[Nut-upsdev] nut-ipmipsu 2.7.3-2.7.4 crash on ipmi_sdr_ctx_destroy in libfreeipmi_cleanup

Zoran Peričić zpericic at netst.org
Thu Mar 24 12:32:37 UTC 2016 

ipmi_sdr_ctx_destroy is already called in libfreeipmi_get_sensors_info 
but sdr_ctx isn't nulled so libfreeipmi_cleanup is trying to destroy it 
second time.

*** Error in `nut-ipmipsu': munmap_chunk(): invalid pointer: 
0x000055de01edee50 ***
======= Backtrace: =========
/lib64/libc.so.6(+0x77a8d)[0x7fec04122a8d]
/lib64/libc.so.6(cfree+0x79d)[0x7fec0412eefd]
/lib64/libfreeipmi.so.16(+0x1c39d8)[0x7fec04a679d8]
/lib64/libfreeipmi.so.16(ipmi_sdr_ctx_destroy+0x42)[0x7fec04a3d1d2]
nut-ipmipsu(+0x4432)[0x55de01669432]
nut-ipmipsu(+0x4ee9)[0x55de01669ee9]
nut-ipmipsu(+0x3a38)[0x55de01668a38]
/lib64/libc.so.6(__libc_start_main+0xf0)[0x7fec040cb700]
nut-ipmipsu(+0x3ed9)[0x55de01668ed9]

Zoran Pericic

-------------- next part --------------
From 1d47d943b4b657aa1ecfc87398abe433d1fb2747 Mon Sep 17 00:00:00 2001
From: Zoran Pericic <zpericic at netst.org>
Date: Thu, 24 Mar 2016 13:26:22 +0100
Subject: [PATCH] ipmi_sdr_ctx_destroy is already called in
 libfreeipmi_get_sensors_info but sdr_ctx isn't nulled so libfreeipmi_cleanup
 is trying to destroy it second time.

*** Error in `nut-ipmipsu': munmap_chunk(): invalid pointer: 0x000055de01edee50 ***
======= Backtrace: =========
/lib64/libc.so.6(+0x77a8d)[0x7fec04122a8d]
/lib64/libc.so.6(cfree+0x79d)[0x7fec0412eefd]
/lib64/libfreeipmi.so.16(+0x1c39d8)[0x7fec04a679d8]
/lib64/libfreeipmi.so.16(ipmi_sdr_ctx_destroy+0x42)[0x7fec04a3d1d2]
nut-ipmipsu(+0x4432)[0x55de01669432]
nut-ipmipsu(+0x4ee9)[0x55de01669ee9]
nut-ipmipsu(+0x3a38)[0x55de01668a38]
/lib64/libc.so.6(__libc_start_main+0xf0)[0x7fec040cb700]
nut-ipmipsu(+0x3ed9)[0x55de01668ed9]
---
 drivers/nut-libfreeipmi.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/nut-libfreeipmi.c b/drivers/nut-libfreeipmi.c
index 06e955e..b9e3bb7 100644
--- a/drivers/nut-libfreeipmi.c
+++ b/drivers/nut-libfreeipmi.c
@@ -730,6 +730,7 @@ cleanup:
 	/* Cleanup */
 	if (sdr_ctx) {
 		ipmi_sdr_ctx_destroy (sdr_ctx);
+		sdr_ctx = NULL;
 	}
 
 #ifndef HAVE_FREEIPMI_11X_12X
-- 
2.5.5

More information about the Nut-upsdev mailing list