Hello,
the attached patches fix some segfaults I've experienced running ltp. The
descriptions are included in the patches.
Regards
Jiri Palecek
From db2ed5a8d182b62eccbd8c3cf3929f3e5316fbde Mon Sep 17 00:00:00 2001
From: Jiri Palecek <[EMAIL PROTECTED](none)>
Date: Thu, 23 Oct 2008 21:55:21 +0200
Subject: [PATCH] Fix a segfault in mallocstress.c
The result of alloc_mem thread could be either NULL, ptr to some
allocated memory or (void*)-1. The code reading this result actually
handled cases 1 & 2 only, and even case "NULL" was mishandled,
causing a segfault. This patch fixes it, by
- removing the case when alloc_mem would return -1, change it to the
"allocated memory" case
- not checking for *th_status, if th_status might be null
---
testcases/kernel/mem/mtest07/mallocstress.c | 19 ++++++++++---------
1 files changed, 10 insertions(+), 9 deletions(-)
diff --git a/testcases/kernel/mem/mtest07/mallocstress.c b/testcases/kernel/mem/mtest07/mallocstress.c
index aef5bf0..9c96703 100644
--- a/testcases/kernel/mem/mtest07/mallocstress.c
+++ b/testcases/kernel/mem/mtest07/mallocstress.c
@@ -262,19 +262,21 @@ alloc_mem(void * threadnum)
sop[0].sem_op = 0;
sop[0].sem_flg = 0;
int *err;
- /* waiting for other threads starting */
- if (semop(semid, sop, 1) == -1) {
- if (errno != EIDRM)
- perror("semop");
- return (void *) -1;
- }
err = malloc(sizeof(int));
if (err == NULL) {
perror("malloc");
return NULL;
}
-
+
+ /* waiting for other threads starting */
+ if (semop(semid, sop, 1) == -1) {
+ if (errno != EIDRM)
+ perror("semop");
+ *err = -1;
+ return (void*)err;
+ }
+
/* thread N will use growth scheme N mod 4 */
*err = allocate_free(num_loop, *(int *)threadnum % 4);
fprintf(stdout,
@@ -408,8 +410,7 @@ main(int argc, /* number of input parameters */
{
if (th_status == NULL || *th_status == -1)
{
- if (*th_status == -1)
- free(th_status);
+ free(th_status);
fprintf(stderr,
"main(): thread [%d] - exited with errors\n", thrd_ndx);
ret = -1;
--
1.5.6.5
Signed-off-by: Jiri Palecek <[EMAIL PROTECTED]>
From 7060c2c51d596128314eecac6d16a9b77b220b5b Mon Sep 17 00:00:00 2001
From: Jiri Palecek <[EMAIL PROTECTED](none)>
Date: Thu, 23 Oct 2008 22:07:05 +0200
Subject: [PATCH] Fix segfault in in6_02
In the i2ntest1 testcase, the call if_nametoindex(TEST_RETURN) was
segfaulting, because TEST_RETURN was actually result of comparison
(ifname==if_indextoname(...)). The fix is to call it with real
ifname.
---
testcases/network/lib6/in6_02.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/testcases/network/lib6/in6_02.c b/testcases/network/lib6/in6_02.c
index 3f68ee0..9e20e64 100644
--- a/testcases/network/lib6/in6_02.c
+++ b/testcases/network/lib6/in6_02.c
@@ -158,7 +158,7 @@ i2ntest1(unsigned int if_index)
return 1;
}
/* else, a valid interface-- double check name */
- idx = if_nametoindex((char *)TEST_RETURN);
+ idx = if_nametoindex(ifname);
if (idx != if_index) {
tst_resm(TFAIL, "if_indextoname(%d) returns \"%s\" but "
"doesn't if_nametoindex(\"%s\") returns %d",
@@ -166,7 +166,7 @@ i2ntest1(unsigned int if_index)
return 0;
}
tst_resm(TPASS, "if_indextoname(%d) returns \"%s\"", if_index,
- TEST_RETURN);
+ ifname);
return 1;
}
--
1.5.6.5
Signed-off-by: Jiri Palecek <[EMAIL PROTECTED]>
From 1bbea8388b0a70cccc87c678ed344b5baf109f0d Mon Sep 17 00:00:00 2001
From: Jiri Palecek <[EMAIL PROTECTED](none)>
Date: Thu, 23 Oct 2008 22:28:38 +0200
Subject: [PATCH] Fix segfaults on getaddrinfo failures in pingpong6.c
pingpong6.c would segfault if getaddrinfo fails, because it would go
on after the failure and read invalid data (ie. the hp pointer). The
fix is to exit immediately on getaddrinfo errors.
---
testcases/network/ipv6/perf_lan6/pingpong6.c | 8 ++++++--
1 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/testcases/network/ipv6/perf_lan6/pingpong6.c b/testcases/network/ipv6/perf_lan6/pingpong6.c
index 1933737..052aab1 100644
--- a/testcases/network/ipv6/perf_lan6/pingpong6.c
+++ b/testcases/network/ipv6/perf_lan6/pingpong6.c
@@ -100,10 +100,14 @@ char *argv[];
memset(&hints, 0, sizeof(hints));
hints.ai_family = PF_INET6;
- if ((gai=getaddrinfo(av[1], NULL, &hints, &hp))!=0)
+ if ((gai=getaddrinfo(av[1], NULL, &hints, &hp))!=0) {
fprintf(stderr, "Unknown subject address %s: %s\n",av[1], gai_strerror(gai));
- if (!hp->ai_addr || hp->ai_addr->sa_family != AF_INET6)
+ exit(1);
+ }
+ if (!hp->ai_addr || hp->ai_addr->sa_family != AF_INET6) {
fprintf(stderr, "getaddrinfo failed");
+ exit(1);
+ }
strcpy(hnamebuf, av[1]);
hostname = hnamebuf;
memset( (char *)&whereto, 0x00, sizeof(struct sockaddr) );
--
1.5.6.5
Signed-off-by: Jiri Palecek <[EMAIL PROTECTED]>
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Ltp-list mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/ltp-list
