACKERR)
> >       printf("NOTE_TRACK error\n");
> >   }
> >
> >   return 0;
> > }
> > /* @@@@@@@@@@@@@@@@@@@*/
> >
> > LOCATION OF BUG:
> >
> >     The problem is with the NULL pointer reference in fp_lookup()
> > in bsd/kern/kern_descrip.c. The function call sequence is fork() ->
> > fork1 () -> knote () -> filt_proc () -> kevent_register () ->
> > fp_lookup (). filt_proc () calls kevent_register () with NULL as
> > third argument. (kern_event.c:501), which is referenced in
> > fp_lookup () without check for NULL.
> >
> >     Whoever re-organized the kqueue/kevent code, please fix it.
> >
> > Thanks,
> > Lakshmipathy
> >
> > _______________________________________________
> > Do not post admin requests to the list. They will be ignored.
> > Darwin-kernel mailing list      (email@hidden)
> > Help/Unsubscribe/Update your Subscription:
> > 40apple.com
> >
> > This email sent to email@hidden
> >
>
>


--
Thanks,
Lakshmipathy
 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
References: 
 >Serious Bug (From: "B. S. N. Lakshmipathy" <email@hidden>)
 >Re: Serious Bug (From: Terry Lambert <email@hidden>)

  • Prev by Date: Re: sock_receive_internal() and its (ab)use of uio
  • Next by Date: get current time in kernel module
  • Previous by thread: Re: Serious Bug
  • Next by thread: get current time in kernel module
  • Index(es):
    • Date
    • Thread