Bug#481543: libc6: low-memory snprintf provokes internal segfault
Petr Salinger <Petr.Salinger@seznam.cz> wrote:
>> This demonstrates that it is indeed a.out/libc that provokes
>> the segfault. Here's the output I get:
>>
>> [2331489.137491] zsh[21289]: segfault at 0 ip 7f1126c824f4 sp \
>> 7fff2fa49778 error 6 in libc-2.7.so[7f1126c06000+14a000]
>>
>> Do the same thing with true, and there's no problem:
>>
>> $ env -u -- zsh -f -c 'ulimit -v 5000; /bin/true' || dmesg|tail -1
>>
>> But if you use a command that calls printf or other stream output
>> functions, it'll fail because glibc's stream output initialization code
>> tries to allocate space and fails, and then segfaults.
>
> For me, it does not segfault, the mmap fails, the snprintf() returns -1
> and the program regularly ends.
>
> mmap(NULL, 5246976, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory)
> brk(0xbae000) = 0x6ad000
> mmap(NULL, 5378048, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory)
> mmap(NULL, 134217728, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = -1 ENOMEM (Cannot allocate memory)
> mmap(NULL, 67108864, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = -1 ENOMEM (Cannot allocate memory)
> mmap(NULL, 134217728, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = -1 ENOMEM (Cannot allocate memory)
> mmap(NULL, 67108864, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = -1 ENOMEM (Cannot allocate memory)
> exit_group(0) = ?
>
> The gcc is 4.3.2-2, libc6 is 2.7-15.
I don't think these are relevant, but:
gcc version 4.4.0 20080304 (experimental) (GCC)
libc6 is 2.7-16
are you using an x86_64 system? I am:
$ uname -m
x86_64
IIRC, this bug is x86_64-specific.
Reply to: