[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: double free() with grub-probe
From: |
Jeroen Dekkers |
Subject: |
Re: double free() with grub-probe |
Date: |
Thu, 17 May 2007 21:19:53 +0200 |
User-agent: |
Wanderlust/2.14.0 (Africa) SEMI/1.14.6 (Maruoka) FLIM/1.14.8 (Shijō) APEL/10.7 Emacs/22.0.95 (x86_64-pc-linux-gnu) MULE/5.0 (SAKAKI) |
At Thu, 17 May 2007 11:58:54 +0200,
Marco Gerards wrote:
> Hi Robert,
>
> > We got this bug report from Debian BTS. It seems to be related to LVM.
> >
> > The argc address in last line looks very suspicious; stack corruption?
>
> Can you try valgrind? The older valgrinds didn't work with GRUB 2,
> but the newer ones do.
I could reproduce this on one of my machines and ran it through
valgrind. I've just committed a fix to the grub2 CVS repository (as
well as another memory bug valgrind spotted). A copy of the patch is
below.
Jeroen Dekkers
Index: kern/disk.c
===================================================================
RCS file: /cvsroot/grub/grub2/kern/disk.c,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -p -r1.17 -r1.18
--- kern/disk.c 10 Nov 2006 23:31:55 -0000 1.17
+++ kern/disk.c 17 May 2007 19:03:42 -0000 1.18
@@ -1,6 +1,6 @@
/*
* GRUB -- GRand Unified Bootloader
- * Copyright (C) 2002,2003,2004,2006 Free Software Foundation, Inc.
+ * Copyright (C) 2002,2003,2004,2006,2007 Free Software Foundation, Inc.
*
* GRUB is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -414,6 +414,8 @@ grub_disk_read (grub_disk_t disk, grub_d
num = ((size + GRUB_DISK_SECTOR_SIZE - 1)
>> GRUB_DISK_SECTOR_BITS);
+
+ tmp_buf = grub_realloc (tmp_buf, num << GRUB_DISK_SECTOR_BITS);
if ((disk->dev->read) (disk, sector, num, tmp_buf))
{
grub_error_push ();
============================================================