Bug#520920: texlive-base-bin: bibtex crashes on realloc (invalid next size)
On 2009-03-25 15:23:33 +0100, Hilmar Preusse wrote:
> Who is upstream in your opinion? Are you sure this is a problem in
> bibtex? It could be in glibc and kpathsea too (IMHO).
Since the crash occurs in kpathsea, perhaps, but see the valgrind
output below (I doubt this is a glibc bug, even though the crash
doesn't occur under Mac OS X -- but maybe one needs a different
testcase for Mac OS X).
$ valgrind bibtex livre_fp
==13096== Memcheck, a memory error detector.
==13096== Copyright (C) 2002-2008, and GNU GPL'd, by Julian Seward et al.
==13096== Using LibVEX rev 1884, a library for dynamic binary translation.
==13096== Copyright (C) 2004-2008, and GNU GPL'd, by OpenWorks LLP.
==13096== Using valgrind-3.4.1-Debian, a dynamic binary instrumentation framewor
k.
==13096== Copyright (C) 2000-2008, and GNU GPL'd, by Julian Seward et al.
==13096== For more details, rerun with: -v
==13096==
This is BibTeX, Version 0.99c (Web2C 7.5.6)
The top-level auxiliary file: livre_fp.aux
A level-1 auxiliary file: ch_introduction.aux
A level-1 auxiliary file: ch_definitions.aux
A level-1 auxiliary file: ch_formats.aux
A level-1 auxiliary file: ch_smallalgs.aux
A level-1 auxiliary file: ch_fma.aux
A level-1 auxiliary file: ch_summation.aux
A level-1 auxiliary file: ch_languages.aux
A level-1 auxiliary file: ch_algorithms.aux
A level-1 auxiliary file: ch_hard.aux
A level-1 auxiliary file: ch_soft.aux
A level-1 auxiliary file: ch_elemfun.aux
A level-1 auxiliary file: ch_correctrounding.aux
A level-1 auxiliary file: ch_certifying.aux
A level-1 auxiliary file: ch_extending.aux
A level-1 auxiliary file: ch_nttools.aux
The style file: plain.bst
==13096== Use of uninitialised value of size 8
==13096== at 0x40F410: (within /usr/bin/bibtex)
==13096== by 0x41237C: (within /usr/bin/bibtex)
==13096== by 0x412675: (within /usr/bin/bibtex)
==13096== by 0x52DD5A5: (below main) (libc-start.c:222)
Database file #1: biblio.bib
==13096==
==13096== Use of uninitialised value of size 8
==13096== at 0x40D80D: (within /usr/bin/bibtex)
==13096== by 0x40EE41: (within /usr/bin/bibtex)
==13096== by 0x40F784: (within /usr/bin/bibtex)
==13096== by 0x412374: (within /usr/bin/bibtex)
==13096== by 0x412675: (within /usr/bin/bibtex)
==13096== by 0x52DD5A5: (below main) (libc-start.c:222)
==13096==
==13096== Use of uninitialised value of size 8
==13096== at 0x40D80D: (within /usr/bin/bibtex)
==13096== by 0x40DD74: (within /usr/bin/bibtex)
==13096== by 0x40E19F: (within /usr/bin/bibtex)
==13096== by 0x40EF29: (within /usr/bin/bibtex)
==13096== by 0x40F784: (within /usr/bin/bibtex)
==13096== by 0x412374: (within /usr/bin/bibtex)
==13096== by 0x412675: (within /usr/bin/bibtex)
==13096== by 0x52DD5A5: (below main) (libc-start.c:222)
==13096==
==13096== Invalid write of size 1
==13096== at 0x407224: (within /usr/bin/bibtex)
==13096== by 0x40BE14: (within /usr/bin/bibtex)
==13096== by 0x40BB14: (within /usr/bin/bibtex)
==13096== by 0x40BF31: (within /usr/bin/bibtex)
==13096== by 0x40BB14: (within /usr/bin/bibtex)
==13096== by 0x40BB14: (within /usr/bin/bibtex)
==13096== by 0x40BB14: (within /usr/bin/bibtex)
==13096== by 0x4109E1: (within /usr/bin/bibtex)
==13096== by 0x412374: (within /usr/bin/bibtex)
==13096== by 0x412675: (within /usr/bin/bibtex)
==13096== by 0x52DD5A5: (below main) (libc-start.c:222)
==13096== Address 0x56e4b21 is 0 bytes after a block of size 65,001 alloc'd
==13096== at 0x4C2391E: malloc (vg_replace_malloc.c:207)
==13096== by 0x4E34AC4: xmalloc (in /usr/lib/libkpathsea.so.4.0.0)
==13096== by 0x411FDD: (within /usr/bin/bibtex)
==13096== by 0x412675: (within /usr/bin/bibtex)
==13096== by 0x52DD5A5: (below main) (libc-start.c:222)
==13096==
==13096== Invalid read of size 1
==13096== at 0x404959: (within /usr/bin/bibtex)
==13096== by 0x4073C4: (within /usr/bin/bibtex)
==13096== by 0x40BE44: (within /usr/bin/bibtex)
==13096== by 0x40BB14: (within /usr/bin/bibtex)
==13096== by 0x40BB14: (within /usr/bin/bibtex)
==13096== by 0x40BB14: (within /usr/bin/bibtex)
==13096== by 0x4109E1: (within /usr/bin/bibtex)
==13096== by 0x412374: (within /usr/bin/bibtex)
==13096== by 0x412675: (within /usr/bin/bibtex)
==13096== by 0x52DD5A5: (below main) (libc-start.c:222)
==13096== Address 0x56e4b21 is 0 bytes after a block of size 65,001 alloc'd
==13096== at 0x4C2391E: malloc (vg_replace_malloc.c:207)
==13096== by 0x4E34AC4: xmalloc (in /usr/lib/libkpathsea.so.4.0.0)
==13096== by 0x411FDD: (within /usr/bin/bibtex)
==13096== by 0x412675: (within /usr/bin/bibtex)
==13096== by 0x52DD5A5: (below main) (libc-start.c:222)
Warning--empty institution in SebGou02
Warning--empty note in Gonnet2002
Warning--empty publisher in Newton1664
Warning--empty institution in SunInterval2002
Warning--empty note in May2008
Warning--empty note in Bernstein2001
(There were 6 warnings)
==13096==
==13096== ERROR SUMMARY: 48 errors from 5 contexts (suppressed: 8 from 1)
==13096== malloc/free: in use at exit: 2,513,533 bytes in 63,901 blocks.
==13096== malloc/free: 101,217 allocs, 37,316 frees, 5,395,297 bytes allocated.
==13096== For counts of detected errors, rerun with: -v
==13096== Use --track-origins=yes to see where uninitialised values come from
==13096== searching for pointers to 63,901 not-freed blocks.
==13096== checked 2,330,952 bytes.
==13096==
==13096== LEAK SUMMARY:
==13096== definitely lost: 2,176 bytes in 133 blocks.
==13096== possibly lost: 0 bytes in 0 blocks.
==13096== still reachable: 2,511,357 bytes in 63,768 blocks.
==13096== suppressed: 0 bytes in 0 blocks.
==13096== Rerun with --leak-check=full to see details of leaked memory.
--
Vincent Lefèvre <vincent@vinc17.org> - Web: <http://www.vinc17.org/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.org/blog/>
Work: CR INRIA - computer arithmetic / Arenaire project (LIP, ENS-Lyon)
Reply to: