I'm so sorry that I gave wrong email address and author name in v1 and v2. So, please ignore the previous two patches. Thanks!
On 2015/2/3 18:03, walter harms wrote: > Hello Zheng Junling, > > we have now 3 patch with obvious differences. Could you please explain > what are the changes ? > > re, > wh > > > Am 03.02.2015 10:12, schrieb Zheng Junling: >> While INET_sprint or INET6_sprint is called circularly by keeping >> ifconfiging, sap->sa_family would be cleaned by other parallel processes >> such as dhclient sometimes, and then there would be a double free error >> like the following: >> >> *** glibc detected *** ifconfig: double free or corruption (fasttop): >> 0x000a6008 *** >> ======= Backtrace: ========= >> /lib/libc.so.6(+0x6bc84)[0x40133c84] >> /lib/libc.so.6(cfree+0x94)[0x40138684] >> ifconfig[0x1c460] >> ifconfig[0x1c6a0] >> ifconfig[0x1ccf4] >> ifconfig[0x187c8] >> ifconfig[0xd544] >> ifconfig[0xd5dc] >> ifconfig[0xdca8] >> /lib/libc.so.6(__libc_start_main+0x110)[0x400df258] >> ======= Memory map: ======== >> 00008000-0009c000 r-xp 00000000 1f:05 444328 /bin/busybox >> 000a3000-000a4000 rw-p 00093000 1f:05 444328 /bin/busybox >> >> We set the buff pointer to be NULL to avoid double freeing. However, it >> is still incomprehensible. >> >> TODO: INET_sprint and INET6_sprint are only used in networking/interface.c. >> Shall we refactor these two funcs by passing a pointer to them, and then >> returning it? >> >> Signed-off-by: Zheng Junling <[email protected]> >> Signed-off-by: Chen Gang <[email protected]> >> Reported-by: Chen Gang <[email protected]> >> --- >> networking/interface.c | 2 ++ >> 1 file changed, 2 insertions(+) >> >> diff --git a/networking/interface.c b/networking/interface.c >> index bf7d2b1..65f2392 100644 >> --- a/networking/interface.c >> +++ b/networking/interface.c >> @@ -92,6 +92,7 @@ static const char* FAST_FUNC INET_sprint(struct sockaddr >> *sap, int numeric) >> static char *buff; /* defaults to NULL */ >> >> free(buff); >> + buff = NULL; >> if (sap->sa_family == 0xFFFF || sap->sa_family == 0) >> return "[NONE SET]"; >> buff = INET_rresolve((struct sockaddr_in *) sap, numeric, 0xffffff00); >> @@ -174,6 +175,7 @@ static const char* FAST_FUNC INET6_sprint(struct >> sockaddr *sap, int numeric) >> static char *buff; >> >> free(buff); >> + buff = NULL; >> if (sap->sa_family == 0xFFFF || sap->sa_family == 0) >> return "[NONE SET]"; >> buff = INET6_rresolve((struct sockaddr_in6 *) sap, numeric); > > . > _______________________________________________ busybox mailing list [email protected] http://lists.busybox.net/mailman/listinfo/busybox
