cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: about the bug of glibc detected free invalid pointer

From: yi xia <max.xiayi_at_gmail.com>
Date: Thu, 14 Feb 2008 11:16:48 +0800

Hi Daniel,

With c-ares enabled, the problem does get resolved. Thank you very much.
As for why it crash in glibc, it seems that what I can do is to remember it
will cause segmentation fault sometimes

Max

2008/2/13, Daniel Stenberg <daniel_at_haxx.se>:
>
> On Wed, 13 Feb 2008, yi xia wrote:
>
> > I have done as your said, but the problem is still there. The code is
> pasted
> > here.
>
> I ran this with valgrind on my CVS libcurl (basically 7.18.0, IPv6 enabled
> and
> built with c-ares) and glibc 2.7 on a Debian Unstable and it showed no
> problems at all!
>
> Then I rebuilt it without c-ares (still IPv6 enabled) and I can repeat the
> valgrind report on demand with your test case. But from what I can see,
> the
> entire error sequence valgrind reports are from within glibc!
>
> Here's the full output from valgrind I get. It seems completely different
> than
> your log. Your output even included OpenSSL details which seems terribly
> strange since your test case doesn't even use SSL...
>
> ==1188== Memcheck, a memory error detector.
> ==1188== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
> ==1188== Using LibVEX rev 1804, a library for dynamic binary translation.
> ==1188== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
> ==1188== Using valgrind-3.3.0-Debian, a dynamic binary instrumentation
> framework.
> ==1188== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
> ==1188== For more details, rerun with: -v
> ==1188==
> ==1188== Thread 2:
> ==1188== Invalid read of size 4
> ==1188== at 0x40170D3: (within /lib/ld-2.7.so)
> ==1188== by 0x40060F4: (within /lib/ld-2.7.so)
> ==1188== by 0x4008737: (within /lib/ld-2.7.so)
> ==1188== by 0x4012A77: (within /lib/ld-2.7.so)
> ==1188== by 0x400E8C5: (within /lib/ld-2.7.so)
> ==1188== by 0x401233D: (within /lib/ld-2.7.so)
> ==1188== by 0x458ECC1: (within /lib/i686/cmov/libc-2.7.so)
> ==1188== by 0x400E8C5: (within /lib/ld-2.7.so)
> ==1188== by 0x458EE84: __libc_dlopen_mode (in /lib/i686/cmov/libc-
> 2.7.so)
> ==1188== by 0x4568BA6: __nss_lookup_function (in
> /lib/i686/cmov/libc-2.7.so)
> ==1188== by 0x453D21A: (within /lib/i686/cmov/libc-2.7.so)
> ==1188== by 0x453E4C7: getaddrinfo (in /lib/i686/cmov/libc-2.7.so)
> ==1188== Address 0x4771558 is 32 bytes inside a block of size 33 alloc'd
> ==1188== at 0x4024AB8: malloc (vg_replace_malloc.c:207)
> ==1188== by 0x4008D29: (within /lib/ld-2.7.so)
> ==1188== by 0x4012A77: (within /lib/ld-2.7.so)
> ==1188== by 0x400E8C5: (within /lib/ld-2.7.so)
> ==1188== by 0x401233D: (within /lib/ld-2.7.so)
> ==1188== by 0x458ECC1: (within /lib/i686/cmov/libc-2.7.so)
> ==1188== by 0x400E8C5: (within /lib/ld-2.7.so)
> ==1188== by 0x458EE84: __libc_dlopen_mode (in /lib/i686/cmov/libc-
> 2.7.so)
> ==1188== by 0x4568BA6: __nss_lookup_function (in
> /lib/i686/cmov/libc-2.7.so)
> ==1188== by 0x453D21A: (within /lib/i686/cmov/libc-2.7.so)
> ==1188== by 0x453E4C7: getaddrinfo (in /lib/i686/cmov/libc-2.7.so)
> ==1188== by 0x8070F6C: curl_dogetaddrinfo (hostip6.c:123)
> ==1188==
> ==1188== Invalid read of size 4
> ==1188== at 0x4017117: (within /lib/ld-2.7.so)
> ==1188== by 0x40060F4: (within /lib/ld-2.7.so)
> ==1188== by 0x4008737: (within /lib/ld-2.7.so)
> ==1188== by 0x4012A77: (within /lib/ld-2.7.so)
> ==1188== by 0x400E8C5: (within /lib/ld-2.7.so)
> ==1188== by 0x401233D: (within /lib/ld-2.7.so)
