[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#575954: marked as done ([fixed in 4.6] [amd64] GNAT.Expect.Non_Blocking_Spawn double free or corruption)

Your message dated Sun, 13 Jul 2014 01:38:55 +0000
with message-id <[🔎] E1X68kh-00076H-KM@franck.debian.org>
and subject line Bug#714577: Removed package(s) from unstable
has caused the Debian Bug report #575954,
regarding [fixed in 4.6] [amd64] GNAT.Expect.Non_Blocking_Spawn double free or corruption
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
575954: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575954
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: gnat-4.4
Version: 4.4.3-1
Severity: normal

Under some conditions, using GNAT.Expect.Non_Blocking_Spawn in
conjunction with GNAT.Expect.Close leads to memory corruption.

Given the following small reproducer:

--  expect_test.adb

with Ada.Text_IO;

with GNAT.Expect;
with GNAT.OS_Lib;
with GNAT.Regpat;

procedure Expect_Test is
   use GNAT.Expect;

   Fd       : Process_Descriptor;
   Command  : constant String := "./print_file";
   Arg_List : GNAT.OS_Lib.Argument_List (1 .. 0);
   Result   : Expect_Match;
   Match    : GNAT.Regpat.Match_Array (0 .. 0);
begin
   Non_Blocking_Spawn
     (Descriptor  => Fd,
      Command     => Command,
      Args        => Arg_List,
      Buffer_Size => 128,
      Err_To_Out  => True);

   Expect
     (Descriptor  => Fd,
      Result      => Result,
      Regexps     => Regexp_Array'
        (+"END TESTS(.*)FAILED",
         +"END TESTS(.*)PASSED"),
      Matched     => Match,
      Timeout     => 100000);
   Ada.Text_IO.Put_Line ("Terminated");
   Ada.Text_IO.Put_Line (Expect_Out (Descriptor => Fd));
   Ada.Text_IO.Put_Line ("Buffer len " &
                         Expect_Out (Descriptor => Fd)'Length'Img);
   Close (Descriptor => Fd);

exception
   when Process_Died =>
      Ada.Text_IO.Put_Line ("Process died");
      Ada.Text_IO.Put_Line (Expect_Out (Descriptor => Fd));
      Close (Descriptor => Fd);
end Expect_Test;

--  print_file.adb

with Ada.Text_IO;

procedure Print_File is
   Filename : constant String := "output";
   File     : Ada.Text_IO.File_Type;
begin
   Ada.Text_IO.Open (File => File,
                     Mode => Ada.Text_IO.In_File,
                     Name => Filename);

   while not Ada.Text_IO.End_Of_File (File => File) loop
      delay 0.001;
      Ada.Text_IO.Put_Line (Ada.Text_IO.Get_Line (File => File));
   end loop;

   Ada.Text_IO.Close (File => File);
end Print_File;

--  output
....................................................................
....................................................................
....................................................................

END TESTS...................................................: PASSED
--

Running the expect_test binary on amd64 results in memory corruption. As
it seems this only happens if the following conditions are met:

* the binary spawned produces more output than the expect buffer size

This should not matter because Non_Blocking_Spawn is expected to discard
old characters:

"The expect buffer associated with that process can contain at most
Buffer_Size characters. Older characters are simply discarded when this
buffer is full."

* the spawned binary uses file IO
* the code sleeps between the text output cycles

Tests:
* gnat 4.3.2-1.1 (lenny):
*** glibc detected *** ./obj/expect_test: double free or corruption
(!prev): 0x00000000006040a0 ***

* gnat 4.4.3-1 (unstable):
*** glibc detected *** ./obj/expect_test: free(): invalid next size
(fast): 0x0000000000605090 ***

The bug is also present with the tip of the gcc-4_4-branch (Subversion
revision 157750) from upstream (verified by Ludovic Brenta).

Full gdb backtrace with gnat 4.3.2-1.1 (lenny):

#0  0x00007f9502737ed5 in raise () from /lib/libc.so.6
No symbol table info available.
#1  0x00007f95027393f3 in abort () from /lib/libc.so.6
No symbol table info available.
#2  0x00007f9502774388 in __libc_message () from /lib/libc.so.6
No symbol table info available.
#3  0x00007f9502779928 in malloc_printerr () from /lib/libc.so.6
No symbol table info available.
#4  0x00007f950277ba36 in free () from /lib/libc.so.6
No symbol table info available.
#5  0x00007f9502ee53a5 in <__gnat_free> (ptr=6308000) at s-memory.adb:117
No locals.
#6  0x00007f9502e670af in gnat.expect.close (descriptor=@0x7fffffffbe50) at g-expect.adb:227
        current_filter = <value optimized out>
        next_filter = <value optimized out>
#7  0x0000000000402ff7 in _ada_expect_test ()
No locals.

The complete reproducer code can be downloaded at [1].

- reto

[1] - http://www.codelabs.ch/~reet/reproducers/gnat-expect.tar.bz2

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages gnat-4.4 depends on:
ii  gcc-4.4                   4.4.3-5        The GNU C compiler
ii  gnat-4.4-base             4.4.3-1        The GNU Compiler Collection (gnat
ii  libc6                     2.10.2-6       Embedded GNU C Library: Shared lib
ii  libc6-dev                 2.10.2-6       Embedded GNU C Library: Developmen
ii  libgcc1                   1:4.4.3-5      GCC support library
ii  libgmp3c2                 2:4.3.2+dfsg-1 Multiprecision arithmetic library
ii  libgnat-4.4               4.4.3-1        Runtime library for GNU Ada applic
ii  libgnatprj4.4             4.4.3-1        GNU Ada Project Manager
ii  libgnatvsn4.4             4.4.3-1        GNU Ada compiler version library
ii  libmpfr1ldbl              2.4.2-3        multiple precision floating-point

gnat-4.4 recommends no packages.

Versions of packages gnat-4.4 suggests:
pn  ada-reference-manual          <none>     (no description available)
pn  gnat-4.4-doc                  <none>     (no description available)

-- no debconf information

--- End Message ---
--- Begin Message --- 
Version: 4.4.6-6+rm

Dear submitter,

as the package gnat-4.4 has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/714577

The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmaster@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)

--- End Message ---
Reply to: