Bug#207545: marked as done (malloc bug in the most recent libc6?)
Your message dated 29 Aug 2003 18:28:06 +0100
with message-id <1062178086.26047.7.camel@kc.cam.armlinux.org>
and subject line #207545: malloc bug in the most recent libc6?
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 27 Aug 2003 20:07:09 +0000
>From ladanyi@us.ibm.com Wed Aug 27 15:07:06 2003
Return-path: <ladanyi@us.ibm.com>
Received: from igw2.watson.ibm.com [129.34.20.6]
by master.debian.org with esmtp (Exim 3.35 1 (Debian))
id 19s6ZM-0005FF-00; Wed, 27 Aug 2003 15:07:05 -0500
Received: from sp1n293en1.watson.ibm.com (sp1n293en1.watson.ibm.com [9.2.112.57])
by igw2.watson.ibm.com (8.11.7/8.11.4) with ESMTP id h7RK4YR21042
for <submit@bugs.debian.org>; Wed, 27 Aug 2003 16:04:34 -0400
Received: from oslpp.watson.ibm.com (localhost [127.0.0.1])
by sp1n293en1.watson.ibm.com (8.11.7/8.11.7) with ESMTP id h7RK72C39592
for <submit@bugs.debian.org>; Wed, 27 Aug 2003 16:07:02 -0400
Received: from localhost (ladanyi@localhost)
by oslpp.watson.ibm.com (AIX4.3/8.9.3p2/8.9.3/09-18-2002) with ESMTP id QAA24754
for <submit@bugs.debian.org>; Wed, 27 Aug 2003 16:07:01 -0400
X-Authentication-Warning: oslpp.watson.ibm.com: ladanyi owned process doing -bs
Date: Wed, 27 Aug 2003 16:07:00 -0400 (EDT)
From: Laszlo Ladanyi <ladanyi@us.ibm.com>
X-Sender: ladanyi@oslpp.watson.ibm.com
To: submit@bugs.debian.org
Subject: malloc bug in the most recent libc6?
Message-ID: <[🔎] Pine.A41.4.21.0308271545430.27580-100000@oslpp.watson.ibm.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Delivered-To: submit@bugs.debian.org
X-Spam-Status: No, hits=-4.4 required=4.0
tests=BAYES_30,HAS_PACKAGE,HTML_MESSAGE,X_AUTH_WARNING
version=2.53-bugs.debian.org_2003_8_27
X-Spam-Level:
X-Spam-Checker-Version: SpamAssassin 2.53-bugs.debian.org_2003_8_27 (1.174.2.15-2003-03-30-exp)
Package: libc6
Version: 2.3.2-3
Severity: important
I'm using Debian unstable, customized kernel 2.4.21-ac1, libc6 2.3.2-3.
The error occurs with Citrix ICAClient 6.30. It starts then stops with a
segmentation fault. The reason I think this is a fault in libc6 is that
a) it did not happen before
b) if I run ICAClient with LD_PRELOAD=/usr/lib/libefence.so then the code runs
without any problem.
This leads me to believe that there is a problem with malloc in libc6.
I have appended more info below.
Thanks,
--Laci
LD_PRELOAD'ing /usr/lib/debug/libc.so.6 and running the code in gdb gives the
following backtrace:
(gdb) bt
#0 0x40071551 in _IO_seekpos_unlocked (fp=0x81f3fb0, pos=366, mode=3)
at ioseekpos.c:46
#1 0x40077b46 in _IO_old_fsetpos (fp=0x81f3fb0, posp=0x0) at oldiofsetpos.c:42
#2 0x0808f2e1 in _start ()
#3 0x081f3fb0 in ?? ()
#4 0xbffff444 in ?? ()
#5 0x00000018 in ?? ()
#6 0x4012b09c in main_arena () from /usr/lib/debug/libc.so.6
#7 0x081f4020 in ?? ()
#8 0x081f4020 in ?? ()
#9 0xbffff5b4 in ?? ()
#10 0x4012b040 in __libc_tsd_MALLOC_data () from /usr/lib/debug/libc.so.6
