There are a couple of segfault-causing memory accesses in sial when scripts are unloaded. Also, I noticed a memory leak in the vicinity of one of the segfaults. The patch below fixes these. (1) in reg_callback, while unloading, help_str, an unitialized pointer, is passed to sial_free() (2) the help_data pointers are sial_strdup()'d and not freed. the help_data itself is malloc()'d but not freed (3) in sial_deletefile(), the call to sial_freefile() frees the fdata, but it is removed from the list (a process which accesses this fdata) only in sial_findfile(name, 1). Rabin diff --git a/extensions/libsial/sial_func.c b/extensions/libsial/sial_func.c index cd4648f..c5373ef 100644 --- a/extensions/libsial/sial_func.c +++ b/extensions/libsial/sial_func.c @@ -317,8 +317,8 @@ fdata *fd=sial_findfile(name, 0); if(fd) { - sial_freefile(fd); (void)sial_findfile(name, 1); + sial_freefile(fd); return 1; } diff --git a/extensions/sial.c b/extensions/sial.c index 49ae417..3b7df90 100644 --- a/extensions/sial.c +++ b/extensions/sial.c @@ -887,6 +887,10 @@ struct command_table_entry *cp, *end; for (cp = command_table; cp->name; cp++) { if (!strcmp(cp->name, name)) { sial_free(cp->name); + sial_free(cp->help_data[0]); + sial_free(cp->help_data[2]); + sial_free(cp->help_data[3]); + free(cp->help_data); memmove(cp, cp+1, sizeof *cp *(NCMDS-(cp-command_table)-1)); break; } @@ -937,7 +941,6 @@ char **help=malloc(sizeof *help * 5); } else rm_sial_cmd(name); } - sial_free(help_str); } free(help); return; -- Crash-utility mailing list Crash-utility@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/crash-utility