URL:
<http://savannah.gnu.org/bugs/?42765>
Summary: TCP stack frees wrong netbuff, twice (double free)
Project: GNU GRUB
Submitted by: fractal13
Submitted on: Sun 13 Jul 2014 05:05:28 PM GMT
Category: Network
Severity: Major
Priority: 5 - Normal
Item Group: Software Error
Status: None
Privacy: Public
Assigned to: None
Originator Name: Curtis Larsen
Originator Email: [email protected]
Open/Closed: Open
Discussion Lock: Any
Release:
Release: Git master
Reproducibility: Every Time
Planned Release: None
_______________________________________________________
Details:
Using the http module to download config files, produces memory errors, after
the config file is downloaded.
The error was traced to the tcp stack in grub-core/net/tcp.c. The wrong
netbuff pointer was being freed in the clean up loop.
Changing the code to free the correct netbuff pointer removes the runtime
error.
Here's the git diff output:
diff --git a/grub-core/net/tcp.c b/grub-core/net/tcp.c
index 2077f55..1d90f1e 100644
--- a/grub-core/net/tcp.c
+++ b/grub-core/net/tcp.c
@@ -918,7 +918,7 @@ grub_net_recv_tcp_packet (struct grub_net_buff *nb,
do_ack = 1;
}
else
- grub_netbuff_free (nb);
+ grub_netbuff_free (nb_top);
}
if (do_ack)
ack (sock);
Thanks for the code!
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?42765>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
_______________________________________________
Bug-grub mailing list
[email protected]
https://lists.gnu.org/mailman/listinfo/bug-grub
