Re: [Crash-utility] [PATCH] fix segfaults in sial during script unload
ACK'ing this one as well. Thanks Rabin.
-----Original Message-----
From: crash-utility-bounces(a)redhat.com [mailto:crash-utility-
bounces(a)redhat.com] On Behalf Of Rabin Vincent
Sent: Saturday, March 24, 2012 12:05 PM
To: crash-utility(a)redhat.com
Subject: [Crash-utility] [PATCH] fix segfaults in sial during script
unload
There are a couple of segfault-causing memory accesses in sial when
scripts are
unloaded. Also, I noticed a memory leak in the vicinity of one of
the
segfaults.
The patch below fixes these.
(1) in reg_callback, while unloading, help_str, an unitialized
pointer, is passed to sial_free()
(2) the help_data pointers are sial_strdup()'d and not freed. the
help_data itself is malloc()'d but not freed
(3) in sial_deletefile(), the call to sial_freefile() frees the fdata,
but it is removed from the list (a process which accesses
this fdata) only in sial_findfile(name, 1).
Rabin
diff --git a/extensions/libsial/sial_func.c
b/extensions/libsial/sial_func.c index
cd4648f..c5373ef 100644
--- a/extensions/libsial/sial_func.c
+++ b/extensions/libsial/sial_func.c
@@ -317,8 +317,8 @@ fdata *fd=sial_findfile(name, 0);
if(fd) {
- sial_freefile(fd);
(void)sial_findfile(name, 1);
+ sial_freefile(fd);
return 1;
}
diff --git a/extensions/sial.c b/extensions/sial.c index
49ae417..3b7df90 100644
--- a/extensions/sial.c
+++ b/extensions/sial.c
@@ -887,6 +887,10 @@ struct command_table_entry *cp, *end;
for (cp = command_table; cp->name; cp++) {
if (!strcmp(cp->name, name)) {
sial_free(cp->name);
+ sial_free(cp->help_data[0]);
+ sial_free(cp->help_data[2]);
+ sial_free(cp->help_data[3]);
+ free(cp->help_data);
memmove(cp, cp+1, sizeof *cp
*(NCMDS-(cp-command_table)-1));
break;
}
@@ -937,7 +941,6 @@ char **help=malloc(sizeof *help * 5);
}
else rm_sial_cmd(name);
}
- sial_free(help_str);
}
free(help);
return;
--
Crash-utility mailing list
Crash-utility(a)redhat.com
https://www.redhat.com/mailman/listinfo/crash-utility