This looks like a straight forward fix to a potentially nasty YP problem. I will talk with Serge to see which of us is best suited to sponsor the fix and get it resolved quickly.
Doug. J?rgen Keil wrote: > My first opensolaris contributed bugfix. I have fixed > > 6203874 ypxfrd coredumps in x86 master/SPARC slave scenarios > > > Updated analysis for the bug: > > Root cause for the coredump is that the original code is encoding the > pagebuffer into network byteorder when mygetpage() hasn't returned OK; > that is, when mygetpage() must have returned with GETDBM_EOF. > > In the GETDBM_EOF case, no new data was filled into the "pagblock". > The code in the DOSWAB section reads an already byteswapped length > "cnt = s[0]" from the previous loop, and uses this bogus length to byteswap > a block of shorts in memory. Using the bogus length, it corrupts this > memory block; the corruption is not limited to the local > static variable "static struct pag res;". > > > Suggested fix: > > *** usr/src/cmd/ypcmd/ypxfrd_server.c~ Tue Jun 14 09:44:51 2005 > --- usr/src/cmd/ypcmd/ypxfrd_server.c Tue Jun 28 18:45:11 2005 > *************** > *** 267,276 **** > res.status = mygetpage(res.pag_u.ok.blkdat, &(res.pag_u.ok.blkno), m); > > #ifdef DOSWAB > ! s = (short *)res.pag_u.ok.blkdat; > ! cnt = s[0]; > ! for (i = 0; i <= cnt; i++) > ! s[i] = ntohs(s[i]); > #endif > > if (!xdr_pag(xdrs, &res)) > --- 267,278 ---- > res.status = mygetpage(res.pag_u.ok.blkdat, &(res.pag_u.ok.blkno), m); > > #ifdef DOSWAB > ! if (res.status == OK) { > ! s = (short *)res.pag_u.ok.blkdat; > ! cnt = s[0]; > ! for (i = 0; i <= cnt; i++) > ! s[i] = htons(s[i]); > ! } > #endif > > if (!xdr_pag(xdrs, &res)) > *************** > *** 283,292 **** > &(res.pag_u.ok.blkno), m); > > #ifdef DOSWAB > ! s = (short *)res.pag_u.ok.blkdat; > ! cnt = s[0]; > ! for (i = 0; i <= cnt; i++) > ! s[i] = ntohs(s[i]); > #endif > > if (!xdr_pag(xdrs, &res)) > --- 285,296 ---- > &(res.pag_u.ok.blkno), m); > > #ifdef DOSWAB > ! if (res.status == OK) { > ! s = (short *)res.pag_u.ok.blkdat; > ! cnt = s[0]; > ! for (i = 0; i <= cnt; i++) > ! s[i] = htons(s[i]); > ! } > #endif > > if (!xdr_pag(xdrs, &res)) > This message posted from opensolaris.org > _______________________________________________ > request-sponsor mailing list > request-sponsor at opensolaris.org