On Sun, 11 Oct 2009, Peter Palfrader wrote: > On Sun, 11 Oct 2009, Sebastian Hahn wrote: > > > I'm not sure why the test programs referenced don't trigger the bug on Lenny > > for me, but when patching the Tor source to manually compare the last few > > bytes > > of a buffer before it is realloc'ed to afterwards exhibits the issue. > > It triggers for me on an 8-way amd64 system. Not always immediatly, but > still: > > | wea...@thelma:~/glibc$ for i in `seq 1 20`; do time ./a.out; done > | a.out: corruption.c:17: MyThread: Assertion `array[i] == i % 256' failed. > | zsh: abort ./a.out > | ./a.out 108.72s user 54.81s system 625% cpu 26.156 total
So, I rebuilt glibc on that box with the linked patch and that corruption.c test seems to no longer fail assertions. diff -u glibc-2.7/debian/changelog glibc-2.7/debian/changelog --- glibc-2.7/debian/changelog +++ glibc-2.7/debian/changelog @@ -1,3 +1,10 @@ +glibc (2.7-18aaa.weasel.2) unstable; urgency=low + + * Non-maintainer upload. + * Add 486bdb886330a250af76cbb12af55d2c67ec0981. + + -- Peter Palfrader <wea...@came.sbg.ac.at> Sun, 11 Oct 2009 19:50:05 +0200 + glibc (2.7-18) unstable; urgency=low * patches/localedata/mt_MT_euro.diff, patches/localedata/el_CY_euro.diff: diff -u glibc-2.7/debian/patches/series glibc-2.7/debian/patches/series --- glibc-2.7/debian/patches/series +++ glibc-2.7/debian/patches/series @@ -233,0 +234,2 @@ + +any/486bdb886330a250af76cbb12af55d2c67ec0981.diff -p1 only in patch2: unchanged: --- glibc-2.7.orig/debian/patches/any/486bdb886330a250af76cbb12af55d2c67ec0981.diff +++ glibc-2.7/debian/patches/any/486bdb886330a250af76cbb12af55d2c67ec0981.diff @@ -0,0 +1,22 @@ +2008-11-02 Ulrich Drepper <drep...@redhat.com> + + * malloc/malloc.c (public_rEALLOc): When new arena is used, copy + really all bytes. Patch by Denys Vlasenko <dvlas...@redhat.com>. + +http://repo.or.cz/w/glibc.git?a=commitdiff_plain;h=486bdb886330a250af76cbb12af55d2c67ec0981 + +Only the malloc/mallo.c hunk - the sunrpc/rpc_main.c is already included. + +diff --git a/malloc/malloc.c b/malloc/malloc.c +index feca2cb..d6102a4 100644 +--- a/malloc/malloc.c ++++ b/malloc/malloc.c +@@ -3717,7 +3717,7 @@ public_rEALLOc(Void_t* oldmem, size_t bytes) + newp = public_mALLOc(bytes); + if (newp != NULL) + { +- MALLOC_COPY (newp, oldmem, oldsize - 2 * SIZE_SZ); ++ MALLOC_COPY (newp, oldmem, oldsize - SIZE_SZ); + #if THREAD_STATS + if(!mutex_trylock(&ar_ptr->mutex)) + ++(ar_ptr->stat_lock_direct); [the interdiff also lists a couple of debian/control.in/* files] -- | .''`. ** Debian GNU/Linux ** Peter Palfrader | : :' : The universal http://www.palfrader.org/ | `. `' Operating System | `- http://www.debian.org/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
