block 418749 by 41897 block 417835 by 41897 thanks On Thu, Apr 12, 2007 at 07:07:28AM +0200, Philipp Kolmann wrote: > On Thu, Apr 12, 2007 at 11:50:02AM +0900, Simon Horman wrote: > > On Wed, Apr 11, 2007 at 09:54:21PM +0200, Philipp Kolmann wrote: > > > Hi Simon, > > > > > > since this issue doesn't let me sleep ;-) I dug a bit more into it and it > > > seems that it's only problematic on amd64 architecture. > > > > > > Can you verify this? > > > > Ok, that would explain why I can't reproduce it on my i386 machine :) > > Its actually a little tricky for me to get access to an amd64 box. > > But perhaps you will have some luck if you recompile both heartbeat > > and libnet with debug. > > > > DEB_BUILD_OPTIONS=nostrip,debug dpkg-buildpackage -us -uc -rfakeroot > > Just rebuilt libnet1 with debugging and HB-2 for the moment. > I have set up all Variables to suite the program. > > (gdb) run start > Starting program: /usr/lib/ocf/resource.d/heartbeat/IPv6addr start > [Thread debugging using libthread_db enabled] > [New Thread 47516858579680 (LWP 22349)] > *** glibc detected *** free(): invalid next size (fast): 0x0000000000504340 > *** > > Program received signal SIGABRT, Aborted. > [Switching to Thread 47516858579680 (LWP 22349)] > 0x00002b3760ee107b in raise () from /lib/libc.so.6 > (gdb) bt > #0 0x00002b3760ee107b in raise () from /lib/libc.so.6 > #1 0x00002b3760ee284e in abort () from /lib/libc.so.6 > #2 0x00002b3760f17629 in __fsetlocking () from /lib/libc.so.6 > #3 0x00002b3760f1e193 in mallopt () from /lib/libc.so.6 > #4 0x00002b3760f1e21e in free () from /lib/libc.so.6 > #5 0x00002b37607a9b26 in libnet_write (l=0x5040a0) at libnet_write.c:122 > #6 0x0000000000401ccf in send_ua (src_ip=0x7fff4a655df0, if_name=<value > optimized out>) at IPv6addr.c:418 > #7 0x00000000004027a6 in main (argc=<value optimized out>, argv=<value > optimized out>) at IPv6addr.c:310 > > Would it help, if I provide you with access to a amd64 machine?
Hi Philipp, thanks a lot for setting me up with access to your machine. As I discussed privately with you the problem appears to be a buffer overrun inside libnet's libnet_pblock_coalesce(). I have reported this problem along with a possible fix as #418975. -- Horms H: http://www.vergenet.net/~horms/ W: http://www.valinux.co.jp/en/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
