Menu
▾
▴
Re: [LTP] [PATCH] fix some segfaults in ltp
|
From: CAI Q. <ca...@cc...> - 2008-10-27 06:14:35
|
Hi,
--- Jiri Palecek <jpa...@we...> wrote:
> Hello,
>
> the attached patches fix some segfaults I've experienced running ltp.
> The
> descriptions are included in the patches.
>
> Regards
> Jiri Palecek
>
> > From db2ed5a8d182b62eccbd8c3cf3929f3e5316fbde Mon Sep 17 00:00:00
> 2001
> From: Jiri Palecek <jirka@debian.(none)>
> Date: Thu, 23 Oct 2008 21:55:21 +0200
> Subject: [PATCH] Fix a segfault in mallocstress.c
>
> The result of alloc_mem thread could be either NULL, ptr to some
> allocated memory or (void*)-1. The code reading this result actually
> handled cases 1 & 2 only, and even case "NULL" was mishandled,
> causing a segfault. This patch fixes it, by
>
> - removing the case when alloc_mem would return -1, change it to the
> "allocated memory" case
> - not checking for *th_status, if th_status might be null
> ---
> testcases/kernel/mem/mtest07/mallocstress.c | 19
> ++++++++++---------
> 1 files changed, 10 insertions(+), 9 deletions(-)
>
> diff --git a/testcases/kernel/mem/mtest07/mallocstress.c
> b/testcases/kernel/mem/mtest07/mallocstress.c
> index aef5bf0..9c96703 100644
> --- a/testcases/kernel/mem/mtest07/mallocstress.c
> +++ b/testcases/kernel/mem/mtest07/mallocstress.c
> @@ -262,19 +262,21 @@ alloc_mem(void * threadnum)
> sop[0].sem_op = 0;
> sop[0].sem_flg = 0;
> int *err;
> - /* waiting for other threads starting */
> - if (semop(semid, sop, 1) == -1) {
> - if (errno != EIDRM)
> - perror("semop");
> - return (void *) -1;
> - }
>
> err = malloc(sizeof(int));
> if (err == NULL) {
> perror("malloc");
> return NULL;
> }
> -
> +
> + /* waiting for other threads starting */
> + if (semop(semid, sop, 1) == -1) {
> + if (errno != EIDRM)
> + perror("semop");
> + *err = -1;
> + return (void*)err;
> + }
> +
> /* thread N will use growth scheme N mod 4 */
> *err = allocate_free(num_loop, *(int *)threadnum % 4);
> fprintf(stdout,
> @@ -408,8 +410,7 @@ main(int argc, /* number of input parameters
> */
> {
> if (th_status == NULL || *th_status == -1)
> {
> - if (*th_status == -1)
> - free(th_status);
> + free(th_status);
> fprintf(stderr,
> "main(): thread [%d] - exited with
> errors\n", thrd_ndx);
> ret = -1;
> --
> 1.5.6.5
>
> Signed-off-by: Jiri Palecek <jpa...@we...>
Acked-by: CAI Qian <ca...@cc...>
> > From 7060c2c51d596128314eecac6d16a9b77b220b5b Mon Sep 17 00:00:00
> 2001
> From: Jiri Palecek <jirka@debian.(none)>
> Date: Thu, 23 Oct 2008 22:07:05 +0200
> Subject: [PATCH] Fix segfault in in6_02
>
> In the i2ntest1 testcase, the call if_nametoindex(TEST_RETURN) was
> segfaulting, because TEST_RETURN was actually result of comparison
> (ifname==if_indextoname(...)). The fix is to call it with real
> ifname.
> ---
> testcases/network/lib6/in6_02.c | 4 ++--
> 1 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/testcases/network/lib6/in6_02.c
> b/testcases/network/lib6/in6_02.c
> index 3f68ee0..9e20e64 100644
> --- a/testcases/network/lib6/in6_02.c
> +++ b/testcases/network/lib6/in6_02.c
> @@ -158,7 +158,7 @@ i2ntest1(unsigned int if_index)
> return 1;
> }
> /* else, a valid interface-- double check name */
> - idx = if_nametoindex((char *)TEST_RETURN);
> + idx = if_nametoindex(ifname);
> if (idx != if_index) {
> tst_resm(TFAIL, "if_indextoname(%d) returns \"%s\" but "
> "doesn't if_nametoindex(\"%s\") returns %d",
> @@ -166,7 +166,7 @@ i2ntest1(unsigned int if_index)
> return 0;
> }
> tst_resm(TPASS, "if_indextoname(%d) returns \"%s\"", if_index,
> - TEST_RETURN);
> + ifname);
> return 1;
> }
>
> --
> 1.5.6.5
>
> Signed-off-by: Jiri Palecek <jpa...@we...>
Acked-by: CAI Qian <ca...@cc...>
> > From 1bbea8388b0a70cccc87c678ed344b5baf109f0d Mon Sep 17 00:00:00
> 2001
> From: Jiri Palecek <jirka@debian.(none)>
> Date: Thu, 23 Oct 2008 22:28:38 +0200
> Subject: [PATCH] Fix segfaults on getaddrinfo failures in pingpong6.c
>
> pingpong6.c would segfault if getaddrinfo fails, because it would go
> on after the failure and read invalid data (ie. the hp pointer). The
> fix is to exit immediately on getaddrinfo errors.
> ---
> testcases/network/ipv6/perf_lan6/pingpong6.c | 8 ++++++--
> 1 files changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/testcases/network/ipv6/perf_lan6/pingpong6.c
> b/testcases/network/ipv6/perf_lan6/pingpong6.c
> index 1933737..052aab1 100644
> --- a/testcases/network/ipv6/perf_lan6/pingpong6.c
> +++ b/testcases/network/ipv6/perf_lan6/pingpong6.c
> @@ -100,10 +100,14 @@ char *argv[];
> memset(&hints, 0, sizeof(hints));
> hints.ai_family = PF_INET6;
>
> - if ((gai=getaddrinfo(av[1], NULL, &hints, &hp))!=0)
> + if ((gai=getaddrinfo(av[1], NULL, &hints, &hp))!=0) {
> fprintf(stderr, "Unknown subject address %s:
> %s\n",av[1], gai_strerror(gai));
> - if (!hp->ai_addr || hp->ai_addr->sa_family != AF_INET6)
> + exit(1);
> + }
> + if (!hp->ai_addr || hp->ai_addr->sa_family != AF_INET6) {
> fprintf(stderr, "getaddrinfo failed");
> + exit(1);
> + }
> strcpy(hnamebuf, av[1]);
> hostname = hnamebuf;
> memset( (char *)&whereto, 0x00, sizeof(struct sockaddr) );
> --
> 1.5.6.5
>
> Signed-off-by: Jiri Palecek <jpa...@we...>
Acked-by: CAI Qian <ca...@cc...>
> >
-------------------------------------------------------------------------
> This SF.Net email is sponsored by the Moblin Your Move Developer's
> challenge
> Build the coolest Linux based applications with Moblin SDK & win
> great prizes
> Grand prize is a trip for two to an Open Source event anywhere in the
> world
> http://moblin-contest.org/redirect.php?banner_id=100&url=/>
_______________________________________________
> Ltp-list mailing list
> Ltp...@li...
> https://lists.sourceforge.net/lists/listinfo/ltp-list
>
|