> ==1188== by 0x458ECC1: (within /lib/i686/cmov/libc-2.7.so)
> ==1188== by 0x400E8C5: (within /lib/ld-2.7.so)
> ==1188== by 0x458EE84: __libc_dlopen_mode (in /lib/i686/cmov/libc-
> 2.7.so)
> ==1188== by 0x4568BA6: __nss_lookup_function (in
> /lib/i686/cmov/libc-2.7.so)
> ==1188== by 0x453D21A: (within /lib/i686/cmov/libc-2.7.so)
> ==1188== by 0x453E4C7: getaddrinfo (in /lib/i686/cmov/libc-2.7.so)
> ==1188== Address 0x4771d8c is 28 bytes inside a block of size 31 alloc'd
> ==1188== at 0x4024AB8: malloc (vg_replace_malloc.c:207)
> ==1188== by 0x4008D29: (within /lib/ld-2.7.so)
> ==1188== by 0x4012A77: (within /lib/ld-2.7.so)
> ==1188== by 0x400E8C5: (within /lib/ld-2.7.so)
> ==1188== by 0x401233D: (within /lib/ld-2.7.so)
> ==1188== by 0x458ECC1: (within /lib/i686/cmov/libc-2.7.so)
> ==1188== by 0x400E8C5: (within /lib/ld-2.7.so)
> ==1188== by 0x458EE84: __libc_dlopen_mode (in /lib/i686/cmov/libc-
> 2.7.so)
> ==1188== by 0x4568BA6: __nss_lookup_function (in
> /lib/i686/cmov/libc-2.7.so)
> ==1188== by 0x453D21A: (within /lib/i686/cmov/libc-2.7.so)
> ==1188== by 0x453E4C7: getaddrinfo (in /lib/i686/cmov/libc-2.7.so)
> ==1188== by 0x8070F6C: curl_dogetaddrinfo (hostip6.c:123)
> ==1188==
> ==1188== Invalid read of size 4
> ==1188== at 0x40170E9: (within /lib/ld-2.7.so)
> ==1188== by 0x40060F4: (within /lib/ld-2.7.so)
> ==1188== by 0x4008737: (within /lib/ld-2.7.so)
> ==1188== by 0x4012A77: (within /lib/ld-2.7.so)
> ==1188== by 0x400E8C5: (within /lib/ld-2.7.so)
> ==1188== by 0x401233D: (within /lib/ld-2.7.so)
> ==1188== by 0x458ECC1: (within /lib/i686/cmov/libc-2.7.so)
> ==1188== by 0x400E8C5: (within /lib/ld-2.7.so)
> ==1188== by 0x458EE84: __libc_dlopen_mode (in /lib/i686/cmov/libc-
> 2.7.so)
> ==1188== by 0x4568BA6: __nss_lookup_function (in
> /lib/i686/cmov/libc-2.7.so)
> ==1188== by 0x453D21A: (within /lib/i686/cmov/libc-2.7.so)
> ==1188== by 0x453E4C7: getaddrinfo (in /lib/i686/cmov/libc-2.7.so)
> ==1188== Address 0x4772984 is 20 bytes inside a block of size 23 alloc'd
> ==1188== at 0x4024AB8: malloc (vg_replace_malloc.c:207)
> ==1188== by 0x4008D29: (within /lib/ld-2.7.so)
> ==1188== by 0x4012A77: (within /lib/ld-2.7.so)
> ==1188== by 0x400E8C5: (within /lib/ld-2.7.so)
> ==1188== by 0x401233D: (within /lib/ld-2.7.so)
> ==1188== by 0x458ECC1: (within /lib/i686/cmov/libc-2.7.so)
> ==1188== by 0x400E8C5: (within /lib/ld-2.7.so)
> ==1188== by 0x458EE84: __libc_dlopen_mode (in /lib/i686/cmov/libc-
> 2.7.so)
> ==1188== by 0x4568BA6: __nss_lookup_function (in
> /lib/i686/cmov/libc-2.7.so)
> ==1188== by 0x453D21A: (within /lib/i686/cmov/libc-2.7.so)
> ==1188== by 0x453E4C7: getaddrinfo (in /lib/i686/cmov/libc-2.7.so)
> ==1188== by 0x8070F6C: curl_dogetaddrinfo (hostip6.c:123)
> ==1188==
> ==1188== ERROR SUMMARY: 4 errors from 3 contexts (suppressed: 97 from 1)
> ==1188== malloc/free: in use at exit: 288 bytes in 8 blocks.
> ==1188== malloc/free: 2,117 allocs, 2,109 frees, 78,432 bytes allocated.
> ==1188== For counts of detected errors, rerun with: -v
> ==1188== searching for pointers to 8 not-freed blocks.
> ==1188== checked 425,004 bytes.
> ==1188==
> ==1188== LEAK SUMMARY:
> ==1188== definitely lost: 0 bytes in 0 blocks.
> ==1188== possibly lost: 0 bytes in 0 blocks.
> ==1188== still reachable: 288 bytes in 8 blocks.
> ==1188== suppressed: 0 bytes in 0 blocks.
> ==1188== Rerun with --leak-check=full to see details of leaked memory.
>
> --
> Commercial curl and libcurl Technical Support: http://haxx.se/curl.html
>
Received on 2008-02-14