[RTEMS Project] #2375: tftpDriver free's current_directory
RTEMS trac
trac at rtems.org
Tue Jul 21 17:39:16 UTC 2015
#2375: tftpDriver free's current_directory
-------------------------+--------------------
Reporter: mdavidsaver | Owner:
Type: defect | Status: new
Priority: normal | Milestone: 4.10.3
Component: networking | Version: 4.10
Severity: normal | Keywords:
-------------------------+--------------------
It seems I've re-discovered this issue reported by Angus Gratton in 2010.
https://lists.rtems.org/pipermail/users/2010-July/022453.html
I can confirm Angus' diagnosis. In rtems_tftp_eval_path(),
'pathloc->node_access' defaults to
'rtems_current_user_env->current_directory'. In some cases
'->node_access' is replaced with a newly allocated string, in the others
it is not. Unfortunately rtems_tftp_free_node_info() happily free()s
unless cwd==ROOT_NODE_ACCESS(fs).
I chased this down with GDB and confirmed that, in my case, when
cwd=='/epics/BOOTP_HOST/epics/myhost' the current directory string is
free'd when open() fails to open a file, which results in:
> > Program heap: free of bad pointer 358CE4 -- range 2A1C10 - 7EE0000
when the following open() does the same.
--
Ticket URL: <http://devel.rtems.org/ticket/2375>
RTEMS Project <http://www.rtems.org/>
RTEMS Project
More information about the bugs
mailing list