[OpenWrt-Devel] uci: invalid reads/writes found by valgrind
Reiner Herrmann
reiner at reiner-h.de
Thu May 19 12:12:12 EDT 2016
Hi,
valgrind found some invalid reads/writes when updating sections (see below).
The problem seems to be in list.c, where sections are updated:
} else if (ptr->s && ptr->section) { /* update section */
char *s = uci_strdup(ctx, ptr->value);
if (ptr->s->type == uci_dataptr(ptr->s)) {
ptr->last = NULL;
ptr->last = uci_realloc(ctx, ptr->s, sizeof(struct uci_section));
ptr->s = uci_to_section(ptr->last);
uci_list_fixup(&ptr->s->e.list);
} else {
free(ptr->s->type);
}
ptr->s->type = s;
}
I don't completely understand what is happening in the if block.
Isn't ptr->s->type always uci_dataptr(ptr->s)?
Using uci_free_section + uci_alloc_section instead of an uci_realloc
seems to prevent the invalid accesses, but this of course has other
problems (options from the section are also freed).
Can someone explain what this block is supposed to do (e.g. why is a
fixup required)?
$ valgrind uci set system.ntp=timeserver
==4113== Memcheck, a memory error detector
[...]
==4113== Invalid read of size 8
==4113== at 0x4E38565: uci_free_section (list.c:210)
==4113== by 0x4E386AA: uci_free_package (list.c:243)
==4113== by 0x4E38CE0: uci_free_context (libuci.c:84)
==4113== by 0x4016C4: main (cli.c:774)
==4113== Address 0x55ee7b0 is 32 bytes inside a block of size 83 free'd
==4113== at 0x4C2BDDF: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4113== by 0x4E3B58B: uci_realloc (util.c:49)
==4113== by 0x4E39DE5: uci_set (list.c:708)
==4113== by 0x4022A8: uci_do_section_cmd (cli.c:514)
==4113== by 0x4022A8: uci_cmd (cli.c:669)
==4113== by 0x401694: main (cli.c:767)
==4113== Block was alloc'd at
==4113== at 0x4C29C0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4113== by 0x4E3B555: uci_malloc (util.c:39)
==4113== by 0x4E382AB: uci_alloc_generic (list.c:47)
==4113== by 0x4E383B7: uci_alloc_section (list.c:191)
==4113== by 0x4E39D33: uci_set (list.c:694)
==4113== by 0x4E3AECA: uci_parse_config (file.c:451)
==4113== by 0x4E3AECA: uci_parse_line (file.c:521)
==4113== by 0x4E3AECA: uci_import (file.c:683)
==4113== by 0x4E3B4C1: uci_file_load (file.c:910)
==4113== by 0x4E390C7: uci_load (libuci.c:216)
==4113== by 0x4E391EC: uci_lookup_ptr (list.c:391)
==4113== by 0x40220B: uci_do_section_cmd (cli.c:477)
==4113== by 0x40220B: uci_cmd (cli.c:669)
==4113== by 0x401694: main (cli.c:767)
==4113==
==4113== Invalid read of size 4
==4113== at 0x4E38506: uci_free_option (list.c:97)
==4113== by 0x4E38571: uci_free_section (list.c:211)
==4113== by 0x4E386AA: uci_free_package (list.c:243)
==4113== by 0x4E38CE0: uci_free_context (libuci.c:84)
==4113== by 0x4016C4: main (cli.c:774)
==4113== Address 0x55ee7d8 is 72 bytes inside a block of size 83 free'd
==4113== at 0x4C2BDDF: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4113== by 0x4E3B58B: uci_realloc (util.c:49)
==4113== by 0x4E39DE5: uci_set (list.c:708)
==4113== by 0x4022A8: uci_do_section_cmd (cli.c:514)
==4113== by 0x4022A8: uci_cmd (cli.c:669)
==4113== by 0x401694: main (cli.c:767)
==4113== Block was alloc'd at
==4113== at 0x4C29C0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4113== by 0x4E3B555: uci_malloc (util.c:39)
