|
Description
|
/export/home/tpm/demo/usr/src/uts/intel/ia32/genunix/../../../common/io/stream.c|223|dblk_constructor|ERROR|SIMPLE_BUFFER| Accessing static buffer 'dblk_cache' of size '9216' at ubound '9217'. [COUNTER=STATIC] [fit=5] [fit_fn=7] [fn_ex=0] [fn_counter=1] [ex=1] [counter=53] [z=-31.4068442150395] [fn-z=-4.35889894354067]
} else {
dbp->db_base = (unsigned char *)&dbp[1];
}
dbp->db_mblk->b_datap = dbp;
Error --->
dbp->db_cache = dblk_cache[index];
dbp->db_lim = dbp->db_base + msg_size;
dbp->db_free = dbp->db_lastfree = dblk_lastfree;
dbp->db_frtnp = NULL;
dbp->db_fthdr = NULL;
dbp->db_ftflw = NULL;
---------------------------------------------------------
I *believe* that the tool that generated this report is pointing out
that near line 233 of stream.c, the size of the dblk_cache[] array
is 73728 / 8 == 9216, while the ASSERT in the code above this
fragment says:
ASSERT(index <= (73728 >> 3));
or ASSERT(index <= 9216);
i.e. index could, according to this ASSERT, actually have the value
9216 which would mean that dblk_cache[index] would be off (over) by
one i.e. accessing the non-existent 9217th element of the array.
Oops.
Perhaps the ASSERT needs to be '<' instead of '<='
|