From ef3f522c99c0e8af06ae5af625225885f8930b19 Mon Sep 17 00:00:00 2001 From: Bernhard Walle Date: Fri, 16 Jan 2009 18:52:26 +0100 Subject: [PATCH] [PPC64] Fix memory corruption when using realloc_memory_ranges() Because realloc_memory_ranges() makes the old memory invalid, and we return a pointer to memory_range in get_memory_ranges(), we need to copy the contents in get_memory_ranges(). Some code that calls realloc_memory_ranges() may be triggered by get_base_ranges() which is called after get_memory_ranges(). Yes, the memory needs to be deleted somewhere, but I don't know currently where it's the best, and since it's not in a loop and memory is deleted anyway after program termination I don't want to introduce unneccessary complexity. The problem is that get_base_ranges() gets called from architecture independent code and that allocation is PPC64-specific here. Signed-off-by: Bernhard Walle diff --git a/kexec/arch/ppc64/kexec-ppc64.c b/kexec/arch/ppc64/kexec-ppc64.c index b0d8acd..ad8a31c 100644 diff --git a/kexec/arch/ppc64/kexec-ppc64.c b/kexec/arch/ppc64/kexec-ppc64.c index b0d8acd..ad8a31c 100644 --- a/kexec/arch/ppc64/kexec-ppc64.c +++ b/kexec/arch/ppc64/kexec-ppc64.c @@ -715,7 +715,16 @@ int get_memory_ranges(struct memory_range **range, int *ranges, if (setup_memory_ranges(kexec_flags)) return -1; - *range = memory_range; + /* + * copy the memory here, another realloc_memory_ranges might + * corrupt the old memory + */ + *range = calloc(sizeof(struct memory_range), nr_memory_ranges); + if (*range == NULL) + return -1; + memmove(*range, memory_range, + sizeof(struct memory_range) * nr_memory_ranges); + *ranges = nr_memory_ranges; fprintf(stderr, "get memory ranges:%d\n", nr_memory_ranges); return 0;