Bug#457337: marked as done (libc6: mremap() returns invalid address)

To: Aurelien Jarno <aurelien@aurel32.net>
Subject: Bug#457337: marked as done (libc6: mremap() returns invalid address)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Wed, 20 Feb 2008 06:00:03 +0000
Message-id: <handler.457337.D457337.120348717632478.ackdone@bugs.debian.org>
References: <47BBC1D3.2000401@aurel32.net> <20071221171543.20293.34899.reportbug@tuck.camp.tiker.net>

Your message dated Wed, 20 Feb 2008 06:59:47 +0100
with message-id <47BBC1D3.2000401@aurel32.net>
and subject line Re: Bug#457337: libc6: mremap() returns invalid address
has caused the Debian Bug report #457337,
regarding libc6: mremap() returns invalid address
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
457337: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457337
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: libc6: mremap() returns invalid address
From: Andreas Kloeckner <inform@tiker.net>
Date: Fri, 21 Dec 2007 12:15:43 -0500
Message-id: <20071221171543.20293.34899.reportbug@tuck.camp.tiker.net>

Package: libc6
Version: 2.7-4
Severity: normal

Here's a gdb transcript of a part of dlmalloc that is called from some
of my code. Observe how cp, the address returned by mremap, is invalid,
and the code segfaults on the first access to that pointer.

8< ----------------------------------------------------------------------------
Breakpoint 1, mmap_resize (m=0x2b6a5b236010, oldp=0x2b6a5bdb4000,
nb=406784) at src/gklib/dlmalloc.c:2358
2358        if (cp != CMFAIL) {
(gdb) l
2353        size_t offset = oldp->prev_foot & ~IS_MMAPPED_BIT;
2354        size_t oldmmsize = oldsize + offset + MMAP_FOOT_PAD;
2355        size_t newmmsize = mmap_align(nb + SIX_SIZE_T_SIZES +
CHUNK_ALIGN_MASK);
2356        char* cp = (char*)CALL_MREMAP((char*)oldp - offset,
2357                                      oldmmsize, newmmsize, 1);
2358        if (cp != CMFAIL) {
2359          mchunkptr newp = (mchunkptr)(cp + offset);
2360          size_t psize = newmmsize - offset - MMAP_FOOT_PAD;
2361          newp->head = (psize|CINUSE_BIT);
2362          mark_inuse_foot(m, newp, psize);
(gdb) p cp
$3 = 0x5bdb4000 <Address 0x5bdb4000 out of bounds>
(gdb) n
2359          mchunkptr newp = (mchunkptr)(cp + offset);
(gdb) 
2360          size_t psize = newmmsize - offset - MMAP_FOOT_PAD;
(gdb) 
2361          newp->head = (psize|CINUSE_BIT);
(gdb) 

Program received signal SIGSEGV, Segmentation fault.
0x00002b6a5a88849d in mmap_resize (m=0x2b6a5b236010,
oldp=0x2b6a5bdb4000, nb=406784) at src/gklib/dlmalloc.c:2361
2361          newp->head = (psize|CINUSE_BIT);
(gdb) p oldp
$4 = (mchunkptr) 0x2b6a5bdb4000
(gdb) p offset
$5 = 0
(gdb) 
8< ----------------------------------------------------------------------------

If you were wondering, CALL_MREMAP is just
8< ----------------------------------------------------------------------------
#define CALL_MREMAP(addr, osz, nsz, mv) ((void)(addr),(void)(osz), \
                                         (void)(nsz), (void)(mv),MFAIL)
8< ----------------------------------------------------------------------------

-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.23 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages libc6 depends on:
ii  libgcc1                       1:4.2.2-4  GCC support library

libc6 recommends no packages.

-- debconf information:
  glibc/restart-failed:
  glibc/restart-services:

--- End Message ---

--- Begin Message ---

To: Andreas Klöckner <inform@tiker.net>, 457337-done@bugs.debian.org

Subject: Re: Bug#457337: libc6: mremap() returns invalid address

From: Aurelien Jarno <aurelien@aurel32.net>

Date: Wed, 20 Feb 2008 06:59:47 +0100

Message-id: <47BBC1D3.2000401@aurel32.net>

In-reply-to: <200802191741.40673.inform@tiker.net>

References: <20071221171543.20293.34899.reportbug@tuck.camp.tiker.net> <20080112123231.GB13225@hall.aurel32.net> <47BB513A.5010204@aurel32.net> <200802191741.40673.inform@tiker.net>
Andreas Klöckner a écrit :
> On Dienstag 19 Februar 2008, Aurelien Jarno wrote:
>> ping ?
> 
> Sorry, I don't have time to track this issue down any further. I figured out a 
> way to not have dlmalloc call mremap, and that settles the issue for me. :-/ 
> (#define HAVE_MREMAP 0)
> 
> Feel free to close this bug.
> 

Doing that with this mail.

-- 
  .''`.  Aurelien Jarno	            | GPG: 1024D/F1BCDB73
 : :' :  Debian developer           | Electrical Engineer
 `. `'   aurel32@debian.org         | aurelien@aurel32.net
   `-    people.debian.org/~aurel32 | www.aurel32.net
--- End Message ---

Reply to:

Prev by Date: Bug#466482: Locales: es_CR.UTF-8 lacks 12-hour format in LC_TIME
Next by Date: r2819 - in glibc-package/trunk/debian: . debhelper.in rules.d script.in
Previous by thread: [bts-link] source package glibc
Next by thread: r2819 - in glibc-package/trunk/debian: . debhelper.in rules.d script.in
Index(es):
- Date
- Thread