Re: Mysterious memory corruption bug

[Vladimir 'φ-coder/phcoder' Serbinenko]

On 01.05.2012 20:53, Bean wrote:
> Hi,
>
> Thanks to Vladimir's memory patch, it's actually quite easy to
> reproduce mysterious issue.
>
> First, there are two memory leaks in ip.c.
>
> It allocates the rsm but never frees it. free_rsm frees its content,
> but not the pointer itself. You can see it in printmem at ip.c:473
>       rsm = grub_malloc (sizeof (*rsm));
>
> Another problem is at ip.c:594:
>   return handle_dgram (ret, card, src_hwaddress,
>                              hwaddress, proto, &source, &dest,
>                              ttl);
> here, ret is netbuff. grub_netbuff_alloc get a buffer for both data
> and header (data go first), so when it frees the data pointer, the
> header goes away as well. But here, the header is allocated separately
> so that it's not free using , you can see it from printmem at ip.c:580
>       ret = grub_malloc (sizeof (*ret));
>
> Now here's the tricky part, when i fix both problem, it actually when
> you call this: (memdisk size is 19,180, just in case it matters).
>
> testspeed /memdisk
>
> So there must be a memory corruption somewhere.
You can check for memory corruptions by calling grub_mm_check often
enough in the code.
>  (It will not halt if
> you skip the the second leak, but you can see the remaining buffer in
> printmem).
>
> BTW, you should add a grub_free_fragment call in testspeed to free the
> rsm cache, just to make the printmem output a little cleaner.
>
> These are the modules used to generate grub.efi, just in case it's relevant.
>
> /grub-mkimage -d grub-core -o grub.efi -O x86_64-efi chain boot test
> fat ntfs part_msdos normal ls echo efinet tftp http efinet reboot
> testspeed printmem
>
>
>
> _______________________________________________
> Grub-devel mailing list
> address@hidden
> https://lists.gnu.org/mailman/listinfo/grub-devel


-- 
Regards
Vladimir 'φ-coder/phcoder' Serbinenko

signature.asc
Description: OpenPGP digital signature