Bug#593558: libffi-dev: ffi_call segfault: read beyond the heap, allocated for return value
В Sat, 23 Apr 2011 11:17:31 +0200
Matthias Klose <doko@debian.org> пишет:
> please could you recheck with libffi 3.0.10~rc8 from experimental?
works perfectly on amd64, but still segfault on i686
compiling with libffi-dev 3.0.10~rc8, linking with libffi6 3.0.10~rc8
amd64: silent valgrind, right return value
i686: crashes with similar output:
$ uname -m
i686
$ valgrind --track-origins=yes ./test
==1381== Memcheck, a memory error detector
==1381== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al.
==1381== Using Valgrind-3.6.0.SVN-Debian and LibVEX; rerun with -h for
copyright info ==1381== Command: ./test
==1381==
just before...
==1381== Conditional jump or move depends on uninitialised value(s)
==1381== at 0x4086857: u8_mbtoucr (in /usr/lib/libunistring.so.0.1.2)
==1381== by 0x4086318: u8_mbsnlen (in /usr/lib/libunistring.so.0.1.2)
==1381== by 0x4043301: ffi_call_SYSV (in /usr/lib/libffi.so.6.0.0)
==1381== by 0x40430BD: ffi_call (in /usr/lib/libffi.so.6.0.0)
==1381== by 0x804892C: main (in /home/ygrex/devel/test)
==1381== Uninitialised value was created by a heap allocation
==1381== at 0x4023F50: malloc (vg_replace_malloc.c:236)
==1381== by 0x8048872: main (in /home/ygrex/devel/test)
==1381==
==1381== Invalid read of size 1
==1381== at 0x4086852: u8_mbtoucr (in /usr/lib/libunistring.so.0.1.2)
==1381== by 0x4086318: u8_mbsnlen (in /usr/lib/libunistring.so.0.1.2)
==1381== by 0x4043301: ffi_call_SYSV (in /usr/lib/libffi.so.6.0.0)
==1381== by 0x40430BD: ffi_call (in /usr/lib/libffi.so.6.0.0)
==1381== by 0x804892C: main (in /home/ygrex/devel/test)
==1381== Address 0x429b0ec is 0 bytes after a block of size 4 alloc'd
==1381== at 0x4023F50: malloc (vg_replace_malloc.c:236)
==1381== by 0x8048872: main (in /home/ygrex/devel/test)
==1381==
==1381==
==1381== Process terminating with default action of signal 11 (SIGSEGV)
==1381== Access not within mapped region at address 0x469B000
==1381== at 0x4086852: u8_mbtoucr (in /usr/lib/libunistring.so.0.1.2)
==1381== by 0x4086318: u8_mbsnlen (in /usr/lib/libunistring.so.0.1.2)
==1381== by 0x4043301: ffi_call_SYSV (in /usr/lib/libffi.so.6.0.0)
==1381== by 0x40430BD: ffi_call (in /usr/lib/libffi.so.6.0.0)
==1381== by 0x804892C: main (in /home/ygrex/devel/test)
==1381== If you believe this happened as a result of a stack
==1381== overflow in your program's main thread (unlikely but
==1381== possible), you can try to increase the size of the
==1381== main thread stack using the --main-stacksize= flag.
==1381== The main thread stack size used in this run was 8388608.
==1381==
==1381== HEAP SUMMARY:
==1381== in use at exit: 52 bytes in 5 blocks
==1381== total heap usage: 5 allocs, 0 frees, 52 bytes allocated
==1381==
==1381== LEAK SUMMARY:
==1381== definitely lost: 0 bytes in 0 blocks
==1381== indirectly lost: 0 bytes in 0 blocks
==1381== possibly lost: 0 bytes in 0 blocks
==1381== still reachable: 52 bytes in 5 blocks
==1381== suppressed: 0 bytes in 0 blocks
==1381== Rerun with --leak-check=full to see details of leaked memory
==1381==
==1381== For counts of detected and suppressed errors, rerun with: -v
==1381== ERROR SUMMARY: 4194065 errors from 2 contexts (suppressed: 16
from 7)
Segmentation fault
Reply to: