On Mon, 2010-06-14 at 13:09 -0500, Douglas E. Engert wrote: > > On 6/14/2010 12:46 PM, Andre Zepezauer wrote: > > Hello Douglas, > > > > attached is a patch that is almost the same like yours. The only > > difference is, that it still honours the max_virtual_slots property. > > Consider it as untested too. > > Looking closer at the code, it looks like the only place the > max_virtual_slots was still being used was in this one place. It looks > like when the conversion from a fixed size slot list to the list_* code > for slots was done this one location in the code was missed. If this > is correct, then the rest of the code to parse the max_virtual_slots > could be dropped and the opensc.conf file comments updated too. So your > test of max_virtual_slots in the "for" loop could be dropped too.
Yes you are right, max_virtual_slots is used only in this one place. So it seems easy to drop this feature. On the other hand, it's not a big deal to keep it as is. The question to answer is, if there is someone who makes serious use it. > > Regards, > > Andre Zepezauer > > > > On Mon, 2010-06-14 at 09:44 -0500, Douglas E. Engert wrote: > >> > >> On 6/12/2010 6:02 AM, Martin Vogt wrote: > >>> Hello, > >>> > >>> today I had a glibc error with svn head, which looks like "writing > >>> over an array boundary" to me: > >>> > >>>> 0x7fe7120b66f0 12:48:44.133 [opensc-pkcs11] > >>>> pkcs11-global.c:447:C_GetSlotList: doing free > >>>> *** glibc detected *** > >>>> /home/kde/work/opensc/svn_head/opensc/src/tools/.libs/pkcs11-tool: > >>>> free(): invalid next size (fast): 0x0000000000629b00 *** > >>>> ======= Backtrace: ========= > >>>> /lib64/libc.so.6[0x7fe710d42108] > >>>> /lib6Aborted > >>> > >>> The glibc abort happens in the function: pkcs11-global:C_GetSlotList > >>> As far as I understand this, the section:(around line 380) > >>> > >>> > >>>> if ((found = (CK_SLOT_ID_PTR)malloc (sizeof (*found) * > >>>> sc_pkcs11_conf.max_virtual_slots)) == NULL) { > >>>> rv = CKR_HOST_MEMORY; > >>>> goto out; > >>>> } > >>> > >> > >> This looks like a hold over from previous code. It looks like > >> list_size(&virtual_slots) > >> should be used, and the code should be moved after the detection for new > >> readers. > >> See *untested* patch attached. > >> > >> With the changes for virtual_slots being based on readers found, does this > >> mean > >> the opensc.conf max_virtual_slots is obsolete? > >> > >> > >>> allocates an array with sc_pkcs11_conf.max_virtual_slots entries. My > >>> printf says that: > >>> > >>>> sc_debug(context, SC_LOG_DEBUG_NORMAL,"found > >>>> 2:%d\n",sc_pkcs11_conf.max_virtual_slots); > >>>> 0x7fe7120b66f0 12:48:44.132 [opensc-pkcs11] > >>>> pkcs11-global.c:381:C_GetSlotList: found 2:1 > >>> > >>> ==> 1 > >>> > >>> But then it writes to this array 5 times:(around line 400) > >>> > >>>> if (!tokenPresent || (slot->slot_info.flags& CKF_TOKEN_PRESENT)) { > >>>> sc_debug(context, SC_LOG_DEBUG_NORMAL,"writing found :%d\n",numMatches); > >>>> /* > >>>> if (numMatches>= sc_pkcs11_conf.max_virtual_slots) { > >>>> printf("malloc error in found\n"); > >>>> exit(1); > >>>> } > >>>> */ > >>>> found[numMatches++] = slot->id; > >>> > >>> 0x7fe7120b66f0 12:48:44.133 [opensc-pkcs11] > >>> pkcs11-global.c:408:C_GetSlotList: writing found :0 > >>> 0x7fe7120b66f0 12:48:44.133 [opensc-pkcs11] > >>> pkcs11-global.c:408:C_GetSlotList: writing found :1 > >>> 0x7fe7120b66f0 12:48:44.133 [opensc-pkcs11] > >>> pkcs11-global.c:408:C_GetSlotList: writing found :2 > >>> 0x7fe7120b66f0 12:48:44.133 [opensc-pkcs11] > >>> pkcs11-global.c:408:C_GetSlotList: writing found :3 > >>> 0x7fe7120b66f0 12:48:44.133 [opensc-pkcs11] > >>> pkcs11-global.c:408:C_GetSlotList: writing found :4 > >>> 0x7fe7120b66f0 12:48:44.133 [opensc-pkcs11] > >>> pkcs11-global.c:422:C_GetSlotList: was only a size inquiry (5) > >>> > >>> > >>> Is this the heap corruption detected by glibc? > >>> > >>> Maybe I have a broken config file, but can this > >>> be handled somehow without a heap corruption? > >>> > >>> regards, > >>> > >>> Martin > >>> _______________________________________________ > >>> opensc-devel mailing list > >>> opensc-devel@lists.opensc-project.org > >>> http://www.opensc-project.org/mailman/listinfo/opensc-devel > >>> > >>> > >> > >> _______________________________________________ > >> opensc-devel mailing list > >> opensc-devel@lists.opensc-project.org > >> http://www.opensc-project.org/mailman/listinfo/opensc-devel > _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel