Hi,
I changed the NetBSD sources (which have the identical bug) and it
now it works as it should. i.e. writes to the pseudo terminal block,
don't overflow the real tty. I have not done any testing with FreeBSD.
The bug is easy to reproduce and the fix is correspondingly easy to verify.
I don't mind testing it with FreeBSD too but it'll have to wait for a
couple of days.
best
Neel
--- Matthew Dillon <[EMAIL PROTECTED]> wrote:
> Hey, great find! I see two places in that file where ICANON is
> improperly tested against t_iflag instead of t_lflag.
>
> Have you done any further testing using the t_lflag field instead
> of t_iflag? Did it fix the crash you were getting?
>
> -Matt
>
> :Hi,
> :
> :The following code in ptcwrite() in kern/tty_pty.c is supposed to prevent
> :the tty input buffer overflow (for certain cases):
> :
> : 612 if ((tp->t_rawq.c_cc + tp->t_canq.c_cc) >= TTYHOG - 2 &&
> : 613 (tp->t_canq.c_cc > 0 || !(tp->t_iflag&ICANON))) {
> : 614 wakeup(TSA_HUP_OR_INPUT(tp));
> : 615 goto block;
> : 616 }
> :
> :But the ICANON flag is set in tp->t_lflag and not tp->t_iflag. The ICRNL flag
> :in tp->t_iflag has the same value as the ICANON flag in tp->t_lflag (0x100).
> :This leads to input buffer overflow as soon as the ICRNL bit is set in
> :tp->t_iflag, and there are more than 1024 characters that telnet/ssh wants
> :to write to the pty.
> :
> :I discovered this problem when using libreadline because it changes the
> :terminal settings every time it is begins/finishes reading a line.
> :
> :Has anyone else seen a similar problem ? I saw identical behavior on NetBSD
> :too. Please CC me as I am not on the mailing list.
> :
> :thanks
> :Neel
__________________________________________________
Do You Yahoo!?
Yahoo! Sports - Coverage of the 2002 Olympic Games
http://sports.yahoo.com
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
