Crash in sendto_kdc.c
Greg Hudson
ghudson at mit.edu
Thu Oct 4 16:01:13 EDT 2018
[Removing kfwdev from the CC line; we no longer have a separate Windows
development team, so just krbdev is fine.]
On 10/04/2018 08:47 AM, mogasale.tech wrote:
> conn.out.sgbuf[0] = {len = 4, buff = ‘\0’}
> conn.out.sgbuf[1] = {len = 1882, buff = ‘some data’}
> conn.out.sgp = {len=??? buf=??? }
> conn.out.sg_count = -10339
> conn.out.msg_len_buf = ""
> nwritten = 3199132154
Thanks for the additional information. I think I finally know what is
going wrong here: SOCKET_WRITEV() is trying to return -1, but due to the
intricacies of the C type system, it is being treated as 2^32-1 on
64-bit Windows.
The fix I would like to try is to edit src/include/port-sockets.h and
change the first definition of SOCKET_WRITEV to:
#define SOCKET_WRITEV(FD, SG, LEN, TMP) \
(WSASend((FD), (SG), (LEN), &(TMP), 0, 0, 0) ? \
(ssize_t)-1 : (ssize_t)(TMP))
where the change is the addition of the (ssize_t) casts.
Without the casts, the type of the conditional expression is unsigned
32-bit, because -1 has type int and TMP has type DWORD, and unsigned
wins over signed for integer types of equal size. The quantity -1 in
that type has the value 2^32-1. When that value is cast to ssize_t
(signed 64-bit on 64-bit Windows), it retains the large positive value
instead of reverting back to -1 as it would on 32-bit Windows.
More information about the krbdev
mailing list