cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: about the bug of glibc detected free invalid pointer

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Wed, 13 Feb 2008 10:41:01 +0100 (CET)

On Wed, 13 Feb 2008, yi xia wrote:

> I have done as your said, but the problem is still there. The code is pasted
> here.

I ran this with valgrind on my CVS libcurl (basically 7.18.0, IPv6 enabled and
built with c-ares) and glibc 2.7 on a Debian Unstable and it showed no
problems at all!

Then I rebuilt it without c-ares (still IPv6 enabled) and I can repeat the
valgrind report on demand with your test case. But from what I can see, the
entire error sequence valgrind reports are from within glibc!

Here's the full output from valgrind I get. It seems completely different than
your log. Your output even included OpenSSL details which seems terribly
strange since your test case doesn't even use SSL...

==1188== Memcheck, a memory error detector.
==1188== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==1188== Using LibVEX rev 1804, a library for dynamic binary translation.
==1188== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==1188== Using valgrind-3.3.0-Debian, a dynamic binary instrumentation
framework.
==1188== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==1188== For more details, rerun with: -v
==1188==
==1188== Thread 2:
==1188== Invalid read of size 4
==1188== at 0x40170D3: (within /lib/ld-2.7.so)
==1188== by 0x40060F4: (within /lib/ld-2.7.so)
==1188== by 0x4008737: (within /lib/ld-2.7.so)
==1188== by 0x4012A77: (within /lib/ld-2.7.so)
==1188== by 0x400E8C5: (within /lib/ld-2.7.so)
==1188== by 0x401233D: (within /lib/ld-2.7.so)
==1188== by 0x458ECC1: (within /lib/i686/cmov/libc-2.7.so)
==1188== by 0x400E8C5: (within /lib/ld-2.7.so)
==1188== by 0x458EE84: __libc_dlopen_mode (in /lib/i686/cmov/libc-2.7.so)
==1188== by 0x4568BA6: __nss_lookup_function (in
/lib/i686/cmov/libc-2.7.so)
==1188== by 0x453D21A: (within /lib/i686/cmov/libc-2.7.so)
==1188== by 0x453E4C7: getaddrinfo (in /lib/i686/cmov/libc-2.7.so)
==1188== Address 0x4771558 is 32 bytes inside a block of size 33 alloc'd
==1188== at 0x4024AB8: malloc (vg_replace_malloc.c:207)
==1188== by 0x4008D29: (within /lib/ld-2.7.so)
==1188== by 0x4012A77: (within /lib/ld-2.7.so)
==1188== by 0x400E8C5: (within /lib/ld-2.7.so)
==1188== by 0x401233D: (within /lib/ld-2.7.so)
==1188== by 0x458ECC1: (within /lib/i686/cmov/libc-2.7.so)
==1188== by 0x400E8C5: (within /lib/ld-2.7.so)
==1188== by 0x458EE84: __libc_dlopen_mode (in /lib/i686/cmov/libc-2.7.so)
==1188== by 0x4568BA6: __nss_lookup_function (in
/lib/i686/cmov/libc-2.7.so)
==1188== by 0x453D21A: (within /lib/i686/cmov/libc-2.7.so)
==1188== by 0x453E4C7: getaddrinfo (in /lib/i686/cmov/libc-2.7.so)
==1188== by 0x8070F6C: curl_dogetaddrinfo (hostip6.c:123)
==1188==
==1188== Invalid read of size 4
==1188== at 0x4017117: (within /lib/ld-2.7.so)
==1188== by 0x40060F4: (within /lib/ld-2.7.so)
==1188== by 0x4008737: (within /lib/ld-2.7.so)
==1188== by 0x4012A77: (within /lib/ld-2.7.so)
==1188== by 0x400E8C5: (within /lib/ld-2.7.so)
==1188== by 0x401233D: (within /lib/ld-2.7.so)
==1188== by 0x458ECC1: (within /lib/i686/cmov/libc-2.7.so)
==1188== by 0x400E8C5: (within /lib/ld-2.7.so)