==4113== by 0x4E382AB: uci_alloc_generic (list.c:47)
==4113== by 0x4E383B7: uci_alloc_section (list.c:191)
==4113== by 0x4E39D33: uci_set (list.c:694)
==4113== by 0x4E3AECA: uci_parse_config (file.c:451)
==4113== by 0x4E3AECA: uci_parse_line (file.c:521)
==4113== by 0x4E3AECA: uci_import (file.c:683)
==4113== by 0x4E3B4C1: uci_file_load (file.c:910)
==4113== by 0x4E390C7: uci_load (libuci.c:216)
==4113== by 0x4E391EC: uci_lookup_ptr (list.c:391)
==4113== by 0x40220B: uci_do_section_cmd (cli.c:477)
==4113== by 0x40220B: uci_cmd (cli.c:669)
==4113== by 0x401694: main (cli.c:767)
==4113==
==4113== Invalid read of size 8
==4113== at 0x4E384DD: uci_free_element (list.c:69)
==4113== by 0x4E38571: uci_free_section (list.c:211)
==4113== by 0x4E386AA: uci_free_package (list.c:243)
==4113== by 0x4E38CE0: uci_free_context (libuci.c:84)
==4113== by 0x4016C4: main (cli.c:774)
==4113== Address 0x55ee7c8 is 56 bytes inside a block of size 83 free'd
==4113== at 0x4C2BDDF: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4113== by 0x4E3B58B: uci_realloc (util.c:49)
==4113== by 0x4E39DE5: uci_set (list.c:708)
==4113== by 0x4022A8: uci_do_section_cmd (cli.c:514)
==4113== by 0x4022A8: uci_cmd (cli.c:669)
==4113== by 0x401694: main (cli.c:767)
==4113== Block was alloc'd at
==4113== at 0x4C29C0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4113== by 0x4E3B555: uci_malloc (util.c:39)
==4113== by 0x4E382AB: uci_alloc_generic (list.c:47)
==4113== by 0x4E383B7: uci_alloc_section (list.c:191)
==4113== by 0x4E39D33: uci_set (list.c:694)
==4113== by 0x4E3AECA: uci_parse_config (file.c:451)
==4113== by 0x4E3AECA: uci_parse_line (file.c:521)
==4113== by 0x4E3AECA: uci_import (file.c:683)
==4113== by 0x4E3B4C1: uci_file_load (file.c:910)
==4113== by 0x4E390C7: uci_load (libuci.c:216)
==4113== by 0x4E391EC: uci_lookup_ptr (list.c:391)
==4113== by 0x40220B: uci_do_section_cmd (cli.c:477)
==4113== by 0x40220B: uci_cmd (cli.c:669)
==4113== by 0x401694: main (cli.c:767)
==4113==
==4113== Invalid read of size 8
==4113== at 0x4E384E6: uci_free_element (list.c:70)
==4113== by 0x4E38571: uci_free_section (list.c:211)
==4113== by 0x4E386AA: uci_free_package (list.c:243)
==4113== by 0x4E38CE0: uci_free_context (libuci.c:84)
==4113== by 0x4016C4: main (cli.c:774)
==4113== Address 0x55ee7b0 is 32 bytes inside a block of size 83 free'd
==4113== at 0x4C2BDDF: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4113== by 0x4E3B58B: uci_realloc (util.c:49)
==4113== by 0x4E39DE5: uci_set (list.c:708)
==4113== by 0x4022A8: uci_do_section_cmd (cli.c:514)
==4113== by 0x4022A8: uci_cmd (cli.c:669)
==4113== by 0x401694: main (cli.c:767)
==4113== Block was alloc'd at
==4113== at 0x4C29C0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4113== by 0x4E3B555: uci_malloc (util.c:39)
==4113== by 0x4E382AB: uci_alloc_generic (list.c:47)
==4113== by 0x4E383B7: uci_alloc_section (list.c:191)
==4113== by 0x4E39D33: uci_set (list.c:694)
==4113== by 0x4E3AECA: uci_parse_config (file.c:451)
==4113== by 0x4E3AECA: uci_parse_line (file.c:521)
==4113== by 0x4E3AECA: uci_import (file.c:683)
==4113== by 0x4E3B4C1: uci_file_load (file.c:910)
==4113== by 0x4E390C7: uci_load (libuci.c:216)
