This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug dynamic-link/15308] New: _dl_sort_fini reads memory already freed in dl-libc.c's libc_freeres
- From: "dhatch at ilm dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Wed, 27 Mar 2013 07:45:33 +0000
- Subject: [Bug dynamic-link/15308] New: _dl_sort_fini reads memory already freed in dl-libc.c's libc_freeres
- Auto-submitted: auto-generated
http://sourceware.org/bugzilla/show_bug.cgi?id=15308
Bug #: 15308
Summary: _dl_sort_fini reads memory already freed in
dl-libc.c's libc_freeres
Product: glibc
Version: 2.12
Status: NEW
Severity: normal
Priority: P2
Component: dynamic-link
AssignedTo: unassigned@sourceware.org
ReportedBy: dhatch@ilm.com
Classification: Unclassified
Using current master/head from git://sourceware.org/git/glibc.git
(or installed ld.so from glibc 2.12 on rhel6.3 linux),
I was getting some sanity failures and crashes in _dl_sort_fini
in the elf/noload confidence test program during "make check".
Copy-pasting the command line that runs this program during "make check"
into the command shell, and inserting "valgrind" just before
ld.so, reveals the following error:
==11270== Invalid read of size 8
==11270== at 0x116C19: _dl_sort_fini (dl-fini.c:222)
==11270== by 0x1175EA: _dl_fini (dl-fini.c:650)
==11270== by 0x504ADB1: exit (exit.c:78)
==11270== by 0x5033CE3: (below main) (libc-start.c:258)
==11270== Address 0x53aa620 is 0 bytes inside a block of size 72
free'd
==11270== at 0x4A072BA: free (vg_replace_malloc.c:446)
==11270== by 0x51550DB: free_mem (dl-glibc.c)
==11270== by 0x5154BD1: __libc_freeres (set-freeres.c)
==11270== by 0x504ADB1: exit (exit.c:78)
==11270== by 0x5033CE3: (below main) (libc-start.c:258)
This error isn't normally encountered
since __libc_freeres isn't normally called;
however, it is called when running any program under valgrind,
and it's also called when mtrace() is being used
and the MALLOC_TRACE env var is set,
as is the case when this test is being run
during "make check".
If I put a "l->l_initfini = NULL;" after the "free (l->l_initfini)"
in free_mem() in elf/dl-libc.c, the error goes away.
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.