#2248 closed defect (fixed)

misaligned pointer dereference in clnt_udp.c line 363

Reported by: Jeffrey Hill Owned by: Jeffrey Hill <johill@…>
Priority: normal Milestone: 4.11
Component: score Version: 4.10
Severity: normal Keywords:
Cc: Blocked By:
Blocking:

Description

We see a misaligned pointer address violation at clnt_udp.c 363. Perhaps no one is hosting udp sun rpc services on RTEMS recently?

This patch fixes the previous revision on the following source file which was probably installed to fix a gcc aliasing warning.

cpukit/librpc/src/rpc/clnt_udp.c

@@ -89,13 +89,13 @@ struct cu_data {

u_int cu_xdrpos;
u_int cu_sendsz; /* send size */
union {

  • u_int32_t *i32;

+ u_int32_t *pi32;

char *c;

} _cu_outbuf;

#define cu_outbuf _cu_outbuf.c

u_int cu_recvsz; /* recv size */
union {

  • u_int32_t * i32;

+ u_int32_t i32;

char c[1];

} _cu_inbuf;

#define cu_inbuf _cu_inbuf.c

@@ -360,7 +360,7 @@ send_again:

if (inlen < sizeof(u_int32_t))

continue;

/* see if reply transaction id matches sent id */

  • if (*(cu->_cu_inbuf.i32) != *(cu->_cu_outbuf.i32))

+ if ( cu->_cu_inbuf.i32 != *cu->_cu_outbuf.pi32 )

continue;

/* we now assume we have the proper reply */
break;

Attachments (1)

clnt_udp_bug.txt (3.1 KB) - added by Jeffrey Hill on Feb 3, 2015 at 8:31:35 PM.
diffs and bug details

Download all attachments as: .zip

Change History (3)

Changed on Feb 3, 2015 at 8:31:35 PM by Jeffrey Hill

Attachment: clnt_udp_bug.txt added

diffs and bug details

comment:1 Changed on Feb 23, 2015 at 5:27:55 PM by Jeffrey Hill <johill@…>

In 0f3388d1f3e98f70ebc2f15d015680747b795328/rtems:

rpc: misaligned pointer dereference in clnt_udp.c line 363

see #2248

comment:2 Changed on Feb 23, 2015 at 5:28:51 PM by Jeffrey Hill <johill@…>

Owner: set to Jeffrey Hill <johill@…>
Resolution: fixed
Status: newclosed

In ced84fc0ea30d33674f56bbb174b85fc662b3f75/rtems:

rpc: misaligned pointer dereference in clnt_udp.c line 363

closes #2248

Note: See TracTickets for help on using tickets.