[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#540373: marked as done (libc6: invalid free should be better phrased)

Your message dated Tue, 7 Jan 2025 22:12:46 +0100
with message-id <Z32Yzl7fF-3aIhYU@aurel32.net>
and subject line Re: Bug#540373: Report can be declared as solved (old age)
has caused the Debian Bug report #540373,
regarding libc6: invalid free should be better phrased
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
540373: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=540373
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: libc6
Version: 2.7-18
Severity: normal

Description:

  Segmentation fault now and then in ace-of-penguins/ace-canfield

kernel: lt-canfield[1653]: segfault at 64 ip b7d88a19 sp bfae197c error
  4 in libc-2.7.so[b7d1e000+138000]

and ftp, if macro "$safn ." is used

macdef safn
dir $1 "| more"

kernel: ftp[1675]: segfault at 1f6b3 ip b7e34978 sp bf88d088 error 4 in
libc-2.7.so[b7dca000+138000]

For ace-canfield:

Segmentation fault if max_undo == 100 now and then
sizeof(Undo) == 12

------Start of part of code-------

static void
stack_note_undo(Stack *src, int n, Stack *dest)
{
  if (doing_undo) return;
  if (num_undo >= max_undo)
  {
    max_undo += 50;
fprintf(stderr, "max_undo = %d, sizeof(Undo) = %d\n", max_undo,
  sizeof(Undo));
 /* if (max_undo == 100) mtrace(); */
    if (undo)
      undo = (Undo *)realloc(undo, max_undo * sizeof(Undo));
    else
      undo = (Undo *)malloc(max_undo * sizeof(Undo));
  }
/*if (max_undo == 100) muntrace();*/

-------End of part of code--------

Dump with gdb without "fprintf(...)" and "mtrace()":

GNU gdb 6.8-debian
...

Program received signal SIGSEGV, Segmentation fault.
0xb7e9da19 in malloc_consolidate (av=0xb7f6e160) at malloc.c:4842
4842	malloc.c: No such file or directory.
	in malloc.c
(gdb) bt full
#0  0xb7e9da19 in malloc_consolidate (av=0xb7f6e160) at malloc.c:4842
	fb = (mfastbinptr *) 0xb7f6e178
	maxfb = (mfastbinptr *) 0xb7f6e18c
	p = (mchunkptr) 0x9ff4e58
	nextp = (mchunkptr) 0x9ffac08
	unsorted_bin = (mchunkptr) 0xb7f6e190
	first_unsorted = <value optimized out>
	nextchunk = (mchunkptr) 0x9ff4e88
	size = 208
	nextsize = 160
	prevsize = <value optimized out>
	bck = (mchunkptr) 0x53
	fwd = (mchunkptr) 0x65
#1  0xb7e9f9a5 in _int_malloc (av=0xb7f6e160, bytes=1201) at malloc.c:4166
	nb = 1208
	idx = 74
	bin = <value optimized out>
	victim = <value optimized out>
	size = <value optimized out>
	victim_index = <value optimized out>
	remainder = <value optimized out>
	remainder_size = <value optimized out>
	block = <value optimized out>
	bit = <value optimized out>
	map = <value optimized out>
	fwd = <value optimized out>
	bck = <value optimized out>
---Type <return> to continue, or q <return> to quit---
#2  0xb7ea0ecf in _int_realloc (av=0xb7f6e160, oldmem=0x9ff4f70, bytes=1200)
    at malloc.c:4972
	nextsize = <value optimized out>
	nb = 1208
	oldp = (mchunkptr) 0x9ff4f68
	oldsize = 608
	newp = <value optimized out>
	newsize = 608
	newmem = <value optimized out>
	next = (mchunkptr) 0x9ff51c8
	remainder = <value optimized out>
	remainder_size = <value optimized out>
	bck = <value optimized out>
	fwd = <value optimized out>
	copysize = <value optimized out>
	ncopies = <value optimized out>
	errstr = <value optimized out>
#3  0xb7ea1a6f in *__GI___libc_realloc (oldmem=0x9ff4f70, bytes=1200)
    at malloc.c:3709
	ar_ptr = (mstate) 0xb7f6e160
	nb = 1208
	oldp = (mchunkptr) 0x9ff4f68
	oldsize = 608
	newp = <value optimized out>
	hook = <value optimized out>
#4  0xb80d063a in stack_note_undo (src=0x9ff4dc0, n=27, dest=0x9ff4e28)
    at stack.c:592
---Type <return> to continue, or q <return> to quit---
No locals.
#5  0xb80d0404 in stack_flip_card (src=0x9ff4dc0, dest=0x9ff4e28)
    at stack.c:557
No locals.
#6  0x08049766 in hand_to_talon () at canfield.c:263
No locals.
#7  0x08049ede in click (x=54, y=275, b=1) at canfield.c:460
	c = 4
	f = 1
	cp = (Picture *) 0x0
#8  0xb80c9cfd in table_loop () at table.c:405
	event = {type = ev_buttondown, x = 54, y = 275, w = 474, h = 540, 
  button = 1, shifts = 0, key = -1206979872, time = 20910024}
	first_expose = 1
	click_button = 1
#9  0x08048ea4 in main (argc=1, argv=0xbfaf7464) at canfield.c:60
No locals.

