[Bugme-new] [Bug 16528] New: Segfault in depmod -- module-init-tools 3.12

bugzilla-daemon at bugzilla.kernel.org bugzilla-daemon at bugzilla.kernel.org
Thu Aug 5 22:09:26 PDT 2010 

https://bugzilla.kernel.org/show_bug.cgi?id=16528

           Summary: Segfault in depmod -- module-init-tools 3.12
           Product: Other
           Version: 2.5
    Kernel Version: 2.6.34
          Platform: All
        OS/Version: Linux
              Tree: Mainline
            Status: NEW
          Severity: high
          Priority: P1
         Component: module-init-tools
        AssignedTo: other_module-init-tools at kernel-bugs.osdl.org
        ReportedBy: mark.hatle at windriver.com
                CC: mark.hatle at windriver.com
        Regression: No


I ran into a segfault using the latest module-init-tools in a cross development 
project.  I was running depmod on a 2.6.18 RHEL 5.1 system, targeting an ia32
system running 2.6.34.

I was able to track down the problem to the output_pci_table function.

The pci_table has a bad address in it.  Looks a bit like junk.  Tracing things 
back in elfops_core.c:fetch_tables, the memset of the tables is never done 
because strings and syms are both empty.  (I believe the modules I'm running 
against have been stripped in some way.)

Tracing back further to depmod.c:grab_module, it appears that the new = 
malloc(...) setups up things, but never clears the memory that was just
allocated.

As a quick hack I added a memset to clear memory:

  static struct module *grab_module(const char *dirname, const char *filename)
  {
          struct module *new;

          new = NOFAIL(malloc(sizeof(*new)
                              + strlen(dirname?:"") + 1 + strlen(filename) +
1));
+        memset(new, 0x00, sizeof(*new) + strlen(dirname?:"") + 1 + 
strlen(filename) + 1);
          if (dirname)
                  sprintf(new->pathname, "%s/%s", dirname, filename);
          else

Things now appear to be working as expected, no segfaults, no unusual behavior.

I don't understand enough about whats going on to determine if the memset in 
elfops_core is in the wrong place (should be moved before the if), or if my
hack 
is potentially the right solution.

-- 
Configure bugmail: https://bugzilla.kernel.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the Bugme-new mailing list