[FS#544] kmodloader segfault on ixp4xx (armeb)
LEDE Bugs
lede-bugs at lists.infradead.org
Wed Feb 22 09:50:39 PST 2017
The following task has a new comment added:
FS#544 - kmodloader segfault on ixp4xx (armeb)
User who did this - Ted Hess (thess)
----------
Somewhat less than elegant solution - calloc_a() argument alignment is the most likely culprit. This patch does alleviate the issue.
--- a/kmodloader.c
+++ b/kmodloader.c
@@ -250,7 +250,6 @@ alloc_module(const char *name, const cha
{
struct module *m;
char *_name, *_dep;
- char **_aliases;
int i, len_aliases;
len_aliases = naliases * sizeof(aliases[0]);
@@ -258,11 +257,9 @@ alloc_module(const char *name, const cha
len_aliases += strlen(aliases[i]) + 1;
m = calloc_a(sizeof(*m),
&_name, strlen(name) + 1,
- &_dep, depends ? strlen(depends) + 2 : 0,
- &_aliases, len_aliases);
+ &_dep, depends ? strlen(depends) + 2 : 0);
if (!m)
return NULL;
-
m->name = strcpy(_name, name);
m->opts = 0;
@@ -279,18 +276,22 @@ alloc_module(const char *name, const cha
if (naliases == 0)
m->aliases = NULL;
else {
- char *ptr = (char *)_aliases + naliases * sizeof(_aliases[0]);
+ m->aliases = (char **)calloc(1, len_aliases);
+ if (!m->aliases) {
+ m->naliases = 0;
+ return NULL;
+ }
+ char *ptr = (char *)m->aliases + naliases * sizeof(char *);
int len;
i = 0;
do {
len = strlen(aliases[i]) + 1;
memcpy(ptr, aliases[i], len);
- _aliases[i] = ptr;
+ m->aliases[i] = ptr;
ptr += len;
i++;
} while (i < naliases);
- m->aliases = _aliases;
}
m->refcnt = 0;
@@ -305,6 +306,8 @@ static void free_module(struct module *m
{
if (m->opts)
free(m->opts);
+ if (m->aliases)
+ free(m->aliases);
free(m);
}
----------
One or more files have been attached.
More information can be found at the following URL:
https://bugs.lede-project.org/index.php?do=details&task_id=544#comment1952
More information about the lede-bugs
mailing list