From: CAI Q. <ca...@cc...> - 2008-10-27 06:14:35
|
Hi, --- Jiri Palecek <jpa...@we...> wrote: > Hello, > > the attached patches fix some segfaults I've experienced running ltp. > The > descriptions are included in the patches. > > Regards > Jiri Palecek > > > From db2ed5a8d182b62eccbd8c3cf3929f3e5316fbde Mon Sep 17 00:00:00 > 2001 > From: Jiri Palecek <jirka@debian.(none)> > Date: Thu, 23 Oct 2008 21:55:21 +0200 > Subject: [PATCH] Fix a segfault in mallocstress.c > > The result of alloc_mem thread could be either NULL, ptr to some > allocated memory or (void*)-1. The code reading this result actually > handled cases 1 & 2 only, and even case "NULL" was mishandled, > causing a segfault. This patch fixes it, by > > - removing the case when alloc_mem would return -1, change it to the > "allocated memory" case > - not checking for *th_status, if th_status might be null > --- > testcases/kernel/mem/mtest07/mallocstress.c | 19 > ++++++++++--------- > 1 files changed, 10 insertions(+), 9 deletions(-) > > diff --git a/testcases/kernel/mem/mtest07/mallocstress.c > b/testcases/kernel/mem/mtest07/mallocstress.c > index aef5bf0..9c96703 100644 > --- a/testcases/kernel/mem/mtest07/mallocstress.c > +++ b/testcases/kernel/mem/mtest07/mallocstress.c > @@ -262,19 +262,21 @@ alloc_mem(void * threadnum) > sop[0].sem_op = 0; > sop[0].sem_flg = 0; > int *err; > - /* waiting for other threads starting */ > - if (semop(semid, sop, 1) == -1) { > - if (errno != EIDRM) > - perror("semop"); > - return (void *) -1; > - } > > err = malloc(sizeof(int)); > if (err == NULL) { > perror("malloc"); > return NULL; > } > - > + > + /* waiting for other threads starting */ > + if (semop(semid, sop, 1) == -1) { > + if (errno != EIDRM) > + perror("semop"); > + *err = -1; > + return (void*)err; > + } > + > /* thread N will use growth scheme N mod 4 */ > *err = allocate_free(num_loop, *(int *)threadnum % 4); > fprintf(stdout, > @@ -408,8 +410,7 @@ main(int argc, /* number of input parameters > */ > { > if (th_status == NULL || *th_status == -1) > { > - if (*th_status == -1) > - free(th_status); > + free(th_status); > fprintf(stderr, > "main(): thread [%d] - exited with > errors\n", thrd_ndx); > ret = -1; > -- > 1.5.6.5 > > Signed-off-by: Jiri Palecek <jpa...@we...> Acked-by: CAI Qian <ca...@cc...> > > From 7060c2c51d596128314eecac6d16a9b77b220b5b Mon Sep 17 00:00:00 > 2001 > From: Jiri Palecek <jirka@debian.(none)> > Date: Thu, 23 Oct 2008 22:07:05 +0200 > Subject: [PATCH] Fix segfault in in6_02 > > In the i2ntest1 testcase, the call if_nametoindex(TEST_RETURN) was > segfaulting, because TEST_RETURN was actually result of comparison > (ifname==if_indextoname(...)). The fix is to call it with real > ifname. > --- > testcases/network/lib6/in6_02.c | 4 ++-- > 1 files changed, 2 insertions(+), 2 deletions(-) > > diff --git a/testcases/network/lib6/in6_02.c > b/testcases/network/lib6/in6_02.c > index 3f68ee0..9e20e64 100644 > --- a/testcases/network/lib6/in6_02.c > +++ b/testcases/network/lib6/in6_02.c > @@ -158,7 +158,7 @@ i2ntest1(unsigned int if_index) > return 1; > } > /* else, a valid interface-- double check name */ > - idx = if_nametoindex((char *)TEST_RETURN); > + idx = if_nametoindex(ifname); > if (idx != if_index) { > tst_resm(TFAIL, "if_indextoname(%d) returns \"%s\" but " > "doesn't if_nametoindex(\"%s\") returns %d", > @@ -166,7 +166,7 @@ i2ntest1(unsigned int if_index) > return 0; > } > tst_resm(TPASS, "if_indextoname(%d) returns \"%s\"", if_index, > - TEST_RETURN); > + ifname); > return 1; > } > > -- > 1.5.6.5 > > Signed-off-by: Jiri Palecek <jpa...@we...> Acked-by: CAI Qian <ca...@cc...> > > From 1bbea8388b0a70cccc87c678ed344b5baf109f0d Mon Sep 17 00:00:00 > 2001 > From: Jiri Palecek <jirka@debian.(none)> > Date: Thu, 23 Oct 2008 22:28:38 +0200 > Subject: [PATCH] Fix segfaults on getaddrinfo failures in pingpong6.c > > pingpong6.c would segfault if getaddrinfo fails, because it would go > on after the failure and read invalid data (ie. the hp pointer). The > fix is to exit immediately on getaddrinfo errors. > --- > testcases/network/ipv6/perf_lan6/pingpong6.c | 8 ++++++-- > 1 files changed, 6 insertions(+), 2 deletions(-) > > diff --git a/testcases/network/ipv6/perf_lan6/pingpong6.c > b/testcases/network/ipv6/perf_lan6/pingpong6.c > index 1933737..052aab1 100644 > --- a/testcases/network/ipv6/perf_lan6/pingpong6.c > +++ b/testcases/network/ipv6/perf_lan6/pingpong6.c > @@ -100,10 +100,14 @@ char *argv[]; > memset(&hints, 0, sizeof(hints)); > hints.ai_family = PF_INET6; > > - if ((gai=getaddrinfo(av[1], NULL, &hints, &hp))!=0) > + if ((gai=getaddrinfo(av[1], NULL, &hints, &hp))!=0) { > fprintf(stderr, "Unknown subject address %s: > %s\n",av[1], gai_strerror(gai)); > - if (!hp->ai_addr || hp->ai_addr->sa_family != AF_INET6) > + exit(1); > + } > + if (!hp->ai_addr || hp->ai_addr->sa_family != AF_INET6) { > fprintf(stderr, "getaddrinfo failed"); > + exit(1); > + } > strcpy(hnamebuf, av[1]); > hostname = hnamebuf; > memset( (char *)&whereto, 0x00, sizeof(struct sockaddr) ); > -- > 1.5.6.5 > > Signed-off-by: Jiri Palecek <jpa...@we...> Acked-by: CAI Qian <ca...@cc...> > > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer's > challenge > Build the coolest Linux based applications with Moblin SDK & win > great prizes > Grand prize is a trip for two to an Open Source event anywhere in the > world > http://moblin-contest.org/redirect.php?banner_id=100&url=/> _______________________________________________ > Ltp-list mailing list > Ltp...@li... > https://lists.sourceforge.net/lists/listinfo/ltp-list > |