Bug #5491
libipadm`i_ipadm_init_ifs() calls free() on bogus memory address
Start date:
2014-12-27
Due date:
% Done:
100%
Estimated time:
Difficulty:
Bite-size
Tags:
Gerrit CR:
Description
# ipadm create-if igb1 # ipadm disable-if -t igb1 # LD_PRELOAD="libumem.so" ipadm enable-if -t igb1 Abort (core dumped) #
# pstack core core 'core' of 101106: ipadm enable-if -t igb1 feeed3b7 _lwp_kill (1, 6, 0, 1, feae2000, feabebf3) + 7 fee82aeb raise (6, fef80bd0, fee53280, feae2000) + 2b feab4134 umem_do_abort (feae2000, 6, 8047ae8, feab65ff, feabebf3, feabee75) + 2b feab41ba umem_err_recoverable (feabebf3, feabee75, 80fdc90, feabee33, 80f4fa8, 0) + 5a feab65ff process_free (80fdc90, 1, 0, feda5000) + bf feab671e umem_malloc_free (80fdc90) + 1a fed85f15 i_ipadm_init_ifs (80eff88, 8047d6b, 8047b9c, fed90020) + 196 fed90098 ipadm_enable_if (80eff88, 8047d6b, 2, 38) + 98 080553e5 do_enable_if (3) + 55 08052e72 main (feeeed07, fef676e8, 8047c54, 80525c7, 4, 8047c60) + df 080525c7 _start (4, 8047d58, 8047d5e, 8047d68, 8047d6b, 0) + 83
Updated by Yuri Pankov about 6 years ago
- Subject changed from leaked buffer in libipadm`i_ipadm_init_ifs() to libipadm`i_ipadm_init_ifs() calls free() on bogus memory address
- % Done changed from 50 to 90
Updated by Electric Monk about 6 years ago
- Status changed from In Progress to Closed
- % Done changed from 90 to 100
git commit ad69a33458cf73ee14857d57799cf686946e0b88
commit ad69a33458cf73ee14857d57799cf686946e0b88
Author: Yuri Pankov <yuri.pankov@nexenta.com>
Date: 2014-12-31T17:27:36.000Z
5491 libipadm`i_ipadm_init_ifs() calls free() on bogus memory address
Reviewed by: Marcel Telka <marcel.telka@nexenta.com>
Reviewed by: Rick McNeal <rick.mcneal@nexenta.com>
Reviewed by: Andy Stormont <astormont@racktopsystems.com>
Reviewed by: Sebastien Roy <sebastien.roy@delphix.com>
Approved by: Robert Mustacchi <rm@joyent.com>