Project

General

Profile

Actions

Bug #5491

closed

libipadm`i_ipadm_init_ifs() calls free() on bogus memory address

Added by Yuri Pankov almost 7 years ago. Updated almost 7 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
lib - userland libraries
Start date:
2014-12-27
Due date:
% Done:

100%

Estimated time:
Difficulty:
Bite-size
Tags:
Gerrit CR:

Description

# ipadm create-if igb1
# ipadm disable-if -t igb1
# LD_PRELOAD="libumem.so" ipadm enable-if -t igb1
Abort (core dumped)
#
# pstack core
core 'core' of 101106:  ipadm enable-if -t igb1
 feeed3b7 _lwp_kill (1, 6, 0, 1, feae2000, feabebf3) + 7
 fee82aeb raise    (6, fef80bd0, fee53280, feae2000) + 2b
 feab4134 umem_do_abort (feae2000, 6, 8047ae8, feab65ff, feabebf3, feabee75) + 2b
 feab41ba umem_err_recoverable (feabebf3, feabee75, 80fdc90, feabee33, 80f4fa8, 0) + 5a
 feab65ff process_free (80fdc90, 1, 0, feda5000) + bf
 feab671e umem_malloc_free (80fdc90) + 1a
 fed85f15 i_ipadm_init_ifs (80eff88, 8047d6b, 8047b9c, fed90020) + 196
 fed90098 ipadm_enable_if (80eff88, 8047d6b, 2, 38) + 98
 080553e5 do_enable_if (3) + 55
 08052e72 main     (feeeed07, fef676e8, 8047c54, 80525c7, 4, 8047c60) + df
 080525c7 _start   (4, 8047d58, 8047d5e, 8047d68, 8047d6b, 0) + 83
Actions #1

Updated by Yuri Pankov almost 7 years ago

  • Subject changed from leaked buffer in libipadm`i_ipadm_init_ifs() to libipadm`i_ipadm_init_ifs() calls free() on bogus memory address
  • % Done changed from 50 to 90
Actions #2

Updated by Electric Monk almost 7 years ago

  • Status changed from In Progress to Closed
  • % Done changed from 90 to 100

git commit ad69a33458cf73ee14857d57799cf686946e0b88

commit  ad69a33458cf73ee14857d57799cf686946e0b88
Author: Yuri Pankov <yuri.pankov@nexenta.com>
Date:   2014-12-31T17:27:36.000Z

    5491 libipadm`i_ipadm_init_ifs() calls free() on bogus memory address
    Reviewed by: Marcel Telka <marcel.telka@nexenta.com>
    Reviewed by: Rick McNeal <rick.mcneal@nexenta.com>
    Reviewed by: Andy Stormont <astormont@racktopsystems.com>
    Reviewed by: Sebastien Roy <sebastien.roy@delphix.com>
    Approved by: Robert Mustacchi <rm@joyent.com>

Actions

Also available in: Atom PDF