Your message dated Thu, 02 Jan 2014 17:18:42 +0000 with message-id <[email protected]> and subject line Bug#724253: fixed in ltrace 0.7.3-1 has caused the Debian Bug report #724253, regarding "free(): invalid pointer" crash when using %p in printf to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 724253: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=724253 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: ltrace Version: 0.7.3 When trying to ltrace a process that prints a mmap()ed address, the ltrace program dies, thereby taking the ltraced process down with a SIGILL signal. The output just before crashing does not look correct either: printf("%p\n", 0x7ffff7ffa0000x7ffff7ffa000 I observe that this behavior only occurs when $sysconfdir/ltrace.conf (e.g.: /etc/ltrace.conf) exists. Renaming this file and the crash is gone. I compared the output of `-D 77` but I could not find any differences, except: - process ID (substituted by (PID) below) and some addresses. - lines related to reading the config file (before the do_close_elf debugging line, before the same line of text shared by the "working" ltrace and the "crashing" ltrace). - The "crashing" ltrace stops after printing the following: ... DEBUG: events.c:144: next_event() DEBUG: events.c:201: event from pid (PID) DEBUG: events.c:335: event: BREAKPOINT: pid=(PID), addr=0x4005ee DEBUG: handle_event.c:90: handle_event(pid=(PID), type=11) DEBUG: handle_event.c:178: [(PID)] event: breakpoint 0x4005ee DEBUG: handle_event.c:600: handle_breakpoint(pid=(PID), addr=0x4005ee) DEBUG: handle_event.c:601: event: breakpoint (0x4005ee) <... printf resumed> ) = 25 DEBUG: handle_event.c:742: callstack_pop(pid=(PID)) DEBUG: breakpoints.c:248: delete_breakpoint(pid=(PID), addr=0x4005ee) DEBUG: dict.c:160: dict_find_entry() DEBUG: breakpoint.c:133: disable_breakpoint: pid=(PID), addr=0x4005ee, symbol=(null) DEBUG: breakpoint.c:99: arch_disable_breakpoint: pid=(PID), addr=0x4005ee, symbol=(null) DEBUG: proc.c:941: proc_remove_breakpoint(pid=(PID), (null)@0x4005ee) DEBUG: dict.c:132: dict_remove(0x4005ee) A test program can be found below, the gdb backtrace follows. /* gcc lmap.c -o lmap */ #include <stdio.h> #include <unistd.h> #include <fcntl.h> #include <sys/mman.h> int main() { int fd; char *addr; fd = open("/dev/zero", O_RDONLY); addr = mmap(NULL, 1024, PROT_READ, MAP_SHARED, fd, 0); printf("%p\n", addr); return 0; } $ gdb -ex r -ex bt -ex q --args ltrace ./lmap GNU gdb (GDB) 7.6.1 Copyright (C) 2013 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-unknown-linux-gnu". For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>... Reading symbols from /tmp/ltrace/ltrace-0.7.3/ltrace...done. Starting program: /tmp/ltrace/ltrace ./lmap warning: Could not load shared library symbols for linux-vdso.so.1. Do you need "set solib-search-path" or "set sysroot"? __libc_start_main(0x400590, 1, 0x7fffffffe508, 0x400600 <unfinished ...> open("/dev/zero", 0, 037777762430) = 7 mmap(0, 1024, 1, 1) = 0x7ffff7ffa000 printf("%p\n", 0x7ffff7ffa0000x7ffff7ffa000 ) = 15 *** Error in `/tmp/ltrace/ltrace': free(): invalid pointer: 0x0000000000643ba0 *** ======= Backtrace: ========= /usr/lib/libc.so.6(+0x72ecf)[0x7ffff758becf] /usr/lib/libc.so.6(+0x7869e)[0x7ffff759169e] /usr/lib/libc.so.6(+0x79377)[0x7ffff7592377] /tmp/ltrace/ltrace[0x40be6a] /tmp/ltrace/ltrace[0x40beda] /tmp/ltrace/ltrace[0x40c6f3] /tmp/ltrace/ltrace[0x40c7c6] /tmp/ltrace/ltrace[0x40d4b1] /tmp/ltrace/ltrace[0x40eab8] /tmp/ltrace/ltrace[0x40da1b] /tmp/ltrace/ltrace[0x41e28e] /tmp/ltrace/ltrace[0x41dc8d] /tmp/ltrace/ltrace[0x41cb31] /tmp/ltrace/ltrace[0x40379c] /tmp/ltrace/ltrace[0x403175] /usr/lib/libc.so.6(__libc_start_main+0xf5)[0x7ffff753abc5] /tmp/ltrace/ltrace[0x403089] ======= Memory map: ======== 00400000-0043f000 r-xp 00000000 00:1d 5346196 /tmp/ltrace/ltrace-0.7.3/ltrace 0063f000-00643000 rw-p 0003f000 00:1d 5346196 /tmp/ltrace/ltrace-0.7.3/ltrace 00643000-006a7000 rw-p 00000000 00:00 0 [heap] 7ffff7000000-7ffff7015000 r-xp 00000000 fe:00 1057764 /usr/lib/libgcc_s.so.1 7ffff7015000-7ffff7215000 ---p 00015000 fe:00 1057764 /usr/lib/libgcc_s.so.1 7ffff7215000-7ffff7216000 rw-p 00015000 fe:00 1057764 /usr/lib/libgcc_s.so.1 7ffff7216000-7ffff7318000 r-xp 00000000 fe:00 1072116 /usr/lib/libm-2.18.so 7ffff7318000-7ffff7517000 ---p 00102000 fe:00 1072116 /usr/lib/libm-2.18.so 7ffff7517000-7ffff7518000 r--p 00101000 fe:00 1072116 /usr/lib/libm-2.18.so 7ffff7518000-7ffff7519000 rw-p 00102000 fe:00 1072116 /usr/lib/libm-2.18.so 7ffff7519000-7ffff76bb000 r-xp 00000000 fe:00 1072117 /usr/lib/libc-2.18.so 7ffff76bb000-7ffff78ba000 ---p 001a2000 fe:00 1072117 /usr/lib/libc-2.18.so 7ffff78ba000-7ffff78be000 r--p 001a1000 fe:00 1072117 /usr/lib/libc-2.18.so 7ffff78be000-7ffff78c0000 rw-p 001a5000 fe:00 1072117 /usr/lib/libc-2.18.so 7ffff78c0000-7ffff78c4000 rw-p 00000000 00:00 0 7ffff78c4000-7ffff78d8000 r-xp 00000000 fe:00 1066817 /usr/lib/libelf-0.155.so 7ffff78d8000-7ffff7ad7000 ---p 00014000 fe:00 1066817 /usr/lib/libelf-0.155.so 7ffff7ad7000-7ffff7ad8000 r--p 00013000 fe:00 1066817 /usr/lib/libelf-0.155.so 7ffff7ad8000-7ffff7ad9000 rw-p 00014000 fe:00 1066817 /usr/lib/libelf-0.155.so 7ffff7ad9000-7ffff7bbf000 r-xp 00000000 fe:00 1056929 /usr/lib/libstdc++.so.6.0.18 7ffff7bbf000-7ffff7dbe000 ---p 000e6000 fe:00 1056929 /usr/lib/libstdc++.so.6.0.18 7ffff7dbe000-7ffff7dc6000 r--p 000e5000 fe:00 1056929 /usr/lib/libstdc++.so.6.0.18 7ffff7dc6000-7ffff7dc8000 rw-p 000ed000 fe:00 1056929 /usr/lib/libstdc++.so.6.0.18 7ffff7dc8000-7ffff7ddd000 rw-p 00000000 00:00 0 7ffff7ddd000-7ffff7dfd000 r-xp 00000000 fe:00 1057744 /usr/lib/ld-2.18.so 7ffff7fbd000-7ffff7fc3000 rw-p 00000000 00:00 0 7ffff7ffa000-7ffff7ffb000 rw-p 00000000 00:00 0 7ffff7ffb000-7ffff7ffc000 r-xp 00000000 00:00 0 [vdso] 7ffff7ffc000-7ffff7ffd000 r--p 0001f000 fe:00 1057744 /usr/lib/ld-2.18.so 7ffff7ffd000-7ffff7ffe000 rw-p 00020000 fe:00 1057744 /usr/lib/ld-2.18.so 7ffff7ffe000-7ffff7fff000 rw-p 00000000 00:00 0 7ffffffde000-7ffffffff000 rw-p 00000000 00:00 0 [stack] ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall] Program received signal SIGABRT, Aborted. 0x00007ffff754e3d9 in raise () from /usr/lib/libc.so.6 #0 0x00007ffff754e3d9 in raise () from /usr/lib/libc.so.6 #1 0x00007ffff754f7d8 in abort () from /usr/lib/libc.so.6 #2 0x00007ffff758bed4 in __libc_message () from /usr/lib/libc.so.6 #3 0x00007ffff759169e in malloc_printerr () from /usr/lib/libc.so.6 #4 0x00007ffff7592377 in _int_free () from /usr/lib/libc.so.6 #5 0x000000000040be6a in type_pointer_destroy (info=0x693790) at type.c:214 #6 0x000000000040beda in type_destroy (info=0x693790) at type.c:234 #7 0x000000000040c6f3 in value_set_type (value=0x6930a0, type=0x0, own_type=0) at value.c:64 #8 0x000000000040c7c6 in value_destroy (val=0x6930a0) at value.c:97 #9 0x000000000040d4b1 in value_dtor (val=0x6930a0, data=0x0) at