[BusyBox 0003304]: udhcpd arpping overflow bug
bugs at busybox.net
bugs at busybox.net
Mon May 12 14:14:45 UTC 2008
A NOTE has been added to this issue.
======================================================================
http://busybox.net/bugs/view.php?id=3304
======================================================================
Reported By: Linkn
Assigned To: BusyBox
======================================================================
Project: BusyBox
Issue ID: 3304
Category: Networking Support
Reproducibility: always
Severity: minor
Priority: normal
Status: assigned
======================================================================
Date Submitted: 05-09-2008 04:10 PDT
Last Modified: 05-12-2008 07:14 PDT
======================================================================
Summary: udhcpd arpping overflow bug
Description:
In the arpping function(networking\udhcp\arpping.c. line 89),
prevTime may bring timeout_ms overflow in MIPS os.
Suggest define preTime: unsigned long long preTime;
======================================================================
----------------------------------------------------------------------
vda - 05-09-08 04:51
----------------------------------------------------------------------
The code:
/* wait for arp reply, and check it */
timeout_ms = 2000;
do {
int r;
unsigned prevTime = monotonic_us();
...
timeout_ms -= (monotonic_us() - prevTime) / 1000;
} while (timeout_ms > 0);
Can you explain in more details when overflow occurs?
----------------------------------------------------------------------
vda - 05-09-08 04:56
----------------------------------------------------------------------
If this is a real bug, it is likely fixed in 21958.
----------------------------------------------------------------------
Linkn - 05-09-08 20:36
----------------------------------------------------------------------
This is embedded MIPS 4k OS and gcc is mipsel-linux-gcc (GCC) 3.3.6.
The test code :
/* wait for arp reply, and check it */
do {
int r;
//unsigned long long prevTime = monotonic_us();
unsigned prevTime = monotonic_us();
bb_error_msg("arpping -> timeout_ms:%d\n",timeout_ms);
pfd[0].events = POLLIN;
r = safe_poll(pfd, 1, timeout_ms);
if (r < 0) {
break;
} else if (r) {
if (read(s, &arp, sizeof(arp)) < 0)
break;
if (arp.operation == htons(ARPOP_REPLY)
&& memcmp(arp.tHaddr, from_mac, 6) == 0
&& *((uint32_t *) arp.sInaddr) == test_ip
) {
rv = 0;
break;
}
}
timeout_ms -= (monotonic_us() - prevTime) / 1000;
} while (timeout_ms > 0);
Where dhcpd receive discover, debug msg show :
udhcpd: arpping -> timeout_ms:2000
udhcpd: arpping -> timeout_ms:1662154294
At this time,safe_poll will delay long long time .
----------------------------------------------------------------------
vda - 05-10-08 08:49
----------------------------------------------------------------------
Please test whether it is fixed by adding (unsigned) cast:
timeout_ms -= ((unsigned)monotonic_us() - prevTime) / 1000;
----------------------------------------------------------------------
Linkn - 05-11-08 20:44
----------------------------------------------------------------------
Yes ,it is fixed by this mode:
1: timeout_ms -= ((unsigned)monotonic_us() - prevTime) / 1000;
2: unsigned long long prevTime = monotonic_us();
----------------------------------------------------------------------
vda - 05-12-08 07:14
----------------------------------------------------------------------
> Yes ,it is fixed by this mode:
> 1: timeout_ms -= ((unsigned)monotonic_us() - prevTime) / 1000;
> 2: unsigned long long prevTime = monotonic_us();
I don't understand. I asked whether _only_ adding (unsigned) is enough.
I'd like to avoid using "long long" as it results in bigger code.
Can you test whether only adding (unsigned) works?
Issue History
Date Modified Username Field Change
======================================================================
05-09-08 04:10 Linkn New Issue
05-09-08 04:10 Linkn Status new => assigned
05-09-08 04:10 Linkn Assigned To => BusyBox
05-09-08 04:51 vda Note Added: 0007584
05-09-08 04:56 vda Note Added: 0007594
05-09-08 20:09 Linkn Issue Monitored: Linkn
05-09-08 20:32 Linkn Note Added: 0007614
05-09-08 20:36 Linkn Note Edited: 0007614
05-10-08 08:49 vda Note Added: 0007624
05-11-08 20:43 Linkn Note Added: 0007634
05-11-08 20:44 Linkn Note Edited: 0007634
05-12-08 07:14 vda Note Added: 0007644
======================================================================
More information about the busybox-cvs
mailing list