Project

General

Profile

Bug #14696

Updated by Hans Rosenfeld 3 months ago

<pre> 
 # env LD_PRELOAD=libumem.so nvmeadm list 
 nvme1: model: SAMSUNG MZVPV128HDGM-00000, serial: S1XVNYAGA00640, FW rev: BXW7300Q, NVMe v1.1 
   nvme1/1 (c1t1d0): Size = 122104 MB, Capacity = 122104 MB, Used = 121511 MB 
 Abort (core dumped) 
 </pre> 

 The culprit is this code in nvme_dskname(): nvme_process(): 

 <pre> 
		 path = di_dim_path_dev(dim, di_driver_name(child), 
		     di_instance(child), "c"); 

		 /* 
		  * Error out if we didn't get a path, or if it's too short for 
		  * the following operations to be safe. 
		  */ 
		 if (path == NULL || strlen(path) < 2) 
			 goto fail; 

		 /* Chop off 's0' and get everything past the last '/' */ 
		 path[strlen(path) - 2] = '\0'; 
		 path = strrchr(path, '/'); 
		 if (path == NULL) 
			 goto fail; 
		 path++; 
 </pre> <pre> 

 When nvme_process() returns, it frees 'path', but 'path' points in the middle of the chunk of memory that was allocated by di_dim_path_dev().

Back