| Message ID | 20180610182158.9345-1-git@bdragon.rtk0.net |
|---|---|
| State | Accepted |
| Headers | show |
| Series | Fix pb-discover segfaults caused by list corruption. | expand |
On Sun, 2018-06-10 at 13:21 -0500, Brandon Bergren wrote: > I was seeing list corruption and segfaults in pb-discover on my Talos > II when using both yaboot and kboot config files on the same device. > > My assumption is that discover_context_add_boot_option() was being > called on the same pointer more than once. > > So, null the pointer right after the call. The ownership was transferred > anyway so the parsers should not keep it around. > > Signed-off-by: Brandon Bergren <git@bdragon.rtk0.net> Ouch! Merged as 3295293. Thanks, Sam > --- > discover/pxe-parser.c | 1 + > discover/syslinux-parser.c | 1 + > discover/yaboot-parser.c | 1 + > 3 files changed, 3 insertions(+) > > diff --git a/discover/pxe-parser.c b/discover/pxe-parser.c > index fd8b8e8..470dd83 100644 > --- a/discover/pxe-parser.c > +++ b/discover/pxe-parser.c > @@ -41,6 +41,7 @@ static void pxe_finish(struct conf_context *conf) > if (info->proxy) > info->opt->proxy = talloc_strdup(info->opt, info->proxy); > discover_context_add_boot_option(conf->dc, info->opt); > + info->opt = NULL; > } > } > > diff --git a/discover/syslinux-parser.c b/discover/syslinux-parser.c > index be7b94a..c611ac9 100644 > --- a/discover/syslinux-parser.c > +++ b/discover/syslinux-parser.c > @@ -408,6 +408,7 @@ static void syslinux_finalize(struct conf_context *conf) > conf_strip_str(opt->description); > > discover_context_add_boot_option(dc, d_opt); > + d_opt = NULL; > continue; > > fail: > diff --git a/discover/yaboot-parser.c b/discover/yaboot-parser.c > index 42db95b..b06248f 100644 > --- a/discover/yaboot-parser.c > +++ b/discover/yaboot-parser.c > @@ -172,6 +172,7 @@ static void yaboot_finish(struct conf_context *conf) > state->opt->option->is_default = true; > > discover_context_add_boot_option(conf->dc, state->opt); > + state->opt = NULL; > } > > static void yaboot_process_pair(struct conf_context *conf, const char *name,
diff --git a/discover/pxe-parser.c b/discover/pxe-parser.c index fd8b8e8..470dd83 100644 --- a/discover/pxe-parser.c +++ b/discover/pxe-parser.c @@ -41,6 +41,7 @@ static void pxe_finish(struct conf_context *conf) if (info->proxy) info->opt->proxy = talloc_strdup(info->opt, info->proxy); discover_context_add_boot_option(conf->dc, info->opt); + info->opt = NULL; } } diff --git a/discover/syslinux-parser.c b/discover/syslinux-parser.c index be7b94a..c611ac9 100644 --- a/discover/syslinux-parser.c +++ b/discover/syslinux-parser.c @@ -408,6 +408,7 @@ static void syslinux_finalize(struct conf_context *conf) conf_strip_str(opt->description); discover_context_add_boot_option(dc, d_opt); + d_opt = NULL; continue; fail: diff --git a/discover/yaboot-parser.c b/discover/yaboot-parser.c index 42db95b..b06248f 100644 --- a/discover/yaboot-parser.c +++ b/discover/yaboot-parser.c @@ -172,6 +172,7 @@ static void yaboot_finish(struct conf_context *conf) state->opt->option->is_default = true; discover_context_add_boot_option(conf->dc, state->opt); + state->opt = NULL; } static void yaboot_process_pair(struct conf_context *conf, const char *name,
I was seeing list corruption and segfaults in pb-discover on my Talos II when using both yaboot and kboot config files on the same device. My assumption is that discover_context_add_boot_option() was being called on the same pointer more than once. So, null the pointer right after the call. The ownership was transferred anyway so the parsers should not keep it around. Signed-off-by: Brandon Bergren <git@bdragon.rtk0.net> --- discover/pxe-parser.c | 1 + discover/syslinux-parser.c | 1 + discover/yaboot-parser.c | 1 + 3 files changed, 3 insertions(+)