Bug 596264
Summary: | Segfault when decoding DMI data in dmi_processor_id() | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 5 | Reporter: | David Sommerseth <davids> | ||||||||
Component: | python-dmidecode | Assignee: | Roman Rakus <rrakus> | ||||||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | qe-baseos-daemons | ||||||||
Severity: | high | Docs Contact: | |||||||||
Priority: | urgent | ||||||||||
Version: | 5.5 | CC: | azelinka, davids, jhutar, jplans, jscotka, mmello, mosvald, ndevos, ovasik, rrakus, syeghiay, tao, tsmetana, williams | ||||||||
Target Milestone: | rc | Keywords: | ZStream | ||||||||
Target Release: | --- | ||||||||||
Hardware: | All | ||||||||||
OS: | Linux | ||||||||||
Whiteboard: | |||||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||||
Doc Text: | Story Points: | --- | |||||||||
Clone Of: | 583867 | ||||||||||
: | 621146 627901 1058872 1058873 (view as bug list) | Environment: | |||||||||
Last Closed: | 2013-09-23 11:19:09 UTC | Type: | --- | ||||||||
Regression: | --- | Mount Type: | --- | ||||||||
Documentation: | --- | CRM: | |||||||||
Verified Versions: | Category: | --- | |||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||
Embargoed: | |||||||||||
Bug Depends On: | 583867 | ||||||||||
Bug Blocks: | 596133, 621146, 621837, 1058872 | ||||||||||
Attachments: |
|
The attached patch is sent upstream for inclusion. Will expect an answer in a couple of days. A new python-dmidecode version is expected to land shortly afterwards. Created attachment 442185 [details] strace of command Hi, it is same as in bug in RHEL5 https://bugzilla.redhat.com/show_bug.cgi?id=596264 Problem is propable somewhere in python-dmidecode. when it causes Segmentation fault: # rpm -qa python-dmidecode python-dmidecode-3.10.12-1.el6.x86_64 used dmi binary dumped file from bug above. some few last lines from strace: _____________________________________________ fstat(4, {st_mode=S_IFREG|0755, st_size=185072, ...}) = 0 open("/usr/lib64/python2.6/site-packages/dmidecodemod.so", O_RDONLY) = 5 read(5, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0@\321\0\0\0\0\0\0"..., 832) = 832 fstat(5, {st_mode=S_IFREG|0755, st_size=185072, ...}) = 0 mmap(NULL, 2280264, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 5, 0) = 0x7f811426f000 mprotect(0x7f8114298000, 2097152, PROT_NONE) = 0 mmap(0x7f8114498000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 5, 0x29000) = 0x7f8114498000 close(5) = 0 open("/sys/firmware/efi/systab", O_RDONLY) = -1 ENOENT (No such file or directory) open("/proc/efi/systab", O_RDONLY) = -1 ENOENT (No such file or directory) open("/dev/mem", O_RDONLY) = 5 mmap(NULL, 65536, PROT_READ, MAP_SHARED, 5, 0xf0000) = 0x7f811bb06000 munmap(0x7f811bb06000, 65536) = 0 close(5) = 0 close(4) = 0 close(3) = 0 stat("dmi.dmp", {st_mode=S_IFREG|0664, st_size=1755, ...}) = 0 stat("/usr/share/python-dmidecode/pymap.xml", {st_mode=S_IFREG|0644, st_size=49051, ...}) = 0 stat("/usr/share/python-dmidecode/pymap.xml", {st_mode=S_IFREG|0644, st_size=49051, ...}) = 0 stat("/usr/share/python-dmidecode/pymap.xml", {st_mode=S_IFREG|0644, st_size=49051, ...}) = 0 open("/usr/share/python-dmidecode/pymap.xml", O_RDONLY) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=49051, ...}) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f811bb15000 read(3, "<?xml version=\"1.0\" encoding=\"UT"..., 16384) = 16384 lseek(3, 0, SEEK_CUR) = 16384 lseek(3, 0, SEEK_SET) = 0 read(3, "<?xml version=\"1.0\" encoding=\"UT"..., 4096) = 4096 read(3, "ze\"/>\n </Map>\n </TypeMap"..., 4096) = 4096 read(3, "luetype=\"dict\">\n <Map k"..., 4096) = 4096 read(3, "mory Module Size\"\n "..., 4096) = 4096 read(3, " <Map keytype=\"constant\" key"..., 4096) = 4096 brk(0x2350000) = 0x2350000 read(3, "nabled\" valuetype=\"boolean\" "..., 4096) = 4096 read(3, "stant\" key=\"Data Start Offset\" v"..., 4096) = 4096 brk(0x2371000) = 0x2371000 read(3, "e=\"dict\">\n <Map keytype=\""..., 4096) = 4096 read(3, "ct\">\n <Map keytype=\"con"..., 4096) = 4096 read(3, " valuetype=\"string\" value=\""..., 4096) = 4096 brk(0x2392000) = 0x2392000 read(3, "ing\" value=\"Description\"/>\n "..., 4096) = 4096 read(3, "ement Device Threshold Data -->\n"..., 4096) = 3995 brk(0x23b3000) = 0x23b3000 read(3, "", 4096) = 0 read(3, "", 4096) = 0 close(3) = 0 munmap(0x7f811bb15000, 4096) = 0 access("dmi.dmp", R_OK) = 0 open("dmi.dmp", O_RDONLY) = 3 mmap(NULL, 32, PROT_READ, MAP_SHARED, 3, 0) = 0x7f811bb15000 munmap(0x7f811bb15000, 32) = 0 close(3) = 0 open("dmi.dmp", O_RDONLY) = 3 mmap(NULL, 1755, PROT_READ, MAP_SHARED, 3, 0) = 0x7f811bb15000 munmap(0x7f811bb15000, 1755) = 0 close(3) = 0 --- SIGSEGV (Segmentation fault) @ 0 (0) --- +++ killed by SIGSEGV (core dumped) +++ Created attachment 472083 [details] Patches fixing dmi_string() NULL issues This is a new patch, which should solve the NULL issues we've seen related to dmi_string() in a much better way. This patch includes the patch found in attachment #416844 [details] and a different solution for the attachment #471968 [details]. ----------------------------------------------------------------------- commit 7253bbeed7f6d00bd796019d79dc1fe0a805fa8e Author: David Sommerseth <davids> Date: Wed May 26 15:39:19 2010 +0200 Fixed an issue causing SEGV on some hardware when dmi_processor_id() is called The dmi_processor_id() function did not check the char *version pointer if it was NULL before doing strcmp(). On some hardware, *version will be NULL. commit 10a2d8bd43934966dd842fd8f401f0d679d0d66a Author: David Sommerseth <davids> Date: Thu Jan 6 13:44:25 2011 +0100 Implemented dmixml_AddDMIstring() This function can be used instead of dmi_string() and dmixml_AddTextChild(). In those cases where dmi_string() returns NULL, this situation is handled more gracefully. In addition of also handling "not specified" situations better as well. Signed-off-by: David Sommerseth <davids> commit 734d025ce6503851447f5a3dd08b107425f8b515 Author: David Sommerseth <davids> Date: Thu Jan 6 13:47:42 2011 +0100 Make use of dmixml_AddDMIstring() where possible This modifies the core DMI decoding to make use of the new dmixml_AddDMIstring() function instead of the older, more error prone approach of dmi_string() and dmixml_AddTextChild(). Signed-off-by: David Sommerseth <davids> commit d6987c53d3648d85e410ef81a343867e239eb960 Author: David Sommerseth <davids> Date: Thu Jan 6 15:56:24 2011 +0100 Harden dmi_string() calls with better NULL checks This patch fixes more potential issues where dmi_string() results was not necessarily checked for NULL, which potentially could lead to SEGV issues. Signed-off-by: David Sommerseth <davids> ----------------------------------------------------------------------- All these patches are sent upstream and commit 7253bbeed7f6d00bd796019d79dc1fe0a805fa8e is already accepted and can be found in python-dmidecode-3.10.13. |
Created attachment 416844 [details] Patch fixing the SEGV issue