tftpDriver bug in 4.10.2
Michael Davidsaver
mdavidsaver at bnl.gov
Mon Jul 20 21:31:18 UTC 2015
All,
It seems I've re-discovered this issue reported by Angus Gratton in 2010.
https://lists.rtems.org/pipermail/users/2010-July/022453.html
I can confirm Angus' diagnosis. In rtems_tftp_eval_path(),
'pathloc->node_access' defaults to
'rtems_current_user_env->current_directory'. In some cases
'->node_access' is replaced with a newly allocated string, in the others
it is not. Unfortunately rtems_tftp_free_node_info() happily free()s
unless cwd=='/'.
I chased this down with GDB and confirmed that, in my case, when
cwd=='/epics/BOOTP_HOST/epics/myhost' the current directory string is
free'd when open() fails to open a file, which results in:
> Program heap: free of bad pointer 358CE4 -- range 2A1C10 - 7EE0000
when the following open() does the same.
Looking through the VCS history I think this issue was fixed in 2012 as
a consequence of*. I haven't confirmed this since EPICS doesn't build
against the VCS master branch.
I have confirmed that it isn't fixed on the 4.10 branch.
If this bug were to be fixed on the 4.10 branch, is there any chance of
getting it included in a 4.10.3 release in the near future?
Michael
* 3b7c123c8d910eb60ab3b38dec6224e2de9847c9
More information about the users
mailing list