[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug #42765] TCP stack frees wrong netbuff, twice (double free)
From: |
Curtis Larsen |
Subject: |
[bug #42765] TCP stack frees wrong netbuff, twice (double free) |
Date: |
Sun, 13 Jul 2014 17:05:29 +0000 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/32.0.1700.107 Chrome/32.0.1700.107 Safari/537.36 |
URL:
<http://savannah.gnu.org/bugs/?42765>
Summary: TCP stack frees wrong netbuff, twice (double free)
Project: GNU GRUB
Submitted by: fractal13
Submitted on: Sun 13 Jul 2014 05:05:28 PM GMT
Category: Network
Severity: Major
Priority: 5 - Normal
Item Group: Software Error
Status: None
Privacy: Public
Assigned to: None
Originator Name: Curtis Larsen
Originator Email: address@hidden
Open/Closed: Open
Discussion Lock: Any
Release:
Release: Git master
Reproducibility: Every Time
Planned Release: None
_______________________________________________________
Details:
Using the http module to download config files, produces memory errors, after
the config file is downloaded.
The error was traced to the tcp stack in grub-core/net/tcp.c. The wrong
netbuff pointer was being freed in the clean up loop.
Changing the code to free the correct netbuff pointer removes the runtime
error.
Here's the git diff output:
diff --git a/grub-core/net/tcp.c b/grub-core/net/tcp.c
index 2077f55..1d90f1e 100644
--- a/grub-core/net/tcp.c
+++ b/grub-core/net/tcp.c
@@ -918,7 +918,7 @@ grub_net_recv_tcp_packet (struct grub_net_buff *nb,
do_ack = 1;
}
else
- grub_netbuff_free (nb);
+ grub_netbuff_free (nb_top);
}
if (do_ack)
ack (sock);
Thanks for the code!
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?42765>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [bug #42765] TCP stack frees wrong netbuff, twice (double free),
Curtis Larsen <=