-----End without "fprintf(...)" and "mtrace()"--------

Dump from gdb with "mtrace" activated in code

GNU gdb 6.8-debian

max_undo = 50, sizeof(Undo) = 12
Base rank: 1
max_undo = 100, sizeof(Undo) = 12

Program received signal SIGSEGV, Segmentation fault.
0xb7d88a19 in malloc_consolidate (av=0xb7e59160) at malloc.c:4842
4842	malloc.c: No such file or directory.
	in malloc.c
(gdb) bt full
#0  0xb7d88a19 in malloc_consolidate (av=0xb7e59160) at malloc.c:4842
	fb = (mfastbinptr *) 0xb7e59178
	maxfb = (mfastbinptr *) 0xb7e5918c
	p = (mchunkptr) 0x8057e58
	nextp = (mchunkptr) 0x0
	unsorted_bin = (mchunkptr) 0xb7e59190
	first_unsorted = <value optimized out>
	nextchunk = (mchunkptr) 0x8057e88
	size = 208
	nextsize = 160
	prevsize = <value optimized out>
	bck = (mchunkptr) 0x77
	fwd = (mchunkptr) 0x70
#1  0xb7d8a9a5 in _int_malloc (av=0xb7e59160, bytes=512) at malloc.c:4166
	nb = 520
	idx = 64
	bin = <value optimized out>
	victim = <value optimized out>
	size = <value optimized out>
	victim_index = <value optimized out>
	remainder = <value optimized out>
	remainder_size = <value optimized out>
	block = <value optimized out>
	bit = <value optimized out>
	map = <value optimized out>
	fwd = <value optimized out>
	bck = <value optimized out>
---Type <return> to continue, or q <return> to quit---
#2  0xb7d8c586 in *__GI___libc_malloc (bytes=512) at malloc.c:3553
	ar_ptr = (mstate) 0xb7e59160
	victim = (void *) 0xbfe94fb1
	hook = <value optimized out>
#3  0xb7d8e09c in mtrace () at mtrace.c:314
	mallfile = <value optimized out>
	added_atexit_handler = 0
#4  0xb7fbb6bd in stack_note_undo (src=0x8057dc0, n=28, dest=0x8057e28)
    at stack.c:593
No locals.
#5  0xb7fbb474 in stack_flip_card (src=0x8057dc0, dest=0x8057e28)
    at stack.c:558
No locals.
#6  0x08049766 in hand_to_talon () at canfield.c:263
No locals.
#7  0x08049ede in click (x=52, y=265, b=1) at canfield.c:460
	c = 4
	f = 1
	cp = (Picture *) 0x0
#8  0xb7fb4d6d in table_loop () at table.c:405
	event = {type = ev_buttondown, x = 52, y = 265, w = 474, h = 540, 
  button = 1, shifts = 0, key = -1208114464, time = 1799809}
	first_expose = 1
	click_button = 1
#9  0x08048ea4 in main (argc=1, argv=0xbfe92fe4) at canfield.c:60
No locals.

---End of dump for "mtrace()" activated-----

-- System Information:
Debian Release: 5.0.2
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i586)

Kernel: Linux 2.6.18d and Linux 2.6.26
Locale: LANG=is_IS, LC_CTYPE=is_IS (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/bash

Versions of packages libc6 depends on:
ii  libgcc1                      1:4.3.2-1.1 GCC support library

-- 
Bjarni I. Gislason

--- End Message ---
--- Begin Message --- 
On 2022-06-24 22:00, Bjarni Ingi Gislason wrote:
>   This bug report is to old to be kept.
> 

Agree, closing.

Regards,
Aurelien

-- 
Aurelien Jarno                          GPG: 4096R/1DDD8C9B
aurelien@aurel32.net                     http://aurel32.net

--- End Message ---
Reply to: