generous@daitc.daitc.mil (Curtis Generous) (11/19/88)
Subject: named4.8 core dumps with a `bus error` Index: /usr/src/etc/bind4.8/named/ns_resp.c Description: A pointer is getting corrupted in a segment of code. The source of the problem appears to be a compiler generated, although I have not had a chance to dig in the generated assembler code generated by both code segments. This problem was discovered on a 98x running OSx4.1-880727. Repeat-By: Run named in debug mode, and watch for calls to make_rr() where buflen value is some absurd number (i.e. -178372742 -- more like an address than a length value). Fix: Apply the simple patch below. All this does is rewrite the code section where the pointer cp was getting trashed (note: the `replacement` code I provided was mostly extracted from an earlier version of named (version 4.3) that ran without problems under OSx4.1). *** /tmp/,RCSt1026998 Sat Nov 19 08:32:22 1988 --- ns_resp.c Fri Nov 18 10:17:06 1988 *************** *** 473,480 #endif goto servfail; } ! cp = newmsg + sizeof(HEADER) + ! (cname ? dn_skipname(cp, newmsg + newmsglen) : n) + QFIXEDSZ; buflen = sizeof(newmsg) - (cp - newmsg); try_again: --- 473,484 ----- #endif goto servfail; } ! cp = newmsg + sizeof(HEADER); ! if (cname) ! cp += dn_skipname(cp, newmsg + newmsglen); ! else ! cp += n; ! cp += QFIXEDSZ; buflen = sizeof(newmsg) - (cp - newmsg); try_again: -- Curtis C. Generous Defense Applied Information Technology Center (DAITC) ARPA: generous@daitc.mil UUCP: {uunet,vrdxhq,lll-tis}!daitc!generous