#11 0x4012b040 in __libc_tsd_MALLOC_data () from /usr/lib/debug/libc.so.6
#12 0x4012b040 in __libc_tsd_MALLOC_data () from /usr/lib/debug/libc.so.6
#13 0xbffff488 in ?? ()
#14 0x00000001 in ?? ()
#15 0x00000017 in ?? ()
#16 0x0000016e in ?? ()
#17 0x4b32575b in ?? ()
#18 0x72655320 in ?? ()
#19 0x20726576 in ?? ()
#20 0x34323031 in ?? ()
#21 0x38363778 in ?? ()
#22 0x4000005d in ?? ()
#23 0x4012b09c in main_arena () from /usr/lib/debug/libc.so.6
#24 0x4012b040 in __libc_tsd_MALLOC_data () from /usr/lib/debug/libc.so.6
#25 0x4012b040 in __libc_tsd_MALLOC_data () from /usr/lib/debug/libc.so.6
#26 0x081f4060 in ?? ()
#27 0x00000001 in ?? ()
#28 0x00000208 in ?? ()
#29 0x4012b040 in __libc_tsd_MALLOC_data () from /usr/lib/debug/libc.so.6
#30 0x4012a5d0 in __DTOR_END__ () from /usr/lib/debug/libc.so.6
#31 0x4012b040 in __libc_tsd_MALLOC_data () from /usr/lib/debug/libc.so.6
#32 0x4012b040 in __libc_tsd_MALLOC_data () from /usr/lib/debug/libc.so.6
#33 0xbffff4b8 in ?? ()
#34 0x4007ecbe in __libc_malloc (bytes=136265832) at malloc.c:3292
#35 0x0808f425 in _start ()
#36 0x081f4068 in ?? ()
#37 0xbffff5b4 in ?? ()
#38 0x00000200 in ?? ()
#39 0x40084ccb in *__GI___strcasecmp (
s1=0xbffff5b4 "?\037\bApplicationServers", s2=0x81f4020 "")
at ../sysdeps/generic/strcasecmp.c:55
#40 0x0808f537 in _start ()
#41 0xbffff5b4 in ?? ()
#42 0x081f4020 in ?? ()
#43 0x081ee778 in ?? ()
#44 0x401c281c in widgetClassRec () from /usr/X11R6/lib/libXt.so.6
#45 0xbffff8a0 in ?? ()
#46 0x00000001 in ?? ()
#47 0x0804f400 in ?? ()
#48 0x00000001 in ?? ()
#49 0x401c47b0 in ?? () from /usr/X11R6/lib/libXt.so.6
#50 0x081f3fb0 in ?? ()
#51 0x6c707041 in ?? ()
#52 0x74616369 in ?? ()
#53 0x536e6f69 in ?? ()
#54 0x65767265 in ?? ()
#55 0x00007372 in ?? ()
#56 0x2a2a0000 in ?? ()
#57 0x2a2a2a2a in ?? ()
#58 0x2a2a2a2a in ?? ()
#59 0x2a2a2a2a in ?? ()
#60 0x2a2a2a2a in ?? ()
#61 0x2a2a2a2a in ?? ()
#62 0x2a2a2a2a in ?? ()
#63 0x2a2a2a2a in ?? ()
#64 0x2a2a2a2a in ?? ()
#65 0x2a2a2a2a in ?? ()
#66 0x2a2a2a2a in ?? ()
#67 0x2a2a2a2a in ?? ()
#68 0x2a2a2a2a in ?? ()
#69 0x2a2a2a2a in ?? ()
#70 0x002a2a2a in ?? ()
#71 0x401dcc00 in ?? () from /usr/X11R6/lib/libX11.so.6
#72 0x03709994 in ?? ()
#73 0x401d9e3c in ?? () from /usr/X11R6/lib/libX11.so.6
#74 0xbffff688 in ?? ()
#75 0x40012f88 in ?? ()
#76 0x0000000a in ?? ()
#77 0x00000001 in ?? ()
(gdb)
The value of *fp at the time of the crash is:
(gdb) p *fp
$2 = {_flags = -72539000,
_IO_read_ptr = 0x4029002c "WinStationDriver=ICA 3.0\nTransportDriver=TCP/IP\nDisableCtrlAltDel=On\nDoNotUseDefaultCSL=On\nLocTcpBrowserAddress=ica.watson.ibm.com\nSSLEnable=Off\nBrowserProtocol=UDP\nEncryptionLevelSession=Basic\nCompre"...,
_IO_read_end = 0x402901d7 "tCSL=On\nLocTcpBrowserAddress=ica.watson.ibm.com\nSSLEnable=Off\nBrowserProtocol=UDP\nEncryptionLevelSession=Basic\nCompress=On\nTransportReconnectDefault=True\nProxyType=None\nProxyUseDefault=Off\nAudioBandwi"...,
_IO_read_base = 0x40290000 "W2K Server 1024x768=\n\n[W2K Server 1024x768]\nWinStationDriver=ICA 3.0\nTransportDriver=TCP/IP\nDisableCtrlAltDel=On\nDoNotUseDefaultCSL=On\nLocTcpBrowserAddress=ica.watson.ibm.com\nSSLEnable=Off\nBrowserProt"...,
_IO_write_base = 0x40290000 "W2K Server 1024x768=\n\n[W2K Server 1024x768]\nWinStationDriver=ICA 3.0\nTransportDriver=TCP/IP\nDisableCtrlAltDel=On\nDoNotUseDefaultCSL=On\nLocTcpBrowserAddress=ica.watson.ibm.com\nSSLEnable=Off\nBrowserProt"...,
_IO_write_ptr = 0x40290000 "W2K Server 1024x768=\n\n[W2K Server 1024x768]\nWinStationDriver=ICA 3.0\nTransportDriver=TCP/IP\nDisableCtrlAltDel=On\nDoNotUseDefaultCSL=On\nLocTcpBrowserAddress=ica.watson.ibm.com\nSSLEnable=Off\nBrowserProt"...,
_IO_write_end = 0x40290000 "W2K Server 1024x768=\n\n[W2K Server 1024x768]\nWinStationDriver=ICA 3.0\nTransportDriver=TCP/IP\nDisableCtrlAltDel=On\nDoNotUseDefaultCSL=On\nLocTcpBrowserAddress=ica.watson.ibm.com\nSSLEnable=Off\nBrowserProt"...,
_IO_buf_base = 0x40290000 "W2K Server 1024x768=\n\n[W2K Server 1024x768]\nWinStationDriver=ICA 3.0\nTransportDriver=TCP/IP\nDisableCtrlAltDel=On\nDoNotUseDefaultCSL=On\nLocTcpBrowserAddress=ica.watson.ibm.com\nSSLEnable=Off\nBrowserProt"...,
_IO_buf_end = 0x40291000 <Address 0x40291000 out of bounds>,
_IO_save_base = 0x0, _IO_backup_base = 0x0, _IO_save_end = 0x0,
_markers = 0x0, _chain = 0x81a3570, _fileno = 10, _flags2 = 0,
_old_offset = 815, _cur_column = 0, _vtable_offset = -72 '',
_shortbuf = "", _lock = 0x81f4000, _offset = 72057590817911104,
_codecvt = 0x0, _wide_data = 0x0, _mode = 1,
_unused2 = "\000\000\000\000\000\000\000\000\000!\000\000\000\000\000\000\000@@\037\b \000\000\000h@\037\b\000\000\000\000\000\002\000\000\000)\000\000\000Appl"}
(gdb)
---------------------------------------
Received: (at 207545-done) by bugs.debian.org; 29 Aug 2003 17:28:10 +0000
>From philb@gnu.org Fri Aug 29 12:28:07 2003
Return-path: <philb@gnu.org>
Received: from pc2-cmbg4-3-cust239.cmbg.cable.ntl.com (kc.cam.armlinux.org) [81.96.69.239]
by master.debian.org with esmtp (Exim 3.35 1 (Debian))
id 19sn2d-0002Y2-00; Fri, 29 Aug 2003 12:28:07 -0500
Received: from localhost ([127.0.0.1])
by kc.cam.armlinux.org with esmtp (Exim 3.36 #1 (Debian))
id 19sn2c-0006mm-00
for <207545-done@bugs.debian.org>; Fri, 29 Aug 2003 18:28:06 +0100
Subject: Re: #207545: malloc bug in the most recent libc6?
From: Philip Blundell <philb@gnu.org>
To: 207545-done@bugs.debian.org
Content-Type: text/plain
Message-Id: <1062178086.26047.7.camel@kc.cam.armlinux.org>
Mime-Version: 1.0
X-Mailer: Ximian Evolution 1.4.3
Date: 29 Aug 2003 18:28:06 +0100
Content-Transfer-Encoding: 7bit
Delivered-To: 207545-done@bugs.debian.org
X-Spam-Status: No, hits=-2.0 required=4.0
tests=BAYES_01,USER_AGENT_XIMIAN
version=2.53-bugs.debian.org_2003_8_27
X-Spam-Level:
X-Spam-Checker-Version: SpamAssassin 2.53-bugs.debian.org_2003_8_27 (1.174.2.15-2003-03-30-exp)
I believe this problem was fixed in glibc 2.3.2-4. Please try that
version and reopen this bug if the problem persists.
p.
Reply to: