Ticket 10530

Summary: Use after free in _multi_prog_parse
Product: Slurm Reporter: Alex Henrie <alexhenrie24>
Component: OtherAssignee: Tim Wickberg <tim>
Status: RESOLVED FIXED QA Contact:
Severity: C - Contributions    
Priority: ---    
Version: 21.08.x   
Hardware: Linux   
OS: Linux   
Site: University of Utah Alineos Sites: ---
Atos/Eviden Sites: --- Confidential Site: ---
Coreweave sites: --- Cray Sites: ---
DS9 clusters: --- HPCnow Sites: ---
HPE Sites: --- IBM Sites: ---
NOAA SIte: --- OCF Sites: ---
Recursion Pharma Sites: --- SFW Sites: ---
SNIC sites: --- Linux Distro: ---
Machine Name: CLE Version:
Version Fixed: 20.11.3 Target Release: ---
DevPrio: --- Emory-Cloud Sites: ---
Attachments: Proposed patch

Description Alex Henrie 2020-12-31 14:27:10 MST 
Currently _multi_prog_parse has the following code:

	free(one_rank);
	hostlist_destroy(hl);
	error("%s: invalid rank id %s",
	      plugin_type, one_rank);

This code can cause a crash by trying to print one_rank after it has been freed.

Bug identified by scan-build <https://clang-analyzer.llvm.org/scan-build.html>
Comment 1 Alex Henrie 2020-12-31 14:28:36 MST 
Created attachment 17307 [details]
Proposed patch

The attached patch fixes the problem.
Comment 2 Tim Wickberg 2021-01-04 10:37:44 MST 
Comment on attachment 17307 [details]
Proposed patch

commit 616cfee01bcd6d0b578e22c3de78123b4e73e2cb
Author:     Alex Henrie <alexhenrie24@gmail.com>
AuthorDate: Thu Dec 31 14:27:45 2020 -0700

    mpi/cray_shasta - fix use after free in _multi_prog_parse().
    
    Bug 10530.
Comment 3 Tim Wickberg 2021-01-04 10:38:04 MST 
Thanks Alex. This will be in 20.11.3 when released.

- Tim
Comment 4 Alex Henrie 2021-01-04 14:47:34 MST 
Thank you!