value_dict.c:51 #10 0x000000000040eab8 in vect_destroy (vec=0x693020, dtor=0x40d495 <value_dtor>, data=0x0) at vect.c:147 #11 0x000000000040da1b in val_dict_destroy (dict=0x693020) at value_dict.c:146 #12 0x000000000041e28e in callstack_pop (proc=0x68ef50) at handle_event.c:751 #13 0x000000000041dc8d in handle_breakpoint (event=0x643c40 <event>) at handle_event.c:620 #14 0x000000000041cb31 in handle_event (event=0x643c40 <event>) at handle_event.c:179 #15 0x000000000040379c in ltrace_main () at libltrace.c:193 #16 0x0000000000403175 in main (argc=2, argv=0x7fffffffe4d8) at main.c:55 A debugging session is active. Inferior 1 [process 32736] will be killed. Quit anyway? (y or n) y Distribution: Arch Linux x86_64 Kernel: 3.11-rc7
--- End Message ---
--- Begin Message ---Source: ltrace Source-Version: 0.7.3-1 We believe that the bug you reported is fixed in the latest version of ltrace, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Juan Cespedes <[email protected]> (supplier of updated ltrace package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Thu, 02 Jan 2014 18:00:05 +0100 Source: ltrace Binary: ltrace Architecture: source amd64 Version: 0.7.3-1 Distribution: unstable Urgency: low Maintainer: Juan Cespedes <[email protected]> Changed-By: Juan Cespedes <[email protected]> Description: ltrace - Tracks runtime library calls in dynamically linked programs Closes: 282068 457696 537781 548400 591412 593639 614018 645615 675607 678721 724253 Changes: ltrace (0.7.3-1) unstable; urgency=low . * New upstream release (closes: #675607), including: + support dlopen()'d libraries (closes: #537781) + support PIE binaries (closes: #614018) + fix -T option (closes: #548400) + use $HOST_CPU instead of $(uname -m) (closes: #457696) + don't hardcode gcc or assume -liberty and -lsupc++ exist (closes: #593639) + support threaded programs (closes: #282068, #591412) * Fix "free(): invalid pointer" crash (closes: #724253) * Fix FTBFS on alpha (closes: #678721) # Added "s390x" to the list of supported archs (closes: #645615) * Fixed dpkg-shlibdeps warning: don't link against libstdc++ or libsupc++ if we have libiberty * Switch to 3.0 (quilt) source format * Standards-Version: 3.9.5 * Lintian clean Checksums-Sha1: 311d73720c50ec5c649865179975f42523f57d9b 1192 ltrace_0.7.3-1.dsc 8df2acc8bc135a229917de6ef814f416d38124ca 482658 ltrace_0.7.3.orig.tar.bz2 5def0514a0a43bdeee571876e3fb31048c0d667a 10712 ltrace_0.7.3-1.debian.tar.gz 581dd9208b22118d8b7c727c1b5ab66ee4dd7fec 149992 ltrace_0.7.3-1_amd64.deb Checksums-Sha256: fcac1519b710d91af3e1d66f4b28a65099f145d1a667a5101615016d31d9a795 1192 ltrace_0.7.3-1.dsc 0e6f8c077471b544c06def7192d983861ad2f8688dd5504beae62f0c5f5b9503 482658 ltrace_0.7.3.orig.tar.bz2 9997f76540f3982300c211af4880cba1e5078aa41b7b334c28a67cddee61369e 10712 ltrace_0.7.3-1.debian.tar.gz 921d6ddabdb53392c5b8f5b8eab5cd958b28ebcd9ac0ba974bb5b17d00997a76 149992 ltrace_0.7.3-1_amd64.deb Files: d37e77cf90ffcb647199b0879357b301 1192 utils optional ltrace_0.7.3-1.dsc b3dd199af8f18637f7d4ef97fdfb9d14 482658 utils optional ltrace_0.7.3.orig.tar.bz2 7334bfdd01259b48c4a0d550c01fca08 10712 utils optional ltrace_0.7.3-1.debian.tar.gz e6c210beb309fd16a24f46552a07eaad 149992 utils optional ltrace_0.7.3-1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlLFm0sACgkQepWluYh4RwMWzwCgwaJh91DaAujC/KiOUonQMLva 3cQAoOOKB27myuQAq0En5JBr9u/WFKjR =IOEL -----END PGP SIGNATURE-----
--- End Message ---

