Bug#203921: marked as done (libc6: mallopt segfaults)
Your message dated Sun, 3 Aug 2003 01:24:45 +0200
with message-id <20030802232445.GA13883@informatik.uni-freiburg.de>
and subject line Bug#203921: libc6: mallopt segfaults
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 2 Aug 2003 19:19:39 +0000
>From zeisberg@informatik.uni-freiburg.de Sat Aug 02 14:19:37 2003
Return-path: <zeisberg@informatik.uni-freiburg.de>
Received: from avalon.informatik.uni-freiburg.de [132.230.150.1]
by master.debian.org with esmtp (Exim 3.35 1 (Debian))
id 19j1ui-0001Fo-00; Sat, 02 Aug 2003 14:19:36 -0500
Received: from auriga.informatik.uni-freiburg.de (auriga.informatik.uni-freiburg.de [132.230.151.12])
by avalon.informatik.uni-freiburg.de (8.9.3p2/8.9.0) with ESMTP id VAA17269
for <submit@bugs.debian.org>; Sat, 2 Aug 2003 21:19:39 +0200 (MET DST)
Received: (from zeisberg@localhost)
by auriga.informatik.uni-freiburg.de (8.11.6p2/8.9.0) id h72JJXE14024
for submit@bugs.debian.org; Sat, 2 Aug 2003 21:19:33 +0200 (MEST)
Date: Sat, 2 Aug 2003 21:19:33 +0200
From: Uwe Zeisberger <zeisberg@informatik.uni-freiburg.de>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: libc6: mallopt segfaults
Message-ID: <[🔎] 20030802191933.GA12440@informatik.uni-freiburg.de>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="cNdxnHkX5QqsyA0e"
Content-Disposition: inline
User-Agent: Mutt/1.4.1i
Delivered-To: submit@bugs.debian.org
X-Spam-Status: No, hits=-10.3 required=4.0
tests=HAS_PACKAGE,PENISACCENT,PGP_SIGNATURE_2,USER_AGENT_MUTT
autolearn=ham version=2.53-bugs.debian.org_2003_07_20
X-Spam-Level:
X-Spam-Checker-Version: SpamAssassin 2.53-bugs.debian.org_2003_07_20 (1.174.2.15-2003-03-30-exp)
--cNdxnHkX5QqsyA0e
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Package: libc6
Version: 2.3.1-17
Severity: normal
Tags: upstream
while playing xblast[1], the program fails irregular with a segfault.
Here is a sample output of xblast started in gdb:
----------------------------->8-----------------------
Program received signal SIGSEGV, Segmentation fault.
0x4014d417 in mallopt () from /lib/libc.so.6
(gdb) bt
#0 0x4014d417 in mallopt () from /lib/libc.so.6
#1 0x4014ce37 in mallopt () from /lib/libc.so.6
#2 0x4014c0fc in malloc () from /lib/libc.so.6
#3 0x0804b0ec in ReadPpmFile (path=3D0x80823c0 "image/block",
filename=3D0x8080644 "score_right_up", width=3D0xbffffa94, height=3D0xb=
ffffa90)
at util.c:464
#4 0x0807a3f3 in ReadCchPixmap (path=3D0x80823c0 "image/block",
filename=3D0x8080644 "score_right_up", fg=3D0, bg=3D23323, add=3D0)
at x11c_image.c:292
#5 0x0807be18 in GUI_LoadBlockCch (id=3D0, name=3D0x8080644 "score_right_u=
p",
fg=3D0, bg=3D23323, add=3D0) at x11c_tile.c:226
#6 0x0804e2db in ConfigScoreGraphics (data=3D0x80806c0) at map.c:306
#7 0x0804d28c in ShowScoreBoard (lastTeam=3D0, maxNumWins=3D4, numPlayers=
=3D2,
playerStat=3D0x811daa0, timeOut=3DXBTrue) at intro.c:799
#8 0x0805e0e9 in RunClientGame (hostType=3DXBPH_Client1) at game_client.c:=
337
#9 0x0804a766 in main (argc=3D1, argv=3D0xbffffd44) at xblast.c:98
----------------------------->8-----------------------
I don't think, it's important, but util.c:464ff [2] are:
if (NULL =3D=3D (ppm =3D malloc (nPixel * sizeof(char) ) ) ) {
goto Error;
}
Repeating the test, the segfault happens not always in
malloc/ReadPpmFile but always in mallopt.
The last game ended in
#0 0x4014e2a9 in mallopt () from /lib/libc.so.6
#1 0x4014d281 in free () from /lib/libc.so.6
#2 0x08054e4a in DelExplosion (ptr=3D0x81651e8) at bomb.c:571
=2E..
The game before died in a calloc.
As in most cases the error occurs in malloc, i think, that's not a
problem of xblast but of libc.
On Solaris this problem didn't occur until now. On a Gentoo linux
maschine with the same version of libc (i.e. 2.3.1), xblast segfaults,
too. (On that maschine exists no gdb and I didn't feel like installing
it - so _maybe_ it's an other reason there.)
I don't dare to debug the memory functions of libc, so I deliver no
patch.
Maybe this has something to do with bug #202969? I'm not sure, because
`my' error occurs in mallopt, not in free or malloc directly. Moreover
I'm not able to reproduce the bug starting gimp and repeatedly open the
open dialog.
Setting (as described in [3]) LANG=3Den_US or defining LC_COLLATE didn't
help.
Regards
Uwe
[1] from package:
http://luc.saillard.free.fr/XBlast-TNT/debian/xblast-tnt_2.38-pl4-1_i38=
6.deb
[2] supposing the package was build using
http://luc.saillard.free.fr/XBlast-TNT/sources/XBlast-TNT-2.38-pl4.tar.=
bz2
[3] http://lists.debian.org/debian-gtk-gnome/2003/debian-gtk-gnome-200307/m=
sg00128.html
-- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux cepheus 2.4.21-ac1 #1 Tue Jun 17 11:42:40 CEST 2003 i686
Locale: LANG=3DC, LC_CTYPE=3DC
Versions of packages libc6 depends on:
ii libdb1-compat 2.1.3-7 The Berkeley database
routines [gl
-- no debconf information
--=20
Uwe Zeisberger
$ dc << EOF
[d1-d1<a]sa99d1<a1[rdn555760928P*pz1<a]salax
EOF
--cNdxnHkX5QqsyA0e
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
iD8DBQE/LA7F6suMTIUe0hYRAqOIAKC6/bkpWi7Rqd74on+Ey56aEBdhCQCePIDa
ZiUvlVwETqdRuF2Mg/zxXvk=
=6d3j
-----END PGP SIGNATURE-----
--cNdxnHkX5QqsyA0e--
---------------------------------------
Received: (at 203921-done) by bugs.debian.org; 2 Aug 2003 23:25:00 +0000
>From zeisberg@informatik.uni-freiburg.de Sat Aug 02 18:24:49 2003
Return-path: <zeisberg@informatik.uni-freiburg.de>
Received: from avalon.informatik.uni-freiburg.de [132.230.150.1]
by master.debian.org with esmtp (Exim 3.35 1 (Debian))
id 19j5k1-0006Df-00; Sat, 02 Aug 2003 18:24:49 -0500
Received: from auriga.informatik.uni-freiburg.de (auriga.informatik.uni-freiburg.de [132.230.151.12])
by avalon.informatik.uni-freiburg.de (8.9.3p2/8.9.0) with ESMTP id BAA25619;
Sun, 3 Aug 2003 01:24:53 +0200 (MET DST)
Received: (from zeisberg@localhost)
by auriga.informatik.uni-freiburg.de (8.11.6p2/8.9.0) id h72NOjH20128;
Sun, 3 Aug 2003 01:24:45 +0200 (MEST)
Date: Sun, 3 Aug 2003 01:24:45 +0200
From: Uwe Zeisberger <zeisberg@informatik.uni-freiburg.de>
To: 203921-done@bugs.debian.org
Cc: Daniel Jacobowitz <dan@debian.org>
