1260: static int
1261: _ipmi_acpi_get_table_dev_mem (ipmi_locate_ctx_t ctx,
1262: char *signature,
1263: unsigned int table_instance,
1264: uint8_t **acpi_table,
1265: uint32_t *acpi_table_length)
1266: {
...
1305: assert (acpi_table);
1306: assert (acpi_table_length);
1307:
1308: *acpi_table = NULL;
...
1387: acpi_table = NULL;
1388: acpi_table_length = 0;
1389: for (i = 0, signature_table_count = 0; i < acpi_table_count; i++)
1340: {
...
1429: if (_ipmi_acpi_get_table (ctx,
1430: table_address,
1431: signature,
1432: acpi_table,
1433: acpi_table_length) < 0)
1434: continue;
...
1440: free (acpi_table);
1441: acpi_table = NULL;
1442: acpi_table_length = 0;
1443: }
_ipmi_acpi_get_table() is documented as requiring malloc'd memory passed
in via its acpi_table argument, and in fact asserts that it's non null
before using it. So passing acpi_table=NULL is a programming error, yet
it appears this is what happens via line 1387.
I wonder if perhaps what was meant on line 1387 was:
1387: *acpi_table = NULL;
If it was, that seems redundant with line 1308 so still seems odd. In
any case, setting acpi_table = NULL and then passing that to
_ipmi_acpi_get_table() seems very suspect. It might be interesting to
see what would happen if you try commenting out line 1387 and trying to
reproduce the crash? It looks like this code was added in 0.7.15-1 (Nov
2009).
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1875771
Title:
ipmi_locate segfault on Focal (Dell iDRAC6/9)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/freeipmi/+bug/1875771/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
