Date: Fri, 27 Dec 2013 17:13:45 -0500 From: Rich Felker <dalias@...ifal.cx> To: musl@...ts.openwall.com Subject: Re: Re: NULL deref SEGV in malloc.c:unbin() On Fri, Dec 27, 2013 at 07:44:23PM +0000, David Wuertele wrote: > Rich Felker <dalias <at> aerifal.cx> writes: > > On Fri, Dec 27, 2013 at 06:35:00PM +0000, David Wuertele wrote: > > > I wonder if anyone has hit this before? In unbin(), c->next->prev is set, > > > but c->next is NULL. It happens repeatedly, and here's what gdb says: > > > > It's almost surely a case of memory corruption by the calling program, > > most likely using memory after it's already been freed. > > Hmm, my program calls malloc() once and never calls free(). And this crash happens on the very first call to malloc? Or did you mean it only called it once successfully? > Oh, I guess it does call free indirectly when it uses closedir() and fclose(). > I will try to use gdb/watch to catch someone red-handed. It's also possible you write past the end of the buffer obtained by malloc. Rich
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.