On Wed, 26 Jun 2019 09:12:02 +0200 Sascha Hauer <s.hauer@xxxxxxxxxxxxxx> wrote: > Hi Antony, > > On Wed, Jun 19, 2019 at 01:49:16PM +0300, Antony Pavlov wrote: > > Tap network interface initialization in sandbox > > barebox leads to segfault under Debian Buster/Sid. > > > > The problem is that strcpy(dev, ifr.ifr_name) inside > > tap_alloc() tries to alter read-only data passed > > by tap_probe() and barebox receives SIGSEGV. > > > > Signed-off-by: Antony Pavlov <antonynpavlov@xxxxxxxxx> > > --- > > drivers/net/tap.c | 4 ++-- > > 1 file changed, 2 insertions(+), 2 deletions(-) > > > > diff --git a/drivers/net/tap.c b/drivers/net/tap.c > > index 1fbfa085b1..d7e32f4875 100644 > > --- a/drivers/net/tap.c > > +++ b/drivers/net/tap.c > > @@ -14,7 +14,7 @@ > > > > struct tap_priv { > > int fd; > > - char *name; > > + char name[128]; > > }; > > > > static int tap_eth_send(struct eth_device *edev, void *packet, int length) > > @@ -65,7 +65,7 @@ static int tap_probe(struct device_d *dev) > > int ret = 0; > > > > priv = xzalloc(sizeof(struct tap_priv)); > > - priv->name = "barebox"; > > + strncpy(priv->name, "barebox", sizeof(priv->name)); > > > > priv->fd = tap_alloc(priv->name); > > Can we change the prototype of tap_alloc() to something like this: > > int tap_alloc(const char *name, int *fd, char **outname); > > outname would be an allocated string to be freed by the caller. There is one problem. tap_alloc works in the sandbox "os domain" (glibc *alloc&free etc), the caller works in the "barebox domain" (barebox *alloc&free). Can we just drop this outname? nobody actually use it at the moment. -- Best regards, Antony Pavlov _______________________________________________ barebox mailing list barebox@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/barebox