Fix memory corruption when using realloc_memory_ranges()

Because realloc_memory_ranges() makes the old memory invalid, and we return
a pointer to memory_range in get_memory_ranges(), we need to copy the contents
in get_memory_ranges().

Some code that calls realloc_memory_ranges() may be triggered by
get_base_ranges() which is called after get_memory_ranges().

Yes, the memory needs to be deleted somewhere, but I don't know currently
where it's the best, and since it's not in a loop and memory is deleted
anyway after program termination I don't want to introduce unneccessary
complexity. The problem is that get_base_ranges() gets called from
architecture independent code and that allocation is PPC64-specific here.

Signed-off-by: Bernhard Walle <bwalle@suse.de>diff --git a/kexec/arch/ppc64/kexec-ppc64.c b/kexec/arch/ppc64/kexec-ppc64.c
index b0d8acd..ad8a31c 100644
Signed-off-by: Bernhard Walle <bwalle@suse.de>
Signed-off-by: Simon Horman <horms@verge.net.au>

1 files changed, 10 insertions, 1 deletions

diff --git a/kexec/arch/ppc64/kexec-ppc64.c b/kexec/arch/ppc64/kexec-ppc64.c
index b0d8acd..ad8a31c 100644
--- a/kexec/arch/ppc64/kexec-ppc64.c
+++ b/kexec/arch/ppc64/kexec-ppc64.c
@@ -715,7 +715,16 @@ int get_memory_ranges(struct memory_range **range, int *ranges,
 	if (setup_memory_ranges(kexec_flags))
 		return -1;
 
-	*range = memory_range;
+	/*
+	 * copy the memory here, another realloc_memory_ranges might
+	 * corrupt the old memory
+	 */
+	*range = calloc(sizeof(struct memory_range), nr_memory_ranges);
+	if (*range == NULL)
+		return -1;
+	memmove(*range, memory_range,
+		sizeof(struct memory_range) * nr_memory_ranges);
+
 	*ranges = nr_memory_ranges;
 	fprintf(stderr, "get memory ranges:%d\n", nr_memory_ranges);
 	return 0;