[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#203921: libc6: mallopt segfaults

On Sat, Aug 02, 2003 at 09:19:33PM +0200, Uwe Zeisberger wrote:
> Package: libc6
> Version: 2.3.1-17
> Severity: normal
> Tags: upstream
> 
> while playing xblast[1], the program fails irregular with a segfault.
> 
> Here is a sample output of xblast started in gdb:

Have you tried using a memory debugger - valgrind for instance? 
Segfaults in malloc or anything called from it almost always mean that
your application has corrupted the heap.

> 
> ----------------------------->8-----------------------
> 
> Program received signal SIGSEGV, Segmentation fault.
> 0x4014d417 in mallopt () from /lib/libc.so.6
> (gdb) bt
> #0  0x4014d417 in mallopt () from /lib/libc.so.6
> #1  0x4014ce37 in mallopt () from /lib/libc.so.6
> #2  0x4014c0fc in malloc () from /lib/libc.so.6
> #3  0x0804b0ec in ReadPpmFile (path=0x80823c0 "image/block",
>     filename=0x8080644 "score_right_up", width=0xbffffa94, height=0xbffffa90)
>     at util.c:464
> #4  0x0807a3f3 in ReadCchPixmap (path=0x80823c0 "image/block",
>     filename=0x8080644 "score_right_up", fg=0, bg=23323, add=0)
>     at x11c_image.c:292
> #5  0x0807be18 in GUI_LoadBlockCch (id=0, name=0x8080644 "score_right_up",
>     fg=0, bg=23323, add=0) at x11c_tile.c:226
> #6  0x0804e2db in ConfigScoreGraphics (data=0x80806c0) at map.c:306
> #7  0x0804d28c in ShowScoreBoard (lastTeam=0, maxNumWins=4, numPlayers=2,
>     playerStat=0x811daa0, timeOut=XBTrue) at intro.c:799
> #8  0x0805e0e9 in RunClientGame (hostType=XBPH_Client1) at game_client.c:337
> #9  0x0804a766 in main (argc=1, argv=0xbffffd44) at xblast.c:98
> 
> ----------------------------->8-----------------------
> 
> I don't think, it's important, but util.c:464ff [2] are:
> 
>     if (NULL == (ppm = malloc (nPixel * sizeof(char) ) ) )  {
>       goto Error;
>     }
> 
> Repeating the test, the segfault happens not always in
> malloc/ReadPpmFile but always in mallopt.
> 
> The last game ended in
> #0  0x4014e2a9 in mallopt () from /lib/libc.so.6
> #1  0x4014d281 in free () from /lib/libc.so.6
> #2  0x08054e4a in DelExplosion (ptr=0x81651e8) at bomb.c:571
> ...
> 
> The game before died in a calloc.
> 
> As in most cases the error occurs in malloc, i think, that's not a
> problem of xblast but of libc.
> 
> On Solaris this problem didn't occur until now. On a Gentoo linux
> maschine with the same version of libc (i.e. 2.3.1), xblast segfaults,
> too. (On that maschine exists no gdb and I didn't feel like installing
> it - so _maybe_ it's an other reason there.)
> 
> I don't dare to debug the memory functions of libc, so I deliver no
> patch.
> 
> Maybe this has something to do with bug #202969? I'm not sure, because
> `my' error occurs in mallopt, not in free or malloc directly. Moreover
> I'm not able to reproduce the bug starting gimp and repeatedly open the
> open dialog.
> 
> Setting (as described in [3]) LANG=en_US or defining LC_COLLATE didn't
> help.
> 
> Regards
> Uwe
> 
> [1] from package:
>     http://luc.saillard.free.fr/XBlast-TNT/debian/xblast-tnt_2.38-pl4-1_i386.deb
> 
> [2] supposing the package was build using
>     http://luc.saillard.free.fr/XBlast-TNT/sources/XBlast-TNT-2.38-pl4.tar.bz2
> 
> [3] http://lists.debian.org/debian-gtk-gnome/2003/debian-gtk-gnome-200307/msg00128.html
> 
> -- System Information:
> Debian Release: testing/unstable
> Architecture: i386
> Kernel: Linux cepheus 2.4.21-ac1 #1 Tue Jun 17 11:42:40 CEST 2003 i686
> Locale: LANG=C, LC_CTYPE=C
> 
> Versions of packages libc6 depends on:
> ii  libdb1-compat                 2.1.3-7    The Berkeley database
> routines [gl
> 
> -- no debconf information
> 
> 
> -- 
> Uwe Zeisberger
> 
> $ dc << EOF
> [d1-d1<a]sa99d1<a1[rdn555760928P*pz1<a]salax
> EOF



-- 
Daniel Jacobowitz
MontaVista Software                         Debian GNU/Linux Developer
Reply to: