bugzilla-daemon at mindrot.org
2003-Sep-05 04:23 UTC
[Bug 458] sshd crashes with "fatal: mm_malloc: size too big"
http://bugzilla.mindrot.org/show_bug.cgi?id=458 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- OS/Version|IRIX |All Platform|MIPS |All ------- Additional Comments From dtucker at zip.com.au 2003-09-05 14:23 ------- I had to reformat Guido's post to read it: "Same Problem on Solaris 8 Build 32-Bit, gcc 2.95-3 It seems that line 170 in monitor_mm.c is the problem: if (size > SIZE_T_MAX - MM_MINSIZE + 1) fatal("mm_malloc: size too big"); size seems to be a different type (uint32) in defines.h: #ifndef SIZE_T_MAX # define SIZE_T_MAX ULONG_MAX #endif /* SIZE_T_MAX */ #ifndef HAVE_SIZE_T typedef unsigned int size_t; # define HAVE_SIZE_T #endif /* HAVE_SIZE_T */ the line #define SIZE_T_MAX ULONG_MAX should be changed, I tried # define SIZE_T_MAX ((2 << (8 * sizeof(size_t)) - 1) but got an error (also out of bounds :-( The definition of SIZE_T_MAX has to be changed to be in the range of the type of size>From the build log:gcc -O3 -pipe -mcpu=ultrasparc -m32 -I. -I. -I/usr/local/include -I/usr/local/include -DSSHDIR=\"/etc/ssh\" -D_PATH_SSH_PROGRAM=\"/usr/local/bin/ssh\" -D_PATH_ SSH_ASKPASS_DEFAULT=\"/usr/local/lib/ssh/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/us r/local/lib/ssh/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/local/lib/ssh/ssh-keysign\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DSSH_RAND_HELPER=\"/usr/local/lib/ssh/ssh-rand-helper\" -DHAVE_CONFIG_H -c monitor_mm.c monitor_mm.c: In function `mm_malloc': monitor_mm.c:170: warning: integer overflow in expression monitor_mm.c:170: warning: comparison is always true due to limited range of data type" ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Sep-05 04:30 UTC
[Bug 458] sshd crashes with "fatal: mm_malloc: size too big"
http://bugzilla.mindrot.org/show_bug.cgi?id=458 ------- Additional Comments From dtucker at zip.com.au 2003-09-05 14:30 ------- Created an attachment (id=380) --> (http://bugzilla.mindrot.org/attachment.cgi?id=380&action=view) Set SIZE_T_MAX to UINT_MAX if we we define size_t ourselves. defines.h is obviously wrong for the case where neither SIZE_T_MAX or size_t are defined; size_t ends up as unsigned int, while SIZE_T_MAX ends up as ULONG max. That works if sizeof(unsigned int) == sizeof(unsigned long). Any objections to this patch? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Sep-05 04:38 UTC
[Bug 458] sshd crashes with "fatal: mm_malloc: size too big"
http://bugzilla.mindrot.org/show_bug.cgi?id=458 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- OtherBugsDependingO| |627 nThis| | Status|NEW |ASSIGNED ------- Additional Comments From dtucker at zip.com.au 2003-09-05 14:38 ------- BTW, the "U" means the constant should be evaluated as an unsigned. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Sep-05 04:41 UTC
[Bug 458] sshd crashes with "fatal: mm_malloc: size too big"
http://bugzilla.mindrot.org/show_bug.cgi?id=458 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #380 is|0 |1 obsolete| | ------- Additional Comments From dtucker at zip.com.au 2003-09-05 14:41 ------- Created an attachment (id=381) --> (http://bugzilla.mindrot.org/attachment.cgi?id=381&action=view) Set SIZE_T_MAX to UINT_MAX if we we define size_t ourselves. Sorry, mixed patch. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.