[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
oskit-mach: vm_map_copyout crash
From: |
Daniel Wagner |
Subject: |
oskit-mach: vm_map_copyout crash |
Date: |
Sun, 28 Oct 2001 13:47:38 +0100 |
User-agent: |
Mutt/1.2.5i |
Hi
I found an easy way to crash oskit-mach reproducable. The attached
buggy program does it. Be warned: the crash leaves your system in
horrible condition (as always).
This is what I get from the gdb (remote debugging):
Breakpoint 1, panic (fmt=0x21f7ca "vm_map_copyout: wiring 0x%x")
at ../../../oskit-20010214/libc/gen/panic.c:31
31 va_start(vl, fmt);
(gdb) bt
#0 panic (fmt=0x21f7ca "vm_map_copyout: wiring 0x%x")
at ../../../oskit-20010214/libc/gen/panic.c:31
#1 0x001300b1 in vm_map_copyout ()
#2 0x00104e7d in ipc_kmsg_copyout_body ()
#3 0x00104f62 in ipc_kmsg_copyout ()
#4 0x00113d06 in mach_msg_continue ()
wagi
#include <device/device.h>
#include <mach/kern_return.h>
#include <mach/port.h>
#include <assert.h>
#include <error.h>
#include <hurd/ports.h>
#include <mach.h>
struct port_class *etherreadclass;
device_t ether_port;
struct port_info *readpt;
mach_port_t readptname;
static struct port_bucket *etherport_bucket;
static short ether_filter[] =
{
NETF_PUSHLIT | NETF_NOP,
1
};
static int ether_filter_len = sizeof (ether_filter) / sizeof (short);
int
main(int argc, int argv)
{
error_t err;
device_t master_device;
u_int count;
char *interface = "eth0";
unsigned char *frame;
etherport_bucket = ports_create_bucket ();
etherreadclass = ports_create_class (0, 0);
err = ports_create_port (etherreadclass, etherport_bucket,
sizeof (struct port_info), &readpt);
assert_perror (err);
readptname = ports_get_right (readpt);
mach_port_insert_right (mach_task_self (), readptname,
readptname, MACH_MSG_TYPE_MAKE_SEND);
mach_port_set_qlimit (mach_task_self (), readptname, MACH_PORT_QLIMIT_MAX);
err = get_privileged_ports (0, &master_device);
if (err)
error (2, err, "cannot get device master port");
err = device_open (master_device, D_WRITE | D_READ, interface, ðer_port);
mach_port_deallocate (mach_task_self (), master_device);
if (err)
error (2, err, "%s", interface);
err = device_set_filter (ether_port, ports_get_right (readpt),
MACH_MSG_TYPE_MAKE_SEND, 0,
ether_filter, ether_filter_len);
if (err)
error (2, err, "%s", interface);
frame = (unsigned char*) malloc (66);
err = device_write (ether_port, D_NOWAIT, 0,
frame, sizeof (frame), &count);
if (err)
error (2, err "%s", interface);
mach_port_deallocate (mach_task_self (), ether_port);
ports_destroy_right (readptname);
return 0;
}
--
Daniel Wagner "use quit to exit"
email: wagi@gmx.ch
GnuPG: 1024D/DCDE890A (public key available on any keyserver)
- oskit-mach: vm_map_copyout crash,
Daniel Wagner <=