http://oss.sgi.com/bugzilla/show_bug.cgi?id=871
Summary: poor error checking in __pmDecodeProfile
Product: pcp
Version: unspecified
Platform: All
OS/Version: Linux
Status: NEW
Severity: major
Priority: P2
Component: pcp
AssignedTo: mort@xxxxxxx
ReportedBy: mort@xxxxxxx
CC: daw@xxxxxxx, pcp@xxxxxxxxxxx
Estimated Hours: 0.0
Classification: Unclassified
A fairly old bug from SGI, reported by Greg Banks. I just did some quick
verification and the below still seems to be true:
Seen while poring over PCP source to try to explain memory leaks
reported by valgrind. There are some minor problems with the way
__pmDecodeProfile decodes incoming PDUs. Memory is allocated at
three different places in the code, and linked together into a
data structure.
1. At each point, failure to allocate memory is handled by returning
-errno without cleaning up any memory allocated earlier.
2. Two of the allocations use a scaling factor which comes from the
PDU without any bounds checking at all.
3. For one of the allocations, a zero scaling factor appears to be
a legal value. The code then relies on malloc(0) != NULL which
is a platform-dependent assumption (although it appears to be
true for both glibc and Irix libc).
--
Configure bugmail: http://oss.sgi.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
|