Project

General

Profile

Actions
Copy link

Bug #5491

closed

libipadm`i_ipadm_init_ifs() calls free() on bogus memory address

Added by Yuri Pankov almost 7 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Yuri Pankov
Category:
lib - userland libraries
Start date:
2014-12-27
Due date:
% Done:

100%

Estimated time:
Difficulty:
Bite-size
Tags:
Gerrit CR:

Description

# ipadm create-if igb1
# ipadm disable-if -t igb1
# LD_PRELOAD="libumem.so" ipadm enable-if -t igb1
Abort (core dumped)
#

# pstack core
core 'core' of 101106:  ipadm enable-if -t igb1
 feeed3b7 _lwp_kill (1, 6, 0, 1, feae2000, feabebf3) + 7
 fee82aeb raise    (6, fef80bd0, fee53280, feae2000) + 2b
 feab4134 umem_do_abort (feae2000, 6, 8047ae8, feab65ff, feabebf3, feabee75) + 2b
 feab41ba umem_err_recoverable (feabebf3, feabee75, 80fdc90, feabee33, 80f4fa8, 0) + 5a
 feab65ff process_free (80fdc90, 1, 0, feda5000) + bf
 feab671e umem_malloc_free (80fdc90) + 1a
 fed85f15 i_ipadm_init_ifs (80eff88, 8047d6b, 8047b9c, fed90020) + 196
 fed90098 ipadm_enable_if (80eff88, 8047d6b, 2, 38) + 98
 080553e5 do_enable_if (3) + 55
 08052e72 main     (feeeed07, fef676e8, 8047c54, 80525c7, 4, 8047c60) + df
 080525c7 _start   (4, 8047d58, 8047d5e, 8047d68, 8047d6b, 0) + 83
Actions
Copy link

Also available in: Atom PDF