==4113== by 0x4E391EC: uci_lookup_ptr (list.c:391)
==4113== by 0x40220B: uci_do_section_cmd (cli.c:477)
==4113== by 0x40220B: uci_cmd (cli.c:669)
==4113== by 0x401694: main (cli.c:767)
==4113==
==4113== Invalid free() / delete / delete[] / realloc()
==4113== at 0x4C2AE6B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4113== by 0x4E38571: uci_free_section (list.c:211)
==4113== by 0x4E386AA: uci_free_package (list.c:243)
==4113== by 0x4E38CE0: uci_free_context (libuci.c:84)
==4113== by 0x4016C4: main (cli.c:774)
==4113== Address 0x55ee7b0 is 32 bytes inside a block of size 83 free'd
==4113== at 0x4C2BDDF: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4113== by 0x4E3B58B: uci_realloc (util.c:49)
==4113== by 0x4E39DE5: uci_set (list.c:708)
==4113== by 0x4022A8: uci_do_section_cmd (cli.c:514)
==4113== by 0x4022A8: uci_cmd (cli.c:669)
==4113== by 0x401694: main (cli.c:767)
==4113== Block was alloc'd at
==4113== at 0x4C29C0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4113== by 0x4E3B555: uci_malloc (util.c:39)
==4113== by 0x4E382AB: uci_alloc_generic (list.c:47)
==4113== by 0x4E383B7: uci_alloc_section (list.c:191)
==4113== by 0x4E39D33: uci_set (list.c:694)
==4113== by 0x4E3AECA: uci_parse_config (file.c:451)
==4113== by 0x4E3AECA: uci_parse_line (file.c:521)
==4113== by 0x4E3AECA: uci_import (file.c:683)
==4113== by 0x4E3B4C1: uci_file_load (file.c:910)
==4113== by 0x4E390C7: uci_load (libuci.c:216)
==4113== by 0x4E391EC: uci_lookup_ptr (list.c:391)
==4113== by 0x40220B: uci_do_section_cmd (cli.c:477)
==4113== by 0x40220B: uci_cmd (cli.c:669)
==4113== by 0x401694: main (cli.c:767)
==4113==
==4113== Invalid read of size 8
==4113== at 0x4E38575: uci_free_section (list.c:210)
==4113== by 0x4E386AA: uci_free_package (list.c:243)
==4113== by 0x4E38CE0: uci_free_context (libuci.c:84)
==4113== by 0x4016C4: main (cli.c:774)
==4113== Address 0x55ee7b0 is 32 bytes inside a block of size 83 free'd
==4113== at 0x4C2BDDF: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4113== by 0x4E3B58B: uci_realloc (util.c:49)
==4113== by 0x4E39DE5: uci_set (list.c:708)
==4113== by 0x4022A8: uci_do_section_cmd (cli.c:514)
==4113== by 0x4022A8: uci_cmd (cli.c:669)
==4113== by 0x401694: main (cli.c:767)
==4113== Block was alloc'd at
==4113== at 0x4C29C0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4113== by 0x4E3B555: uci_malloc (util.c:39)
==4113== by 0x4E382AB: uci_alloc_generic (list.c:47)
==4113== by 0x4E383B7: uci_alloc_section (list.c:191)
==4113== by 0x4E39D33: uci_set (list.c:694)
==4113== by 0x4E3AECA: uci_parse_config (file.c:451)
==4113== by 0x4E3AECA: uci_parse_line (file.c:521)
==4113== by 0x4E3AECA: uci_import (file.c:683)
==4113== by 0x4E3B4C1: uci_file_load (file.c:910)
==4113== by 0x4E390C7: uci_load (libuci.c:216)
==4113== by 0x4E391EC: uci_lookup_ptr (list.c:391)
==4113== by 0x40220B: uci_do_section_cmd (cli.c:477)
==4113== by 0x40220B: uci_cmd (cli.c:669)
==4113== by 0x401694: main (cli.c:767)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Digital signature
URL: <http://lists.infradead.org/pipermail/openwrt-devel/attachments/20160519/03d98d60/attachment.sig>
-------------- next part --------------
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list