From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <13426df10712181222w2b60d0f0y31ca1522a16e4e9e@mail.gmail.com> Date: Tue, 18 Dec 2007 12:22:40 -0800 From: "ron minnich" To: "Fans of the OS Plan 9 from Bell Labs" <9fans@cse.psu.edu> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline Subject: [9fans] bug in ape? Topicbox-Message-UUID: 1c738690-ead3-11e9-9d60-3106f5b1d025 The ssh2 always fails with copious data. I.e. lots of data comes in, and the proc reading from the socket at some point fails. I see this go by: pread(4, 0x06000508, 8192, 4294967295) return value: 7520 data: 0x06000508, 7520 Note the offset is x508, and we read 7520 bytes, which, if the buffer is 8k, is an overrun. The ape code is this: static void _copyproc(int fd, Muxbuf *b) { unsigned char *e; int n; int nzeros; e = &b->data[PERFDMAX]; for(;;) { /* make sure there's room */ lock(&mux->lock); if(e - b->putnext < READMAX) { if(b->getnext == b->putnext) { b->getnext = b->putnext = b->data; unlock(&mux->lock); } else { /* sleep until there's room */ b->roomwait = 1; unlock(&mux->lock); _RENDEZVOUS((unsigned long)&b->roomwait, 0); } } else unlock(&mux->lock); /* * A Zero-length _READ might mean a zero-length write * happened, or it might mean eof; try several times to * disambiguate (posix read() discards 0-length messages) */ nzeros = 0; do { n = _READ(fd, b->putnext, READMAX); <<<<<<<<<============= this line if(b->fd == -1) { _exit(0); /* we've been closed */ } } while(n == 0 && ++nzeros < 3); lock(&mux->lock); note the _READ above. It always calls with READMAX. I don't know yet what putnext can be (in range), but this is a data point. I am posting this as there may be someone who has seen it before. ron