==1188== by 0x458EE84: __libc_dlopen_mode (in /lib/i686/cmov/libc-2.7.so)
==1188== by 0x4568BA6: __nss_lookup_function (in
/lib/i686/cmov/libc-2.7.so)
==1188== by 0x453D21A: (within /lib/i686/cmov/libc-2.7.so)
==1188== by 0x453E4C7: getaddrinfo (in /lib/i686/cmov/libc-2.7.so)
==1188== Address 0x4771d8c is 28 bytes inside a block of size 31 alloc'd
==1188== at 0x4024AB8: malloc (vg_replace_malloc.c:207)
==1188== by 0x4008D29: (within /lib/ld-2.7.so)
==1188== by 0x4012A77: (within /lib/ld-2.7.so)
==1188== by 0x400E8C5: (within /lib/ld-2.7.so)
==1188== by 0x401233D: (within /lib/ld-2.7.so)
==1188== by 0x458ECC1: (within /lib/i686/cmov/libc-2.7.so)
==1188== by 0x400E8C5: (within /lib/ld-2.7.so)
==1188== by 0x458EE84: __libc_dlopen_mode (in /lib/i686/cmov/libc-2.7.so)
==1188== by 0x4568BA6: __nss_lookup_function (in
/lib/i686/cmov/libc-2.7.so)
==1188== by 0x453D21A: (within /lib/i686/cmov/libc-2.7.so)
==1188== by 0x453E4C7: getaddrinfo (in /lib/i686/cmov/libc-2.7.so)
==1188== by 0x8070F6C: curl_dogetaddrinfo (hostip6.c:123)
==1188==
==1188== Invalid read of size 4
==1188== at 0x40170E9: (within /lib/ld-2.7.so)
==1188== by 0x40060F4: (within /lib/ld-2.7.so)
==1188== by 0x4008737: (within /lib/ld-2.7.so)
==1188== by 0x4012A77: (within /lib/ld-2.7.so)
==1188== by 0x400E8C5: (within /lib/ld-2.7.so)
==1188== by 0x401233D: (within /lib/ld-2.7.so)
==1188== by 0x458ECC1: (within /lib/i686/cmov/libc-2.7.so)
==1188== by 0x400E8C5: (within /lib/ld-2.7.so)
==1188== by 0x458EE84: __libc_dlopen_mode (in /lib/i686/cmov/libc-2.7.so)
==1188== by 0x4568BA6: __nss_lookup_function (in
/lib/i686/cmov/libc-2.7.so)
==1188== by 0x453D21A: (within /lib/i686/cmov/libc-2.7.so)
==1188== by 0x453E4C7: getaddrinfo (in /lib/i686/cmov/libc-2.7.so)
==1188== Address 0x4772984 is 20 bytes inside a block of size 23 alloc'd
==1188== at 0x4024AB8: malloc (vg_replace_malloc.c:207)
==1188== by 0x4008D29: (within /lib/ld-2.7.so)
==1188== by 0x4012A77: (within /lib/ld-2.7.so)
==1188== by 0x400E8C5: (within /lib/ld-2.7.so)
==1188== by 0x401233D: (within /lib/ld-2.7.so)
==1188== by 0x458ECC1: (within /lib/i686/cmov/libc-2.7.so)
==1188== by 0x400E8C5: (within /lib/ld-2.7.so)
==1188== by 0x458EE84: __libc_dlopen_mode (in /lib/i686/cmov/libc-2.7.so)
==1188== by 0x4568BA6: __nss_lookup_function (in
/lib/i686/cmov/libc-2.7.so)
==1188== by 0x453D21A: (within /lib/i686/cmov/libc-2.7.so)
==1188== by 0x453E4C7: getaddrinfo (in /lib/i686/cmov/libc-2.7.so)
==1188== by 0x8070F6C: curl_dogetaddrinfo (hostip6.c:123)
==1188==
==1188== ERROR SUMMARY: 4 errors from 3 contexts (suppressed: 97 from 1)
==1188== malloc/free: in use at exit: 288 bytes in 8 blocks.
==1188== malloc/free: 2,117 allocs, 2,109 frees, 78,432 bytes allocated.
==1188== For counts of detected errors, rerun with: -v
==1188== searching for pointers to 8 not-freed blocks.
==1188== checked 425,004 bytes.
==1188==
==1188== LEAK SUMMARY:
==1188== definitely lost: 0 bytes in 0 blocks.
==1188== possibly lost: 0 bytes in 0 blocks.
==1188== still reachable: 288 bytes in 8 blocks.
==1188== suppressed: 0 bytes in 0 blocks.
==1188== Rerun with --leak-check=full to see details of leaked memory.

-- 
  Commercial curl and libcurl Technical Support: http://haxx.se/curl.html
Received on 2008-02-13