Bug#911946: Bug #911946: rc-status: double free or corruption (!prev)

Fri, 26 Oct 2018 13:22:00 -0700 

Hello Mo Zhou,
I just tried to reproduce the issue and thats my findings:

...
corrupted double-linked list

Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
51      ../sysdeps/unix/sysv/linux/raise.c: Datei oder Verzeichnis nicht 
gefunden.
(gdb) bt
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1  0x00007ffff7bb42f1 in __GI_abort () at abort.c:79
#2  0x00007ffff7bf5867 in __libc_message (action=action@entry=do_abort, 
fmt=fmt@entry=0x7ffff7cff273 "%s\n") at ../sysdeps/posix/libc_fatal.c:181
#3  0x00007ffff7bfbe0a in malloc_printerr (str=str@entry=0x7ffff7cfd3d6 
"corrupted double-linked list") at malloc.c:5350
#4  0x00007ffff7bfc024 in malloc_consolidate (av=av@entry=0x7ffff7d34c40 
<main_arena>) at malloc.c:4456
#5  0x00007ffff7bfedad in _int_malloc (av=av@entry=0x7ffff7d34c40 <main_arena>, 
bytes=bytes@entry=32816) at malloc.c:3703
#6  0x00007ffff7c0064c in __GI___libc_malloc (bytes=32816) at malloc.c:3057
#7  0x00007ffff7c3d743 in __alloc_dir (fd=3, close_fd=<optimized out>, 
flags=<optimized out>, statp=<optimized out>) at ../sysdeps/posix/opendir.c:216
#8  0x00007ffff7c3d85d in opendir_tail (fd=3) at ../sysdeps/posix/opendir.c:136
#9  0x00007ffff7c3d910 in __opendir (name=name@entry=0x7fffffffdba0 
"/run/openrc/hotplugged") at ../sysdeps/posix/opendir.c:190
#10 0x00007ffff7d62aa9 in ls_dir (dir=dir@entry=0x7fffffffdba0 
"/run/openrc/hotplugged", options=options@entry=1) at librc.c:71
#11 0x00007ffff7d6497d in __RC_rc_services_in_state (state=<optimized out>) at 
librc.c:1006
#12 0x0000555555557b8b in main (argc=<optimized out>, argv=<optimized out>) at 
rc-status.c:353


Running with valgrind starts with this message
that seems to be already the problem:

==2542== Conditional jump or move depends on uninitialised value(s)
==2542==    at 0x10C416: print_service (rc-status.c:160)
==2542==    by 0x10C6FB: print_services (rc-status.c:215)
==2542==    by 0x10BAAB: main (rc-status.c:342)
==2542== 


rc-status.c:
159                             uptime = get_uptime(service);
160                             if (uptime) {


In the end we see here upstream pull request [1]
that got applied in commit [2].


A local built package that initilizes the variable upstream
does not crash and shows no problem again with valgrind.

That commit would be already included in upstream release 0.39.

Kind regards,
Bernhard


[1] https://github.com/OpenRC/openrc/pull/231
[2] 
https://gitweb.gentoo.org/proj/openrc.git/commit/src/rc/rc-status.c?id=79648ac1c6355975abca6acf6076e7022037523f

Reply via email to