From owner-freebsd-bugs Sat Jan 23 00:40:03 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id AAA02070 for freebsd-bugs-outgoing; Sat, 23 Jan 1999 00:40:03 -0800 (PST) (envelope-from owner-freebsd-bugs@FreeBSD.ORG) Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id AAA02001 for ; Sat, 23 Jan 1999 00:40:00 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.8.8/8.8.5) id AAA07877; Sat, 23 Jan 1999 00:40:01 -0800 (PST) Received: from alpha.xerox.com (alpha.Xerox.COM [13.1.64.93]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id AAA01446 for ; Sat, 23 Jan 1999 00:31:57 -0800 (PST) (envelope-from fenner@parc.xerox.com) Received: from louise.parc.xerox.com ([13.2.118.28]) by alpha.xerox.com with SMTP id <62795(4)>; Sat, 23 Jan 1999 00:31:41 PST Received: from fenestro.parc.xerox.com ([13.0.208.199]) by louise.parc.xerox.com with SMTP id <362854>; Sat, 23 Jan 1999 00:31:33 PST Received: (from fenner@localhost) by fenestro.parc.xerox.com (8.9.2/8.9.1) id AAA00395; Sat, 23 Jan 1999 00:31:27 -0800 (PST) (envelope-from fenner) Message-Id: <199901230831.AAA00395@fenestro.parc.xerox.com> Date: Sat, 23 Jan 1999 00:31:27 PST From: Bill Fenner Reply-To: fenner@parc.xerox.com To: FreeBSD-gnats-submit@FreeBSD.ORG X-Send-Pr-Version: 3.2 Subject: kern/9631: new boot loader uses freed memory if you specify full path to module to load Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 9631 >Category: kern >Synopsis: new boot loader uses freed memory if you specify full path to module to load >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sat Jan 23 00:40:01 PST 1999 >Closed-Date: >Last-Modified: >Originator: Bill Fenner >Release: FreeBSD 3.0-CURRENT i386 >Organization: Xerox >Environment: 3.0-RELEASE upgraded to 3.0-CURRENT on 1999/1/20 (including new boot blocks) >Description: Typing "load /modules/splash_bmp" causes approximately the error "can't load module '***': No such file or directory" where *** is garbage characters The problem is that mod_searchmodule("/modules/splash_bmp") creates tn, which is the passed in name with .ko appended to it. It then calls mod_searchfile(tn = "/modules/splash_bmp.ko"), which just returns its argument if its argument exists. In this case, it does, so result = tn. mod_searchmodule() then frees tn, and returns result. mod_loadmodule() then tries to load the freed memory, and prints the error. >How-To-Repeat: Type "load /modules/splash_bmp" to new boot loader >Fix: mod_searchfile() should not return its argument directly. cvs diff: Diffing . Index: module.c =================================================================== RCS file: /home/ncvs/src/sys/boot/common/module.c,v retrieving revision 1.7 diff -u -r1.7 module.c --- module.c 1999/01/11 06:41:31 1.7 +++ module.c 1999/01/23 08:23:28 @@ -452,7 +452,7 @@ if ((cp != name) || (strchr(name, '/') != NULL)) { /* Qualified, so just see if it exists */ if (stat(name, &sb) == 0) - return(name); + return(strdup(name)); return(NULL); } >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message