[FS#544] kmodloader segfault on ixp4xx (armeb)

[LEDE Bugs]

The following task has a new comment added:

FS#544 - kmodloader segfault on ixp4xx (armeb)
User who did this - Ted Hess (thess)

----------
Somewhat less than elegant solution - calloc_a() argument alignment is the most likely culprit. This patch does alleviate the issue.


--- a/kmodloader.c
+++ b/kmodloader.c
@@ -250,7 +250,6 @@ alloc_module(const char *name, const cha
 {
 	struct module *m;
 	char *_name, *_dep;
-	char **_aliases;
 	int i, len_aliases;
 
 	len_aliases = naliases * sizeof(aliases[0]);
@@ -258,11 +257,9 @@ alloc_module(const char *name, const cha
 		len_aliases += strlen(aliases[i]) + 1;
 	m = calloc_a(sizeof(*m),
 		&_name, strlen(name) + 1,
-		&_dep, depends ? strlen(depends) + 2 : 0,
-		&_aliases, len_aliases);
+		&_dep, depends ? strlen(depends) + 2 : 0);
 	if (!m)
 		return NULL;
-
 	m->name = strcpy(_name, name);
 	m->opts = 0;
 
@@ -279,18 +276,22 @@ alloc_module(const char *name, const cha
 	if (naliases == 0)
 		m->aliases = NULL;
 	else {
-		char *ptr = (char *)_aliases + naliases * sizeof(_aliases[0]);
+		m->aliases = (char **)calloc(1, len_aliases);
+		if (!m->aliases) {
+			m->naliases = 0;
+			return NULL;
+		}
+		char *ptr = (char *)m->aliases + naliases * sizeof(char *);
 		int len;
 
 		i = 0;
 		do {
 			len = strlen(aliases[i]) + 1;
 			memcpy(ptr, aliases[i], len);
-			_aliases[i] = ptr;
+			m->aliases[i] = ptr;
 			ptr += len;
 			i++;
 		} while (i < naliases);
-		m->aliases = _aliases;
 	}
 
 	m->refcnt = 0;
@@ -305,6 +306,8 @@ static void free_module(struct module *m
 {
 	if (m->opts)
 		free(m->opts);
+	if (m->aliases)
+		free(m->aliases);
 	free(m);
 }
 


----------

One or more files have been attached.

More information can be found at the following URL:
https://bugs.lede-project.org/index.php?do=details&task_id=544#comment1952