[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#593558: libffi-dev: ffi_call segfault: read beyond the heap, allocated for return value

В Sat, 23 Apr 2011 11:17:31 +0200
Matthias Klose <doko@debian.org> пишет:

> please could you recheck with libffi 3.0.10~rc8 from experimental?

works perfectly on amd64, but still segfault on i686

compiling with libffi-dev 3.0.10~rc8, linking with libffi6 3.0.10~rc8

amd64: silent valgrind, right return value

i686: crashes with similar output:

$ uname -m
i686

$ valgrind --track-origins=yes ./test
==1381== Memcheck, a memory error detector
==1381== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al.
==1381== Using Valgrind-3.6.0.SVN-Debian and LibVEX; rerun with -h for
copyright info ==1381== Command: ./test
==1381==
just before...
==1381== Conditional jump or move depends on uninitialised value(s)
==1381==    at 0x4086857: u8_mbtoucr (in /usr/lib/libunistring.so.0.1.2)
==1381==    by 0x4086318: u8_mbsnlen (in /usr/lib/libunistring.so.0.1.2)
==1381==    by 0x4043301: ffi_call_SYSV (in /usr/lib/libffi.so.6.0.0)
==1381==    by 0x40430BD: ffi_call (in /usr/lib/libffi.so.6.0.0)
==1381==    by 0x804892C: main (in /home/ygrex/devel/test)
==1381==  Uninitialised value was created by a heap allocation
==1381==    at 0x4023F50: malloc (vg_replace_malloc.c:236)
==1381==    by 0x8048872: main (in /home/ygrex/devel/test)
==1381==
==1381== Invalid read of size 1
==1381==    at 0x4086852: u8_mbtoucr (in /usr/lib/libunistring.so.0.1.2)
==1381==    by 0x4086318: u8_mbsnlen (in /usr/lib/libunistring.so.0.1.2)
==1381==    by 0x4043301: ffi_call_SYSV (in /usr/lib/libffi.so.6.0.0)
==1381==    by 0x40430BD: ffi_call (in /usr/lib/libffi.so.6.0.0)
==1381==    by 0x804892C: main (in /home/ygrex/devel/test)
==1381==  Address 0x429b0ec is 0 bytes after a block of size 4 alloc'd
==1381==    at 0x4023F50: malloc (vg_replace_malloc.c:236)
==1381==    by 0x8048872: main (in /home/ygrex/devel/test)
==1381==
==1381==
==1381== Process terminating with default action of signal 11 (SIGSEGV)
==1381==  Access not within mapped region at address 0x469B000
==1381==    at 0x4086852: u8_mbtoucr (in /usr/lib/libunistring.so.0.1.2)
==1381==    by 0x4086318: u8_mbsnlen (in /usr/lib/libunistring.so.0.1.2)
==1381==    by 0x4043301: ffi_call_SYSV (in /usr/lib/libffi.so.6.0.0)
==1381==    by 0x40430BD: ffi_call (in /usr/lib/libffi.so.6.0.0)
==1381==    by 0x804892C: main (in /home/ygrex/devel/test)
==1381==  If you believe this happened as a result of a stack
==1381==  overflow in your program's main thread (unlikely but
==1381==  possible), you can try to increase the size of the
==1381==  main thread stack using the --main-stacksize= flag.
==1381==  The main thread stack size used in this run was 8388608.
==1381==
==1381== HEAP SUMMARY:
==1381==     in use at exit: 52 bytes in 5 blocks
==1381==   total heap usage: 5 allocs, 0 frees, 52 bytes allocated
==1381==
==1381== LEAK SUMMARY:
==1381==    definitely lost: 0 bytes in 0 blocks
==1381==    indirectly lost: 0 bytes in 0 blocks
==1381==      possibly lost: 0 bytes in 0 blocks
==1381==    still reachable: 52 bytes in 5 blocks
==1381==         suppressed: 0 bytes in 0 blocks
==1381== Rerun with --leak-check=full to see details of leaked memory
==1381==
==1381== For counts of detected and suppressed errors, rerun with: -v
==1381== ERROR SUMMARY: 4194065 errors from 2 contexts (suppressed: 16
from 7)
Segmentation fault
Reply to: