[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#264884: marked as done (globfree() double-frees)

Your message dated Mon, 27 Sep 2004 21:02:11 -0400
with message-id <E1CC6Nf-0005th-00@newraff.debian.org>
and subject line Bug#264884: fixed in glibc 2.3.2.ds1-17
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

Received: (at submit) by bugs.debian.org; 10 Aug 2004 19:34:06 +0000
>From licquia@progeny.com Tue Aug 10 12:34:06 2004
Return-path: <licquia@progeny.com>
Received: from jeffindy.licquia.org [] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1BucNq-0003qU-00; Tue, 10 Aug 2004 12:34:06 -0700
Received: from sentinel.licquia.org (unknown [])
	by jeffindy.licquia.org (Postfix) with ESMTP id 213921BB87
	for <submit@bugs.debian.org>; Tue, 10 Aug 2004 14:34:05 -0500 (EST)
Received: from server2.internal.licquia.org (server2.internal.licquia.org [])
	by sentinel.licquia.org (Postfix) with ESMTP id BA4CCD520
	for <submit@bugs.debian.org>; Tue, 10 Aug 2004 14:34:00 -0500 (EST)
Received: by server2.internal.licquia.org (Postfix, from userid 1000)
	id 3A79A10A6FE; Tue, 10 Aug 2004 14:33:59 -0500 (EST)
Received: from [] (laptop1.internal.licquia.org []) by
	server2.internal.licquia.org (tmda-ofmipd) with ESMTP;
	Tue, 10 Aug 2004 14:33:53 -0500 (EST)
Subject: globfree() double-frees
To: submit@bugs.debian.org
Content-Type: multipart/mixed; boundary="=-perGxb8PrZ9vxIFVr6vr"
Message-Id: <1092166421.2750.10.camel@laptop1>
Mime-Version: 1.0
X-Mailer: Ximian Evolution 1.4.6 
Date: Tue, 10 Aug 2004 14:33:42 -0500
From: Jeff Licquia <licquia@progeny.com>
X-Delivery-Agent: TMDA/1.0.3 (Seattle Slew)
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-5.5 required=4.0 tests=BAYES_30,HAS_PACKAGE 
	autolearn=no version=2.60-bugs.debian.org_2004_03_25

Content-Type: text/plain
Content-Transfer-Encoding: 7bit

Package: libc6
Version: 2.3.2.ds1-13
Severity: serious
Tags: patch

Certain kinds of problems in glob() result in a GLOB_ABORTED return
value.  In these circumstances, the glob_t passed in is likely to
contain partial results (per POSIX), and thus, globfree() needs to be
called to prevent a memory leak.

Unfortunately, glob() itself calls globfree() under certain
circumstances.  Calling globfree() again (which is legal and in fact
mandated under POSIX) causes certain portions of the structure to be
double-freed.  Under many circumstances, this results in infinite loops
or SIGSEGV during the next malloc.

The best way to fix it is for globfree() to do housekeeping on the
glob_t it's freeing, by setting gl_pathc to 0 and gl_pathv to NULL. 
Then, when globfree() is called the second time, it knows to do
nothing.  A patch to that effect is attached (in debian/patches form).

(This is the same bug, basically, as 260767, except that the source of
the double-free I complained about has now been discovered.)

The severity is serious because this bug causes the LSB tests to hang,
specifically /tset/LSB.os/genuts/glob/T.glob 30.

Content-Disposition: attachment; filename=globfree-clear-pathc.dpatch
Content-Type: application/x-shellscript; name=globfree-clear-pathc.dpatch
Content-Transfer-Encoding: 7bit

#! /bin/sh -e

# All lines beginning with `# DP:' are a description of the patch.
# DP: Description: Patch to make globfree() clear pglob->gl_pathc
# DP: Related bugs: 
# DP: Dpatch author: 
# DP: Patch author: Jeff Licquia <licquia@progeny.com>
# DP: Upstream status: Not submitted
# DP: Status Details: 
# DP: Date: 2004-07-22


if [ $# -ne 2 ]; then
    echo >&2 "`basename $0`: script expects -patch|-unpatch as argument"
    exit 1
case "$1" in
    -patch) patch -d "$2" -f --no-backup-if-mismatch -p$PATCHLEVEL < $0;;
    -unpatch) patch -d "$2" -f --no-backup-if-mismatch -R -p$PATCHLEVEL < $0;;
	echo >&2 "`basename $0`: script expects -patch|-unpatch as argument"
	exit 1
exit 0

# append the patch here and adjust the -p? flag in the patch calls.
--- glibc-2.3.2-old/sysdeps/generic/glob.c	2004-07-26 17:49:07.000000000 -0400
+++ glibc-2.3.2/sysdeps/generic/glob.c	2004-07-26 17:51:14.000000000 -0400
@@ -1105,6 +1105,8 @@
 	if (pglob->gl_pathv[pglob->gl_offs + i] != NULL)
 	  free ((__ptr_t) pglob->gl_pathv[pglob->gl_offs + i]);
       free ((__ptr_t) pglob->gl_pathv);
+      pglob->gl_pathc = 0;
+      pglob->gl_pathv = NULL;
 #if defined _LIBC && !defined globfree


Received: (at 264884-close) by bugs.debian.org; 28 Sep 2004 01:08:11 +0000
>From katie@ftp-master.debian.org Mon Sep 27 18:08:11 2004
Return-path: <katie@ftp-master.debian.org>
Received: from newraff.debian.org [] (mail)
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1CC6TT-000454-00; Mon, 27 Sep 2004 18:08:11 -0700
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
	id 1CC6Nf-0005th-00; Mon, 27 Sep 2004 21:02:11 -0400
From: GOTO Masanori <gotom@debian.org>
To: 264884-close@bugs.debian.org
X-Katie: $Revision: 1.51 $
Subject: Bug#264884: fixed in glibc 2.3.2.ds1-17
Message-Id: <E1CC6Nf-0005th-00@newraff.debian.org>
Sender: Archive Administrator <katie@ftp-master.debian.org>
Date: Mon, 27 Sep 2004 21:02:11 -0400
Delivered-To: 264884-close@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
	autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-CrossAssassin-Score: 3

Source: glibc
Source-Version: 2.3.2.ds1-17

We believe that the bug you reported is fixed in the latest version of
glibc, which is due to be installed in the Debian FTP archive:

  to pool/main/g/glibc/glibc-doc_2.3.2.ds1-17_all.deb
  to pool/main/g/glibc/glibc_2.3.2.ds1-17.diff.gz
  to pool/main/g/glibc/glibc_2.3.2.ds1-17.dsc
  to pool/main/g/glibc/libc6-dbg_2.3.2.ds1-17_i386.deb
  to pool/main/g/glibc/libc6-dev_2.3.2.ds1-17_i386.deb
  to pool/main/g/glibc/libc6-i686_2.3.2.ds1-17_i386.deb
  to pool/main/g/glibc/libc6-pic_2.3.2.ds1-17_i386.deb
  to pool/main/g/glibc/libc6-prof_2.3.2.ds1-17_i386.deb
  to pool/main/g/glibc/libc6-udeb_2.3.2.ds1-17_i386.udeb
  to pool/main/g/glibc/libc6_2.3.2.ds1-17_i386.deb
  to pool/main/g/glibc/libnss-dns-udeb_2.3.2.ds1-17_i386.udeb
  to pool/main/g/glibc/libnss-files-udeb_2.3.2.ds1-17_i386.udeb
  to pool/main/g/glibc/locales_2.3.2.ds1-17_all.deb
  to pool/main/g/glibc/nscd_2.3.2.ds1-17_i386.deb

A summary of the changes between this version and the previous one is

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 264884@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
GOTO Masanori <gotom@debian.org> (supplier of updated glibc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)

Hash: SHA1

Format: 1.7
Date: Thu, 19 Aug 2004 12:39:35 +0900
Source: glibc
Binary: libc6-i686 libc0.3-pic glibc-doc libc1-udeb libc0.3 libc6.1-dev libc1-pic libc6-s390x libnss-files-udeb libc1-dbg libc6-dev-sparc64 libc0.3-dev libc6-udeb libc6-dbg libc6.1-pic libc6-dev libc0.3-prof libc6-sparcv9 libc6.1-prof libc1 locales libc6-pic libc0.3-udeb libc1-prof libc0.3-dbg libc6-prof libc6 libc6-sparcv9b libc6.1-udeb libc6.1-dbg nscd libc6-sparc64 libnss-dns-udeb libc6.1 libc1-dev libc6-dev-s390x
Architecture: source i386 all
Version: 2.3.2.ds1-17
Distribution: unstable
Urgency: high
Maintainer: GOTO Masanori <gotom@debian.org>
Changed-By: GOTO Masanori <gotom@debian.org>
 glibc-doc  - GNU C Library: Documentation
 libc6      - GNU C Library: Shared libraries and Timezone data
 libc6-dbg  - GNU C Library: Libraries with debugging symbols
 libc6-dev  - GNU C Library: Development Libraries and Header Files
 libc6-i686 - GNU C Library: Shared libraries [i686 optimized]
 libc6-pic  - GNU C Library: PIC archive library
 libc6-prof - GNU C Library: Profiling Libraries
 libc6-udeb - GNU C Library: Shared libraries - udeb (udeb)
 libnss-dns-udeb - GNU C Library: NSS helper for DNS - udeb (udeb)
 libnss-files-udeb - GNU C Library: NSS helper for files - udeb (udeb)
 locales    - GNU C Library: National Language (locale) data [support]
 nscd       - GNU C Library: Name Service Cache Daemon
Closes: 233301 259211 264884 266637 269747 270998
 glibc (2.3.2.ds1-17) unstable; urgency=high
   * GOTO Masanori <gotom@debian.org>
     - debian/sysdeps/depflags.pl: Fix typo, from "kerberos4th-dev" to
       "kerberos4kth-dev".  (Closes: #266637)
     - debian/patches/00list: Add locale-byn_ER.dpatch that was missing
       when I fixed.  (Closes: #270998)
     - debian/patches/glibc23-dlclose-l_opencount.dpatch: Fix reference
       counter in dl that does not sometimes decrement correctly.
       (Closes: #233301, #259211)
     - debian/patches/glibc232-globfree-clear.dpatch: Workaround and
       to make sure that fix to enforce clear gl_pathc and gl_pathv in
       globfree() for sarge to conform LFS test, requested by Jeff Licquia.
       (Closes: #264884)
     - debian/local/manpages/tzselect.1: Fix typo.  (Closes: #269747)
     - debian/debhelper.in/libc.preinst: Don't install glibc when kernel
       is not 2.6 on amd64.
     - debian/sysdeps/amd64.mk: Patch from Andreas Jochens:
        - Drop the 'nptl' pass from GLIBC_PASSES.
        - Use 'nptl' instead of 'linuxthreads' in the 'libc' pass (this
          requires kernel >= 2.6.0, but 2.4 is not supported by the amd64
          port anyway).
 f2347bbfc6f8ee708b8137f123e6a060 1648 libs required glibc_2.3.2.ds1-17.dsc
 d65fab0302ea63509110c9dd0ec7ca9a 1743818 libs required glibc_2.3.2.ds1-17.diff.gz
 fa95325ad2730153ca2173d87f787618 3164884 doc optional glibc-doc_2.3.2.ds1-17_all.deb
 86a11ec357fe89599ad3d2ce4129dd96 3980780 base standard locales_2.3.2.ds1-17_all.deb
 8a01fba332aab8b39ae7c8ddaead8c40 4943088 base required libc6_2.3.2.ds1-17_i386.deb
 c94296224eb1b8a6d37bc65ef06d7fbe 2530234 libdevel standard libc6-dev_2.3.2.ds1-17_i386.deb
 c4b26cd73a9dcb00d8afe2bce3eb1c8e 2011756 libdevel extra libc6-prof_2.3.2.ds1-17_i386.deb
 3c3b32dabb418e0596f6da7ae4333d6f 1034276 libdevel optional libc6-pic_2.3.2.ds1-17_i386.deb
 0416ba3b9ad5e68b41d54bd78ecbdccd 972958 libs extra libc6-i686_2.3.2.ds1-17_i386.deb
 00668c0b6a3d4dcf23ea231814ce152b 90578 admin optional nscd_2.3.2.ds1-17_i386.deb
 5139cc31a582c5cf1854534464f7ddd8 10241270 libdevel extra libc6-dbg_2.3.2.ds1-17_i386.deb
 25efa8b99c5412bbf71e98f0dbc462ba 718888 debian-installer extra libc6-udeb_2.3.2.ds1-17_i386.udeb
 355f956e3199b2e8929bc6a20eddedf4 7722 debian-installer extra libnss-dns-udeb_2.3.2.ds1-17_i386.udeb
 d8ce250c408cbec5539c12e494db4704 13740 debian-installer extra libnss-files-udeb_2.3.2.ds1-17_i386.udeb
package-type: udeb

Version: GnuPG v1.2.5 (GNU/Linux)


Reply to: