[Bug 458] sshd crashes with "fatal: mm_malloc: size too big"

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Tue Dec 31 08:57:37 EST 2002


http://bugzilla.mindrot.org/show_bug.cgi?id=458

groeskens at bluewin.ch changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |groeskens at bluewin.ch



------- Additional Comments From groeskens at bluewin.ch  2002-12-31 08:57 -------
Same Problem on Solaris 8        Build 32-Bit, gcc 2.95-3              It seems that line 170 in monitor_mm.c is the problem:               if (size > SIZE_T_MAX - MM_MINSIZE + 1)                      fatal("mm_malloc: size too big");            size seems to be a different type (uint32)      in defines.h:     ---    #ifndef SIZE_T_MAX   #define SIZE_T_MAX ULONG_MAX   #endif /* SIZE_T_MAX */      #ifndef HAVE_SIZE_T    typedef unsigned int size_t;    # define HAVE_SIZE_T    #endif /* HAVE_SIZE_T */    ---      the line   #define SIZE_T_MAX ULONG_MAX  should be changed, I tried  # define SIZE_T_MAX ((2 << (8 * sizeof(size_t)) - 1)  but got an error (also out of bounds :-(      The definition of SIZE_T_MAX has to be changed to be in the range      of the type of size            From the build log:       ---        gcc -O3 -pipe -mcpu=ultrasparc -m32 -I. -I. -I/usr/local/include        -I/usr/local/i       nclude -DSSHDIR=\"/etc/ssh\" -D_PATH_SSH_PROGRAM=\"/usr/local/bin/ssh\"       -D_PATH_       SSH_ASKPASS_DEFAULT=\"/usr/local/lib/ssh/ssh-askpass\"       -D_PATH_SFTP_SERVER=\"/us       r/local/lib/ssh/sftp-server\"       -D_PATH_SSH_KEY_SIGN=\"/usr/local/lib/ssh/ssh-keys       ign\" -D_PATH_SSH_PIDDIR=\"/var/run\"       -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\"       -DSSH_RAND_HELPER=\"/usr/local/lib/ssh/ssh-rand-helper\" -DHAVE_CONFIG_H -c       monitor_mm.c       monitor_mm.c: In function `mm_malloc':       monitor_mm.c:170: warning: integer overflow in expression       monitor_mm.c:170: warning: comparison is always true due to limited range of       data type       ---        -- Guido 



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.



More information about the openssh-unix-dev mailing list