Hi, Norman

 

I prefer to fix the root cause. However my attempt outlined below did not work, since it does not take into account that the function writes a ‘\0’ at the end of the destination string (something the standard C library function doesn’t do), for which the calculated size value has to be adjusted. The final fix of Genode::strncpy() is:

        size_t i = 0;

        for (; i < (size - 1); ++i)     // last char will be set to \0 anyway

        {

            if (src[i] == 0)

            {

                size = i + 1;           // let room for \0 char

                break;

            }

        }

 

Frank

> -----Original Message-----

> From: Norman Feske [mailto:norman.feske@...1...]

> Sent: Monday, August 03, 2009 3:08 PM

> To: Genode OS Framework Mailing List

> Subject: Re: Problem with 'test-pci'

>

> Hi Frank,

>

> thanks for your investigation. We have also hit this issue (hence my

> initial guess) on real hardware and it will be fixed in the upcoming

> release. Until then, I hope you are fine with the interim solution of

> appending the zero-termination manually. Of course, the pending null

> character does not comply to the XML syntax. It's just a work-around.

>

> Regards

> Norman

>

> Frank Kaiser wrote:

> > Your guess is right: The page fault is caused while parsing the config

> > file. The trigger is the method /Xml_node::content()/, which tries to

> > copy the process’ filename from the config file, but the root cause is a

> > nasty bug in function /Genode::strncpy()/ which is used to obtain the

> > filename. In the function’s first line /Genode::strlen()/ is used to

> > determine the length of the source string. In the given case, where the

> > source is a tagged item of the config file having no null termination,

> > /strlen()/ runs thru the memory until it randomly finds a null

> > character. For my opinion /Genode::strncpy()/ is not allowed to parse

> > the source string beyond the given /size/ argument. Your suggestion of

> > appending a null character to the config file (by the way: how is this

> > to be done w/o corrupting the XML syntax?) heals a symptome, but does

> > not solve the root cause.

> >

> > I tried to fix /Genode::strncpy()/ myself. Since there is no function

> > /Genode::strnlen()/, I made the following change:

> >

> >         size_t i = 0;

> >

> >         while (i < size)

> >

> >         {

> >

> >             if (src[i] == 0)

> >

> >             {

> >

> >                 size = i;

> >

> >                 break;

> >

> >             }

> >

> >             ++i;

> >

> >         }

> >

> > Interestingly this seem to trigger another problem. Now I get on all

> > platforms the following two errors:

> >

> > virtual Genode::Session_capability Genode::Core_parent::session(const

> > char*, const char*): service_name="RM" arg="ram_quota=4K" not handled

> >

> > virtual Genode::Session_capability Genode::Core_parent::session(const

> > char*, const char*): service_name="PD" arg="ram_quota=4K" not handled

> >

> > Could it be that there are already some workarounds for buggy

> > /Genode::strncpy()/, which do not work anymore once the function is fixed?

> >

> >

> >

> > Frank