Fix sbcheck() to check all packets on socket buffer.

Also fix data types and printf formats while I'm here.

PR:	misc/8494

Panic instead of looping forever in sbflush().  If sb_mbcnt counts
more mbufs than sb_cc counts bytes, the original code can turn into an
infinite loop of removing 0 bytes from the socket buffer until it's empty.
This commit is contained in:
fenner 1998-11-04 20:22:11 +00:00
parent c2c9d2577f
commit 0b1ffe8fd6
2 changed files with 22 additions and 18 deletions

View File

@ -31,7 +31,7 @@
* SUCH DAMAGE.
*
* @(#)uipc_socket2.c 8.1 (Berkeley) 6/10/93
* $Id: uipc_socket2.c,v 1.38 1998/09/04 13:13:18 ache Exp $
* $Id: uipc_socket2.c,v 1.39 1998/09/05 13:24:39 bde Exp $
*/
#include <sys/param.h>
@ -477,18 +477,20 @@ sbcheck(sb)
register struct sockbuf *sb;
{
register struct mbuf *m;
register int len = 0, mbcnt = 0;
register struct mbuf *n = 0;
register u_long len = 0, mbcnt = 0;
for (m = sb->sb_mb; m; m = m->m_next) {
for (m = sb->sb_mb; m; m = n) {
n = m->m_nextpkt;
for (; m; m = m->m_next) {
len += m->m_len;
mbcnt += MSIZE;
if (m->m_flags & M_EXT) /*XXX*/ /* pretty sure this is bogus */
mbcnt += m->m_ext.ext_size;
if (m->m_nextpkt)
panic("sbcheck nextpkt");
}
}
if (len != sb->sb_cc || mbcnt != sb->sb_mbcnt) {
printf("cc %d != %d || mbcnt %d != %d\n", len, sb->sb_cc,
printf("cc %ld != %ld || mbcnt %ld != %ld\n", len, sb->sb_cc,
mbcnt, sb->sb_mbcnt);
panic("sbcheck");
}
@ -720,10 +722,10 @@ sbflush(sb)
if (sb->sb_flags & SB_LOCK)
panic("sbflush: locked");
while (sb->sb_mbcnt)
while (sb->sb_mbcnt && sb->sb_cc)
sbdrop(sb, (int)sb->sb_cc);
if (sb->sb_cc || sb->sb_mb)
panic("sbflush: cc %ld || mb %p", sb->sb_cc, (void *)sb->sb_mb);
if (sb->sb_cc || sb->sb_mb || sb->sb_mbcnt)
panic("sbflush: cc %ld || mb %p || mbcnt %ld", sb->sb_cc, (void *)sb->sb_mb, sb->sb_mbcnt);
}
/*

View File

@ -31,7 +31,7 @@
* SUCH DAMAGE.
*
* @(#)uipc_socket2.c 8.1 (Berkeley) 6/10/93
* $Id: uipc_socket2.c,v 1.38 1998/09/04 13:13:18 ache Exp $
* $Id: uipc_socket2.c,v 1.39 1998/09/05 13:24:39 bde Exp $
*/
#include <sys/param.h>
@ -477,18 +477,20 @@ sbcheck(sb)
register struct sockbuf *sb;
{
register struct mbuf *m;
register int len = 0, mbcnt = 0;
register struct mbuf *n = 0;
register u_long len = 0, mbcnt = 0;
for (m = sb->sb_mb; m; m = m->m_next) {
for (m = sb->sb_mb; m; m = n) {
n = m->m_nextpkt;
for (; m; m = m->m_next) {
len += m->m_len;
mbcnt += MSIZE;
if (m->m_flags & M_EXT) /*XXX*/ /* pretty sure this is bogus */
mbcnt += m->m_ext.ext_size;
if (m->m_nextpkt)
panic("sbcheck nextpkt");
}
}
if (len != sb->sb_cc || mbcnt != sb->sb_mbcnt) {
printf("cc %d != %d || mbcnt %d != %d\n", len, sb->sb_cc,
printf("cc %ld != %ld || mbcnt %ld != %ld\n", len, sb->sb_cc,
mbcnt, sb->sb_mbcnt);
panic("sbcheck");
}
@ -720,10 +722,10 @@ sbflush(sb)
if (sb->sb_flags & SB_LOCK)
panic("sbflush: locked");
while (sb->sb_mbcnt)
while (sb->sb_mbcnt && sb->sb_cc)
sbdrop(sb, (int)sb->sb_cc);
if (sb->sb_cc || sb->sb_mb)
panic("sbflush: cc %ld || mb %p", sb->sb_cc, (void *)sb->sb_mb);
if (sb->sb_cc || sb->sb_mb || sb->sb_mbcnt)
panic("sbflush: cc %ld || mb %p || mbcnt %ld", sb->sb_cc, (void *)sb->sb_mb, sb->sb_mbcnt);
}
/*