FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Crash Utility

 
 
LinkBack Thread Tools
 
Old 03-26-2012, 02:32 PM
Dave Anderson
 
Default fix segfaults in sial during script unload

Deferring to Luc Chouinard for his ACK.

Thanks,
Dave


----- Original Message -----
> There are a couple of segfault-causing memory accesses in sial when
> scripts are unloaded. Also, I noticed a memory leak in the vicinity of
> one of the segfaults.
>
> The patch below fixes these.
>
> (1) in reg_callback, while unloading, help_str, an unitialized
> pointer, is passed to sial_free()
>
> (2) the help_data pointers are sial_strdup()'d and not freed. the
> help_data itself is malloc()'d but not freed
>
> (3) in sial_deletefile(), the call to sial_freefile() frees the fdata,
> but it is removed from the list (a process which accesses
> this fdata) only in sial_findfile(name, 1).
>
> Rabin
>
> diff --git a/extensions/libsial/sial_func.c
> b/extensions/libsial/sial_func.c
> index cd4648f..c5373ef 100644
> --- a/extensions/libsial/sial_func.c
> +++ b/extensions/libsial/sial_func.c
> @@ -317,8 +317,8 @@ fdata *fd=sial_findfile(name, 0);
>
> if(fd) {
>
> - sial_freefile(fd);
> (void)sial_findfile(name, 1);
> + sial_freefile(fd);
> return 1;
>
> }
> diff --git a/extensions/sial.c b/extensions/sial.c
> index 49ae417..3b7df90 100644
> --- a/extensions/sial.c
> +++ b/extensions/sial.c
> @@ -887,6 +887,10 @@ struct command_table_entry *cp, *end;
> for (cp = command_table; cp->name; cp++) {
> if (!strcmp(cp->name, name)) {
> sial_free(cp->name);
> + sial_free(cp->help_data[0]);
> + sial_free(cp->help_data[2]);
> + sial_free(cp->help_data[3]);
> + free(cp->help_data);
> memmove(cp, cp+1, sizeof *cp
> *(NCMDS-(cp-command_table)-1));
> break;
> }
> @@ -937,7 +941,6 @@ char **help=malloc(sizeof *help * 5);
> }
> else rm_sial_cmd(name);
> }
> - sial_free(help_str);
> }
> free(help);
> return;
>

--
Crash-utility mailing list
Crash-utility@redhat.com
https://www.redhat.com/mailman/listinfo/crash-utility
 
Old 03-27-2012, 11:14 AM
"Luc Chouinard"
 
Default fix segfaults in sial during script unload

ACK'ing this one as well. Thanks Rabin.

> -----Original Message-----
> From: crash-utility-bounces@redhat.com [mailto:crash-utility-
> bounces@redhat.com] On Behalf Of Rabin Vincent
> Sent: Saturday, March 24, 2012 12:05 PM
> To: crash-utility@redhat.com
> Subject: [Crash-utility] [PATCH] fix segfaults in sial during script
unload
>
> There are a couple of segfault-causing memory accesses in sial when
scripts are
> unloaded. Also, I noticed a memory leak in the vicinity of one of the
segfaults.
>
> The patch below fixes these.
>
> (1) in reg_callback, while unloading, help_str, an unitialized
> pointer, is passed to sial_free()
>
> (2) the help_data pointers are sial_strdup()'d and not freed. the
> help_data itself is malloc()'d but not freed
>
> (3) in sial_deletefile(), the call to sial_freefile() frees the fdata,
> but it is removed from the list (a process which accesses
> this fdata) only in sial_findfile(name, 1).
>
> Rabin
>
> diff --git a/extensions/libsial/sial_func.c
b/extensions/libsial/sial_func.c index
> cd4648f..c5373ef 100644
> --- a/extensions/libsial/sial_func.c
> +++ b/extensions/libsial/sial_func.c
> @@ -317,8 +317,8 @@ fdata *fd=sial_findfile(name, 0);
>
> if(fd) {
>
> - sial_freefile(fd);
> (void)sial_findfile(name, 1);
> + sial_freefile(fd);
> return 1;
>
> }
> diff --git a/extensions/sial.c b/extensions/sial.c index
49ae417..3b7df90 100644
> --- a/extensions/sial.c
> +++ b/extensions/sial.c
> @@ -887,6 +887,10 @@ struct command_table_entry *cp, *end;
> for (cp = command_table; cp->name; cp++) {
> if (!strcmp(cp->name, name)) {
> sial_free(cp->name);
> + sial_free(cp->help_data[0]);
> + sial_free(cp->help_data[2]);
> + sial_free(cp->help_data[3]);
> + free(cp->help_data);
> memmove(cp, cp+1, sizeof *cp
*(NCMDS-(cp-command_table)-1));
> break;
> }
> @@ -937,7 +941,6 @@ char **help=malloc(sizeof *help * 5);
> }
> else rm_sial_cmd(name);
> }
> - sial_free(help_str);
> }
> free(help);
> return;
>
> --
> Crash-utility mailing list
> Crash-utility@redhat.com
> https://www.redhat.com/mailman/listinfo/crash-utility

--
Crash-utility mailing list
Crash-utility@redhat.com
https://www.redhat.com/mailman/listinfo/crash-utility
 
Old 03-27-2012, 12:55 PM
Rabin Vincent
 
Default fix segfaults in sial during script unload

On Sat, Mar 24, 2012 at 21:34, Rabin Vincent <rabin@rab.in> wrote:
> (1) in reg_callback, while unloading, help_str, an unitialized
> * *pointer, is passed to sial_free()

It was pointed out to me that this part was already fixed in
crash 6.0.3.

The other parts are still relevant in 6.0.5.

Rabin

--
Crash-utility mailing list
Crash-utility@redhat.com
https://www.redhat.com/mailman/listinfo/crash-utility
 

Thread Tools




All times are GMT. The time now is 09:38 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org