File 0019-fcping-fix-erroneous-memory-free.patch of Package fcoe-utils
From fcoe-devel-bounces@open-fcoe.org Thu Oct 15 20:04:30 2015 From: Vasu Dev <vasu.dev@intel.com> To: fcoe-devel@open-fcoe.org Date: Thu, 15 Oct 2015 11:03:34 -0700 Message-ID: <20151015180334.16702.29362.stgit@lin-nd1-054.jf.intel.com> Subject: [Open-FCoE] [next PATCH] fcping: fix erroneous memory free corruption Erroneous struct port_attrs memory free is causing following error dump:- *** Error in `fcping': double free or corruption (out): 0x0000000001e6a0d0 ======= Backtrace: ========= /lib64/libc.so.6(+0x75acf)[0x7f8d446dcacf] /lib64/libc.so.6(+0x7cdf8)[0x7f8d446e3df8] fcping[0x401e98] /lib64/libc.so.6(__libc_start_main+0xf5)[0x7f8d44688d65] fcping[0x402961] ======= Memory map: ======== 00400000-00407000 r-xp 00000000 fc:01 757066 /usr/sbin/fcping 00606000-00607000 r--p 00006000 fc:01 757066 /usr/sbin/fcping 00607000-00608000 rw-p 00007000 fc:01 757066 /usr/sbin/fcping 01e6a000-01e8b000 rw-p 00000000 00:00 0 [heap] 7f8d44234000-7f8d44249000 r-xp 00000000 fc:01 754236 /usr/lib64/libgcc_s-4.8.3-20140911.so.1 7f8d44249000-7f8d44448000 ---p 00015000 fc:01 754236 /usr/lib64/libgcc_s-4.8.3-20140911.so.1 7f8d44448000-7f8d44449000 r--p 00014000 fc:01 754236 /usr/lib64/libgcc_s-4.8.3-20140911.so.1 7f8d44449000-7f8d4444a000 rw-p 00015000 fc:01 754236 /usr/lib64/libgcc_s-4.8.3-20140911.so.1 7f8d4444a000-7f8d44462000 r-xp 00000000 fc:01 754294 /usr/lib64/libpthread-2.18.so 7f8d44462000-7f8d44661000 ---p 00018000 fc:01 754294 /usr/lib64/libpthread-2.18.so 7f8d44661000-7f8d44662000 r--p 00017000 fc:01 754294 /usr/lib64/libpthread-2.18.so 7f8d44662000-7f8d44663000 rw-p 00018000 fc:01 754294 /usr/lib64/libpthread-2.18.so 7f8d44663000-7f8d44667000 rw-p 00000000 00:00 0 7f8d44667000-7f8d4481b000 r-xp 00000000 fc:01 754268 /usr/lib64/libc-2.18.so 7f8d4481b000-7f8d44a1a000 ---p 001b4000 fc:01 754268 /usr/lib64/libc-2.18.so 7f8d44a1a000-7f8d44a1e000 r--p 001b3000 fc:01 754268 /usr/lib64/libc-2.18.so 7f8d44a1e000-7f8d44a20000 rw-p 001b7000 fc:01 754268 /usr/lib64/libc-2.18.so 7f8d44a20000-7f8d44a25000 rw-p 00000000 00:00 0 7f8d44a25000-7f8d44a2c000 r-xp 00000000 fc:01 754298 /usr/lib64/librt-2.18.so 7f8d44a2c000-7f8d44c2b000 ---p 00007000 fc:01 754298 /usr/lib64/librt-2.18.so 7f8d44c2b000-7f8d44c2c000 r--p 00006000 fc:01 754298 /usr/lib64/librt-2.18.so 7f8d44c2c000-7f8d44c2d000 rw-p 00007000 fc:01 754298 /usr/lib64/librt-2.18.so 7f8d44c2d000-7f8d44c35000 r-xp 00000000 fc:01 755191 /usr/lib64/libpciaccess.so.0.11.1 7f8d44c35000-7f8d44e35000 ---p 00008000 fc:01 755191 /usr/lib64/libpciaccess.so.0.11.1 7f8d44e35000-7f8d44e36000 r--p 00008000 fc:01 755191 /usr/lib64/libpciaccess.so.0.11.1 7f8d44e36000-7f8d44e37000 rw-p 00009000 fc:01 755191 /usr/lib64/libpciaccess.so.0.11.1 7f8d44e37000-7f8d44e57000 r-xp 00000000 fc:01 754260 /usr/lib64/ld-2.18.so 7f8d4503d000-7f8d45041000 rw-p 00000000 00:00 0 7f8d45053000-7f8d45056000 rw-p 00000000 00:00 0 7f8d45056000-7f8d45057000 r--p 0001f000 fc:01 754260 /usr/lib64/ld-2.18.so 7f8d45057000-7f8d45058000 rw-p 00020000 fc:01 754260 /usr/lib64/ld-2.18.so 7f8d45058000-7f8d45059000 rw-p 00000000 00:00 0 7ffd50c1e000-7ffd50c3f000 rw-p 00000000 00:00 0 [stack] 7ffd50d93000-7ffd50d95000 r--p 00000000 00:00 0 [vvar] 7ffd50d95000-7ffd50d97000 r-xp 00000000 00:00 0 [vdso] ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall] Aborted (core dumped) It is due to struct port_attrs memory is freed in func fp_check_data_len() but then same is freed again on return from this function, so to fix this remove free from fp_check_data_len() while keep the free along its allocation in fp_check_data_len() caller. Signed-off-by: Vasu Dev <vasu.dev@intel.com> --- fcping.c | 2 -- 1 file changed, 2 deletions(-) --- a/fcping.c +++ b/fcping.c @@ -745,8 +745,6 @@ static void fp_check_data_len(void) maxframe_size = strtoul(port_attrs->maxframe_size, NULL, 16); sid = strtoul(port_attrs->port_id, NULL, 16); - free(port_attrs); - slen = maxframe_size - FP_LEN_ECHO; plen = MIN(flen, MIN(slen, dlen));
