Hide Forgot
From Bugzilla Helper: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Description of problem: Running kudzu under ElectricFence crashes in usb.c at line 545, looking: 527 probeMods = malloc(2 * sizeof(struct module)); ... 536 numMods = 1; ... 545 probeMods[numMods + 1].name = NULL; numMods + 1 will be 2 the first time, but probeMods only has two elements, so we're writing off the end of the buffer. The lack of any realloc code for probeMods looks suspicious, but I may just not understand :) Version-Release number of selected component (if applicable): kudzu-1.1.53-1 How reproducible: Always Steps to Reproduce: 1. LD_PRELOAD=libefence.so.0.0 kudzu --probe 2. 3. Additional info: This one liner fixes the immediate problem: --- ../kudzu-1.1.53/usb.c 2004-01-26 05:30:48.000000000 +0000 +++ ./usb.c 2004-04-01 05:12:11.743165338 +0100 @@ -524,7 +524,7 @@ usbReadDrivers(NULL); init_list = 1; } - probeMods = malloc(2 * sizeof(struct module)); + probeMods = malloc(3 * sizeof(struct module)); probeMods[0].name = NULL; cf = readConfModules(module_file); if (cf && (alias = getAlias(cf, "usb-controller"))
Yowza, yeah, there's a missing realloc there. Fixed in 1.1.54-1, thanks!