FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Crash Utility

 
 
LinkBack Thread Tools
 
Old 05-09-2012, 09:07 AM
Per Fransson
 
Default : double free in trace extension

Hi Dave and other list readers,

First, just like some other contributors, I've come across an issue
triggered by a dump being corrupt. In my case it's this code in
kernel.c:cpu_maps_init():


if (*maskptr & (0x1UL << c)) {
cpu = (i * BITS_PER_LONG) + c;
kt->cpu_flags[cpu] |= mapinfo[m].cpu_flag;
}

The mask is corrupt, making Crash believe there are more CPU's than the
four we have allocated space for in kernel.c:kernel_init. How do you
think this should be handled?



Second, I believe there is a double free in the trace extension. When
ftrace_init_pages() fails it will free


cpu_buffer->pages

and

cpu_buffer->linear_pages

But when ftrace_init_pages() fails, ftrace_init_buffers() will call
ftrace_destroy_buffers() which also free's this space. For me this
resulted in a segfault in a malloc() a little later.



Regards,
Per
--
Crash-utility mailing list
Crash-utility@redhat.com
https://www.redhat.com/mailman/listinfo/crash-utility
 
Old 05-09-2012, 12:45 PM
Dave Anderson
 
Default : double free in trace extension

----- Original Message -----
> Hi Dave and other list readers,
>
> First, just like some other contributors, I've come across an issue
> triggered by a dump being corrupt. In my case it's this code in
> kernel.c:cpu_maps_init():
>
> if (*maskptr & (0x1UL << c)) {
> cpu = (i * BITS_PER_LONG) + c;
> kt->cpu_flags[cpu] |= mapinfo[m].cpu_flag;
> }
>
> The mask is corrupt, making Crash believe there are more CPU's than the
> four we have allocated space for in kernel.c:kernel_init. How do you
> think this should be handled?

Does the "crash --cpus <number> ..." command-line option work around it?

Dave

--
Crash-utility mailing list
Crash-utility@redhat.com
https://www.redhat.com/mailman/listinfo/crash-utility
 

Thread Tools




All times are GMT. The time now is 01:27 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org