Bug #14696: nvmeadm command dumps core when libumem.so is used - illumos gate - illumos

Actions

Copy link

Bug #14696

closed

nvmeadm command dumps core when libumem.so is used

Added by Hans Rosenfeld 3 months ago. Updated 3 months ago.

Status:

Closed

Priority:

Normal

Assignee:

Hans Rosenfeld

Category:

cmd - userland programs

Start date:

Due date:

% Done:

100%

Estimated time:

Difficulty:

Bite-size

Tags:

Gerrit CR:

2154

Description

# env LD_PRELOAD=libumem.so nvmeadm list
nvme1: model: SAMSUNG MZVPV128HDGM-00000, serial: S1XVNYAGA00640, FW rev: BXW7300Q, NVMe v1.1
  nvme1/1 (c1t1d0): Size = 122104 MB, Capacity = 122104 MB, Used = 121511 MB
Abort (core dumped)

The culprit is this code in nvme_dskname():

        path = di_dim_path_dev(dim, di_driver_name(child),
            di_instance(child), "c");

        /*
         * Error out if we didn't get a path, or if it's too short for
         * the following operations to be safe.
         */
        if (path == NULL || strlen(path) < 2)
            goto fail;

        /* Chop off 's0' and get everything past the last '/' */
        path[strlen(path) - 2] = '\0';
        path = strrchr(path, '/');
        if (path == NULL)
            goto fail;
        path++;

When nvme_process() returns, it frees 'path', but 'path' points in the middle of the chunk of memory that was allocated by di_dim_path_dev().

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

illumos gate

Custom queries

Bug #14696

nvmeadm command dumps core when libumem.so is used

Updated by Hans Rosenfeld 3 months ago

Updated by Electric Monk 3 months ago

Updated by Hans Rosenfeld 3 months ago

Updated by Electric Monk 3 months ago