Out of the blue after 5.9 upgrade I've started getting chromium reporting
use-after-free. I do not seem to be the only person with this problem
http://www.bsdforen.de/threads/chromium-st%C3%BCrzt-mit-dem-fehler-chrome-in-free-ab.32523/
I suspect both of us have some bizarre left over state on our systems.
Still, if somebody knows what that state might be, I'm curious.
% uname -a
OpenBSD mymachine 5.9 GENERIC#1761 amd64
% gdb /usr/local/chrome/chrome
...
(gdb) r
Starting program: /usr/local/chrome/chrome
Program received signal SIGCONT, Continued.
[Switching to thread 1022778]
__tfork_thread () at /usr/src/lib/libc/arch/amd64/sys/tfork_thread.S:75
75 call *%r8
Current language: auto; currently asm
(gdb) c
Continuing.
chrome(2215) in free(): error: use after free 0x888158178c0
Program received signal SIGABRT, Aborted.
[Switching to thread 1003708]
0x00000888034b887a in thrkill () at <stdin>:2
2 <stdin>: No such file or directory.
in <stdin>
(gdb) where
#0 0x00000888034b887a in thrkill () at <stdin>:2
#1 0x00000888034b3f39 in *_libc_abort () at
/usr/src/lib/libc/stdlib/abort.c:52
#2 0x0000088803496279 in wrterror (msg=0x888035bf378 "use after free",
p=0x888158178c0) at /usr/src/lib/libc/stdlib/malloc.c:283
#3 0x000008880349784c in ofree (p=0x888158178c0) at
/usr/src/lib/libc/stdlib/malloc.c:1235
#4 0x00000888034978ee in free (ptr=0x887ce8c9940) at
/usr/src/lib/libc/stdlib/malloc.c:1340
#5 0x0000088810167f82 in SECMOD_LoadModule () from
/usr/local/lib/libnss3.so.39.0
#6 0x00000888101680d5 in SECMOD_LoadModule () from
/usr/local/lib/libnss3.so.39.0
#7 0x0000088810134024 in nss_Init () from /usr/local/lib/libnss3.so.39.0
#8 0x00000888101349eb in NSS_InitReadWrite () from
/usr/local/lib/libnss3.so.39.0
#9 0x0000088574644112 in std::vector<unsigned char,
std::allocator<unsigned char> >::_M_fill_assign () from
/usr/local/chrome/chrome
#10 0x00000885748e9744 in std::_Rb_tree<int, int, std::_Identity<int>,
std::less<int>, std::allocator<int> >::count () from
/usr/local/chrome/chrome
#11 0x00000885749de4c3 in
_ZNSt6vectorIxSaIxEE19_M_emplace_back_auxIJxEEEvDpOT_ () from
/usr/local/chrome/chrome
#12 0x0000088574a93b7f in std::vector<__gnu_cxx::_Hashtable_node<unsigned
long long>*, std::allocator<__gnu_cxx::_Hashtable_node<unsigned long
long>*> >::_M_fill_insert ()
from /usr/local/chrome/chrome
#13 0x0000088574960dc5 in
_ZNSt6vectorISt4pairISsSsESaIS1_EE19_M_emplace_back_auxIJRKS1_EEEvDpOT_ ()
from /usr/local/chrome/chrome
#14 0x000008857496d64c in std::vector<unsigned long,
std::allocator<unsigned long> >::operator= () from /usr/local/chrome/chrome
#15 0x0000088574237446 in std::_Rb_tree<std::string, std::string,
std::_Identity<std::string>, std::less<std::string>,
std::allocator<std::string> >::_M_copy ()
from /usr/local/chrome/chrome
#16 0x0000088576efd817 in std::_Rb_tree<long long, long long,
std::_Identity<long long>, std::less<long long>, std::allocator<long long>
>::erase () from /usr/local/chrome/chrome
#17 0x000008857712b1ba in std::_Rb_tree<std::string, std::pair<std::string
const, std::set<int, std::less<int>, std::allocator<int> > >,
std::_Select1st<std::pair<std::string const, std::set<int, std::less<int>,
std::allocator<int> > > >, std::less<std::string>,
std::allocator<std::pair<std::string const, std::set<int, std::less<int>,
std::allocator<int> > > > >::_M_erase ()
from /usr/local/chrome/chrome
#18 0x00000885745f0d5a in std::_Rb_tree<std::string, std::pair<std::string
const, int>, std::_Select1st<std::pair<std::string const, int> >,
std::less<std::string>, std::allocator<std::pair<std::string const, int> >
>::_M_insert_<std::pair<std::string, int> > () from /usr/local/chrome/chrome
#19 0x00000885745eba25 in std::string::_M_replace_dispatch<wchar_t const*>
() from /usr/local/chrome/chrome
#20 0x000008885b19080e in _rthread_start (v=Variable "v" is not available.
) at /usr/src/lib/librthread/rthread.c:145
#21 0x000008880344052b in __tfork_thread () at
/usr/src/lib/libc/arch/amd64/sys/tfork_thread.S:75
#22 0x0000000000000000 in ?? ()
% pkg_info chromium
Information for inst:chromium-48.0.2564.116
...
Thanks
Greg
--
nest.cx is Gmail hosted, use PGP for anything private. Key:
http://goo.gl/6dMsr
Fingerprint: 5E2B 2D0E 1E03 2046 BEC3 4D50 0B15 42BD 8DF5 A1B0