Subject: Re: Bug#203921: libc6: mallopt segfaults
Message-ID: <20030802232445.GA13883@informatik.uni-freiburg.de>
References: <[🔎] 20030802191933.GA12440@informatik.uni-freiburg.de> <[🔎] 20030802194231.GA27325@nevyn.them.org>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="X1bOJ3K7DJ5YkBrT"
Content-Disposition: inline
In-Reply-To: <[🔎] 20030802194231.GA27325@nevyn.them.org>
User-Agent: Mutt/1.4.1i
Delivered-To: 203921-done@bugs.debian.org
X-Spam-Status: No, hits=-19.9 required=4.0
tests=BAYES_10,IN_REP_TO,PGP_SIGNATURE_2,QUOTED_EMAIL_TEXT,
QUOTE_TWICE_1,REFERENCES,REPLY_WITH_QUOTES,USER_AGENT_MUTT
autolearn=ham version=2.53-bugs.debian.org_2003_07_20
X-Spam-Level:
X-Spam-Checker-Version: SpamAssassin 2.53-bugs.debian.org_2003_07_20 (1.174.2.15-2003-03-30-exp)
--X1bOJ3K7DJ5YkBrT
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
> Have you tried using a memory debugger - valgrind for instance?=20
Now I did and the error was indeed in xblast, not in libc.
Sorry my mistake, it doesn't came to my mind, that a malloc could fail
with a segfault and that the calling program is guilty for.=20
Daniel: thanks for the clue.
> >=20
> > ----------------------------->8-----------------------
> >=20
> > Program received signal SIGSEGV, Segmentation fault.
> > 0x4014d417 in mallopt () from /lib/libc.so.6
> > (gdb) bt
> > #0 0x4014d417 in mallopt () from /lib/libc.so.6
> > #1 0x4014ce37 in mallopt () from /lib/libc.so.6
> > #2 0x4014c0fc in malloc () from /lib/libc.so.6
> > #3 0x0804b0ec in ReadPpmFile (path=3D0x80823c0 "image/block",
> > filename=3D0x8080644 "score_right_up", width=3D0xbffffa94, height=
=3D0xbffffa90)
> > at util.c:464
> > #4 0x0807a3f3 in ReadCchPixmap (path=3D0x80823c0 "image/block",
> > filename=3D0x8080644 "score_right_up", fg=3D0, bg=3D23323, add=3D0)
> > at x11c_image.c:292
> > #5 0x0807be18 in GUI_LoadBlockCch (id=3D0, name=3D0x8080644 "score_rig=
ht_up",
> > fg=3D0, bg=3D23323, add=3D0) at x11c_tile.c:226
> > #6 0x0804e2db in ConfigScoreGraphics (data=3D0x80806c0) at map.c:306
> > #7 0x0804d28c in ShowScoreBoard (lastTeam=3D0, maxNumWins=3D4, numPlay=
ers=3D2,
> > playerStat=3D0x811daa0, timeOut=3DXBTrue) at intro.c:799
> > #8 0x0805e0e9 in RunClientGame (hostType=3DXBPH_Client1) at game_clien=
t.c:337
> > #9 0x0804a766 in main (argc=3D1, argv=3D0xbffffd44) at xblast.c:98
> >=20
> > ----------------------------->8-----------------------
--=20
Uwe Zeisberger
If a lawyer and an IRS agent were both drowning, and you could only save
one of them, would you go to lunch or read the paper?
--X1bOJ3K7DJ5YkBrT
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
iD8DBQE/LEg96suMTIUe0hYRAqIIAJ43grXP93s9RlQF2LKdUBrWdaKgFACg1Cp+
qCE1KxzQD7J4qgNa5RaF+Ig=
=C1oV
-----END PGP SIGNATURE-----
--X1bOJ3K7DJ5YkBrT--
Reply to: