[erlang-patches] [PATCH] Fix memory corruption when reading topology information

Gustav Simonsson gustav@REDACTED
Tue Mar 13 14:50:02 CET 2012


Hi Benjamin,

We discovered this error in a few other places, and will create a 
slightly larger internal patch for this issue.
Thank you for finding this error and reporting it!

Regards,
Gustav Simonsson
Erlang/OTP team


On 2012-03-09 04:23, Benjamin Herrenschmidt wrote:
> If the number of processors actually found while reading sysfs
> is lower than the configured value, we realloc() the cpuinfo array
> to the smaller size, but we then iterate it using the original
> configured size, thus corrupting memory beyond the allocated
> block.
>
> Signed-off-by: Benjamin Herrenschmidt<benh@REDACTED>
> ---
>
> diff -urN otp_src_R15B.orig/erts/lib_src/common/erl_misc_utils.c otp_src_R15B/erts/lib_src/common/erl_misc_utils.c
> --- otp_src_R15B.orig/erts/lib_src/common/erl_misc_utils.c	2011-12-14 21:22:11.000000000 +1100
> +++ otp_src_R15B/erts/lib_src/common/erl_misc_utils.c	2012-03-08 14:40:18.111420986 +1100
> @@ -939,7 +939,7 @@
>
>   	if (res>  1) {
>   	    prev = this++;
> -	    last =&cpuinfo->topology[cpuinfo->configured-1];
> +	    last =&cpuinfo->topology[cpuinfo->topology_size-1];
>
>   	    while (1) {
>   		this->thread = ((this->node == prev->node
>
>
>
> _______________________________________________
> erlang-patches mailing list
> erlang-patches@REDACTED
> http://erlang.org/mailman/listinfo/erlang-patches




More information about the erlang-patches mailing list