Date: Tue, 13 Mar 2012 13:40:12 +0100 From: Alexandre Martins <alexandre.martins@netasq.com> To: Konstantin Belousov <kostikbel@gmail.com> Cc: freebsd-current@freebsd.org Subject: Re: Double free() in libc or gdb ? Message-ID: <201203131340.15998.alexandre.martins@netasq.com> In-Reply-To: <20120313121752.GP75778@deviant.kiev.zoral.com.ua> References: <201203121750.36937.alexandre.martins@netasq.com> <201203131108.43815.alexandre.martins@netasq.com> <20120313121752.GP75778@deviant.kiev.zoral.com.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart11892380.xjSGjULTiR
Content-Type: Text/Plain;
charset="iso-8859-15"
Content-Transfer-Encoding: quoted-printable
On Tuesday 13 March 2012 13:17:52 Konstantin Belousov wrote:
> On Tue, Mar 13, 2012 at 11:08:40AM +0100, Alexandre Martins wrote:
> > On Monday 12 March 2012 18:55:55 Konstantin Belousov wrote:
> > > On Mon, Mar 12, 2012 at 05:50:33PM +0100, Alexandre Martins wrote:
> > > > Dear all,
> > > >=20
> > > > I'm currently having some trouble with the dynamic loader.
> > > >=20
> > > > I have the libc compilled with "MALLOC_DEBUG" flag to detect double
> > > > free. When i run this piece of code (attached file) thought GDB, i
> > > > have this assertion :
> > > >=20
> > > > Assertion failed: ((run->regs_mask[elm] & (1U << bit)) =3D=3D 0),
> > > > function arena_run_reg_dalloc, file
> > > > /usr/src/lib/libc/stdlib/malloc.c, line 2543.
> > > >=20
> > > > But when i run the same binary without GDB, no assert.
> > > >=20
> > > > I'm very confused. Can you help me to debug that ?
> > >=20
> > > There is no attachment. Put the source somewhere on web.
> >=20
> > Sorry, I'll past code here :
> >=20
> > first.c:
> > ____________________
> > #include <stdio.h>
> >=20
> > void print_name(void)
> > {
> >=20
> > printf("I'm " __FILE__ " at line %d\n", __LINE__);
> >=20
> > }
> > ____________________
> >=20
> > second.c
> > ____________________
> > #include <stdio.h>
> >=20
> > void second_name(void)
> > {
> >=20
> > printf("I'm " __FILE__ " at line %d\n", __LINE__);
> >=20
> > }
> >=20
> > void print_name(void)
> > {
> >=20
> > printf("I'm " __FILE__ " at line %d\n", __LINE__);
> >=20
> > }
> > ____________________
> >=20
> > main.c
> > ____________________
> > #include <stdio.h>
> > #include <dlfcn.h>
> >=20
> > extern void print_name(void);
> >=20
> > int main(int argc, char *argv[])
> > {
> >=20
> > void (*second_name)(void);
> > void *handle;
> > int count =3D 0;
> > =20
> > while(42)
> > {
> > =20
> > print_name();
> > handle =3D dlopen("second.so", RTLD_NOW);
> > print_name();
> > if (handle !=3D NULL)
> > {
> > =20
> > second_name =3D dlsym(handle, "second_name");
> > if (second_name !=3D NULL)
> > {
> > =20
> > printf("second : ");
> > second_name();
> > =20
> > }
> > dlclose(handle);
> > =20
> > }
> > else
> > =20
> > fprintf(stderr, "Error : %s\n", dlerror());
> > =20
> > }
> >=20
> > }
> > ____________________
> >=20
> > Compilation and execution :
> >=20
> > gcc -shared -O0 -g second.c -o second.so
> > gcc -shared -O0 -g first.c -o libfirst.so
> > gcc -O0 -g toto.c -lfirst -L. -o test
> > export LD_LIBRARY_PATH=3D$PWD
> > gdb ./test
>=20
> First, the libc malloc is not used inside rtld, so assertion which you
> see points to somebody else. This somebody could be the stdio in your
> example, or it could be gdb.
>=20
> On the HEAD r232862, I indeed get the assertion, that obviously comes
> from gdb. So this is a bug in gdb. Probably, try devel/gdb from ports,
> I hardly can help you with gdb bug.
Dear,
Thank for your response.
Two other thing
- The process consume memory, but there is no allocation in my code. Maybe=
a=20
leak in the libc ?
- My kernel have crashed after some minute of leak (i have removed printf =
for=20
better perf on the loop). Maybe unrelated, but ...
Regards,
=2D-=20
Alexandre Martins
NETASQ -- We secure IT
--nextPart11892380.xjSGjULTiR--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201203131340.15998.alexandre.martins>