 Relationships |
|
| Anonymous | Login | Signup for a new account | 11-10-2008 12:37 PST |
| Main | My View | View Issues | Change Log | Docs |
| Viewing Issue Simple Details [ Jump to Notes ] | [ View Advanced ] [ Issue History ] [ Print ] | ||||||||
| ID | Category | Severity | Reproducibility | Date Submitted | Last Update | ||||
| 0004464 | [BusyBox] Other | crash | always | 08-04-08 20:13 | 08-06-08 01:44 | ||||
| Reporter | rockeychu | View Status | public | ||||||
| Assigned To | BusyBox | ||||||||
| Priority | normal | Resolution | fixed | ||||||
| Status | closed | Product Version | svn | ||||||
| Summary | 0004464: xrealloc_vector_helper function in xrealloc_vector.c misuses void pointer "vector" | ||||||||
| Description |
Variable vector is misused and set zero erroneously. This bug may cause every applet which calls function of xrealloc_vector crashed, such as modprobe, insmod, ..., etc. Patch as following: Index: libbb/xrealloc_vector.c =================================================================== --- libbb/xrealloc_vector.c (revision 23044) +++ libbb/xrealloc_vector.c (working copy) @@ -39,8 +39,7 @@ if (!(idx & (mask - 1))) { sizeof_and_shift >>= 8; /* sizeof(vector[0]) */ vector = xrealloc(vector, sizeof_and_shift * (idx + mask + 1)); - vector += idx; - memset(vector, 0, sizeof_and_shift * (mask + 1)); + memset(vector + sizeof_and_shift * idx, 0, sizeof_and_shift * (mask + 1)); } return vector; } |
||||||||
| Additional Information | |||||||||
| Attached Files | |||||||||
|
|
|||||||||
|
Relationships |
|
|
Notes |
|
|
(0010274) vda 08-05-08 14:12 |
Fixed in svn. Thanks, and sorry for this breakage :( |
|
(0010284) rockeychu 08-05-08 19:02 edited on: 08-05-08 19:04 |
The (Segmentation fault) problem still exists, e.g. : ./busybox modprobe it87 IMHO, realloc_xxx should return first byte address of reallocated memory, and not the first byte address of new extended memory. Patch as follwing: Index: libbb/xrealloc_vector.c =================================================================== --- libbb/xrealloc_vector.c (revision 23058) +++ libbb/xrealloc_vector.c (working copy) @@ -39,8 +39,7 @@ if (!(idx & (mask - 1))) { sizeof_and_shift >>= 8; /* sizeof(vector[0]) */ vector = xrealloc(vector, sizeof_and_shift * (idx + mask + 1)); - vector = (char*)vector + (sizeof_and_shift * idx); - memset(vector, 0, sizeof_and_shift * (mask + 1)); + memset(vector + sizeof_and_shift * idx, 0, sizeof_and_shift * (mask + 1)); } return vector; } |
|
(0010294) vda 08-06-08 01:44 |
Fixed. I am dumb :( Sorry. |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 08-04-08 20:13 | rockeychu | New Issue | |
| 08-04-08 20:13 | rockeychu | Status | new => assigned |
| 08-04-08 20:13 | rockeychu | Assigned To | => BusyBox |
| 08-05-08 14:12 | vda | Status | assigned => closed |
| 08-05-08 14:12 | vda | Note Added: 0010274 | |
| 08-05-08 14:12 | vda | Resolution | open => fixed |
| 08-05-08 19:02 | rockeychu | Status | closed => feedback |
| 08-05-08 19:02 | rockeychu | Resolution | fixed => reopened |
| 08-05-08 19:02 | rockeychu | Note Added: 0010284 | |
| 08-05-08 19:04 | rockeychu | Note Edited: 0010284 | |
| 08-06-08 01:44 | vda | Status | feedback => closed |
| 08-06-08 01:44 | vda | Note Added: 0010294 | |
| 08-06-08 01:44 | vda | Resolution | reopened => fixed |
| 08-06-08 01:44 | vda | Fixed in Version | => svn |
| Copyright © 2000 - 2006 Mantis Group |  |
