tftpDriver bug in 4.10.2

Gedare Bloom gedare at rtems.org
Tue Jul 21 15:53:24 UTC 2015


Yes, please open a ticket in our Trac and set the version to 4.10 and
milestone to 4.10.3

On Mon, Jul 20, 2015 at 5:31 PM, Michael Davidsaver <mdavidsaver at bnl.gov> wrote:
> All,
>
> It seems I've re-discovered this issue reported by Angus Gratton in 2010.
>
> https://lists.rtems.org/pipermail/users/2010-July/022453.html
>
> I can confirm Angus' diagnosis.  In rtems_tftp_eval_path(),
> 'pathloc->node_access' defaults to
> 'rtems_current_user_env->current_directory'.  In some cases
> '->node_access' is replaced with a newly allocated string, in the others
> it is not.  Unfortunately rtems_tftp_free_node_info() happily free()s
> unless cwd=='/'.
>
> I chased this down with GDB and confirmed that, in my case, when
> cwd=='/epics/BOOTP_HOST/epics/myhost' the current directory string is
> free'd when open() fails to open a file, which results in:
>
>> Program heap: free of bad pointer 358CE4 -- range 2A1C10 - 7EE0000
>
> when the following open() does the same.
>
>
> Looking through the VCS history I think this issue was fixed in 2012 as
> a consequence of*.  I haven't confirmed this since EPICS doesn't build
> against the VCS master branch.
>
> I have confirmed that it isn't fixed on the 4.10 branch.
>
> If this bug were to be fixed on the 4.10 branch, is there any chance of
> getting it included in a 4.10.3 release in the near future?
>
>
> Michael
>
>
>
> * 3b7c123c8d910eb60ab3b38dec6224e2de9847c9
> _______________________________________________
> users mailing list
> users at rtems.org
> http://lists.rtems.org/mailman/listinfo/users



More information about the users mailing list