Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <AM5PR0802MB2611FE5A1F86224DEBDB03FA892A0@AM5PR0802MB2611.eurprd08.prod.outlook.com>
Date: Sun, 12 Nov 2017 21:46:49 +0000
From: Tobias Koch <tobias.koch@...terra.com>
To: "musl@...ts.openwall.com" <musl@...ts.openwall.com>
Subject: diffutils crash in malloc

Hi,

when I switched from musl 1.1.16 to 1.1.17 (and now 1.1.18) diff started to crash. The gdb backtrace shows, that this happens during memory allocation:

build@...tstrap(mipsel):~$ gdb /tools/bin/diff
...
Reading symbols from /tools/bin/diff...done.
(gdb) run a b
Starting program: /tools/bin/diff a b

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7d82bb7 in free (p=<optimized out>) at src/malloc/malloc.c:518
518             self->prev->next = self;
(gdb) bt
#0  0x00007ffff7d82bb7 in free (p=<optimized out>) at src/malloc/malloc.c:518
#1  0x00007ffff7d82ca5 in trim (self=self@...ry=0x63c010, n=<optimized out>) at src/malloc/malloc.c:317
#2  0x00007ffff7d82f2d in malloc (n=<optimized out>, n@...ry=4096) at src/malloc/malloc.c:364
#3  0x0000000000411809 in xmalloc (n=4096) at xmalloc.c:41
#4  0x0000000000408a78 in sip (current=0x7fffffffde30, skip_test=<optimized out>) at io.c:109
#5  0x0000000000408b6b in read_files (filevec=filevec@...ry=0x7fffffffde30, pretend_binary=<optimized out>) at io.c:783
#6  0x0000000000404363 in diff_2_files (cmp=cmp@...ry=0x7fffffffde30) at analyze.c:476
#7  0x0000000000406d10 in compare_files (parent=parent@...ry=0x0, name0=<optimized out>, name1=<optimized out>) at diff.c:1433
#8  0x0000000000403870 in main (argc=<optimized out>, argv=<optimized out>) at diff.c:798

Here a and b are empty files, but this happens with other input, as well. diffutils' xmalloc looks fairly inconspicuous to me:

void *
xmalloc (size_t n)
{
  void *p = malloc (n);
  if (!p && n != 0)
    xalloc_die ();
  return p;
}

I understand this may very well be a problem in diff and not musl. But this is the exact same version of diffutils included with Debian Stretch and running the same under Valgrind compiled against glibc shows no problems. My wisdom ends here. Any clues how I can get to the bottom of this?

Tobias

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.