[19834] in Kerberos_V5_Development
Re: Crash in sendto_kdc.c
daemon@ATHENA.MIT.EDU (Greg Hudson)
Thu Oct 4 16:01:27 2018
To: "mogasale.tech" <mogasale.tech@gmail.com>, krbdev@mit.edu
From: Greg Hudson <ghudson@mit.edu>
Message-ID: <8e5b0c7d-02aa-8094-aaa2-1a32eaead84a@mit.edu>
Date: Thu, 4 Oct 2018 16:01:13 -0400
MIME-Version: 1.0
In-Reply-To: <CALwnZ7SEG-VVujU6RS273ap27a1YhKUsN=jmu9rNE5LTYux-bg@mail.gmail.com>
Content-Language: en-US
Content-Type: text/plain; charset="utf-8"
Errors-To: krbdev-bounces@mit.edu
Content-Transfer-Encoding: 8bit
[Removing kfwdev from the CC line; we no longer have a separate Windows
development team, so just krbdev is fine.]
On 10/04/2018 08:47 AM, mogasale.tech wrote:
> conn.out.sgbuf[0] = {len = 4, buff = ‘\0’}
> conn.out.sgbuf[1] = {len = 1882, buff = ‘some data’}
> conn.out.sgp = {len=??? buf=??? }
> conn.out.sg_count = -10339
> conn.out.msg_len_buf = ""
> nwritten = 3199132154
Thanks for the additional information. I think I finally know what is
going wrong here: SOCKET_WRITEV() is trying to return -1, but due to the
intricacies of the C type system, it is being treated as 2^32-1 on
64-bit Windows.
The fix I would like to try is to edit src/include/port-sockets.h and
change the first definition of SOCKET_WRITEV to:
#define SOCKET_WRITEV(FD, SG, LEN, TMP) \
(WSASend((FD), (SG), (LEN), &(TMP), 0, 0, 0) ? \
(ssize_t)-1 : (ssize_t)(TMP))
where the change is the addition of the (ssize_t) casts.
Without the casts, the type of the conditional expression is unsigned
32-bit, because -1 has type int and TMP has type DWORD, and unsigned
wins over signed for integer types of equal size. The quantity -1 in
that type has the value 2^32-1. When that value is cast to ssize_t
(signed 64-bit on 64-bit Windows), it retains the large positive value
instead of reverting back to -1 as it would on 32-bit Windows.
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
