[Crash-utility] [PATCH] fix segfaults in sial during script unload

Luc Chouinard LChouinard at s2sys.com
Tue Mar 27 11:14:31 UTC 2012 

ACK'ing this one as well. Thanks Rabin.

> -----Original Message-----
> From: crash-utility-bounces at redhat.com [mailto:crash-utility-
> bounces at redhat.com] On Behalf Of Rabin Vincent
> Sent: Saturday, March 24, 2012 12:05 PM
> To: crash-utility at redhat.com
> Subject: [Crash-utility] [PATCH] fix segfaults in sial during script
unload
> 
> There are a couple of segfault-causing memory accesses in sial when
scripts are
> unloaded.  Also, I noticed a memory leak in the vicinity of one of the
segfaults.
> 
> The patch below fixes these.
> 
> (1) in reg_callback, while unloading, help_str, an unitialized
>     pointer, is passed to sial_free()
> 
> (2) the help_data pointers are sial_strdup()'d and not freed.  the
>     help_data itself is malloc()'d but not freed
> 
> (3) in sial_deletefile(), the call to sial_freefile() frees the fdata,
>     but it is removed from the list (a process which accesses
>     this fdata) only in sial_findfile(name, 1).
> 
> Rabin
> 
> diff --git a/extensions/libsial/sial_func.c
b/extensions/libsial/sial_func.c index
> cd4648f..c5373ef 100644
> --- a/extensions/libsial/sial_func.c
> +++ b/extensions/libsial/sial_func.c
> @@ -317,8 +317,8 @@ fdata *fd=sial_findfile(name, 0);
> 
>  	if(fd) {
> 
> -		sial_freefile(fd);
>                  (void)sial_findfile(name, 1);
> +		sial_freefile(fd);
>  		return 1;
> 
>  	}
> diff --git a/extensions/sial.c b/extensions/sial.c index
49ae417..3b7df90 100644
> --- a/extensions/sial.c
> +++ b/extensions/sial.c
> @@ -887,6 +887,10 @@ struct command_table_entry *cp, *end;
>      for (cp = command_table; cp->name; cp++) {
>          if (!strcmp(cp->name, name)) {
>              sial_free(cp->name);
> +            sial_free(cp->help_data[0]);
> +            sial_free(cp->help_data[2]);
> +            sial_free(cp->help_data[3]);
> +            free(cp->help_data);
>              memmove(cp, cp+1, sizeof *cp
*(NCMDS-(cp-command_table)-1));
>              break;
>          }
> @@ -937,7 +941,6 @@ char **help=malloc(sizeof *help * 5);
>              }
>              else rm_sial_cmd(name);
>          }
> -        sial_free(help_str);
>      }
>      free(help);
>      return;
> 
> --
> Crash-utility mailing list
> Crash-utility at redhat.com
> https://www.redhat.com/mailman/listinfo/crash-utility

More information about the Crash-utility mailing list