Bug#279722: libc6: application sometimes crashes, valgrind shows error in gconv_db.c

2005-02-17 Thread Bill Allombert 
On Thu, Feb 03, 2005 at 05:36:44PM +0100, Loïc Minier wrote:
> Hi,
> 
>  This is a followup for Debian bug .
> 
>  I already tried in the past to build glibc on my system, and this was
>  too long a task for my laptop, could someone try swapping the free
>  after the __gconv_close_transform() or hand me a build if he can't
>  reproduce the bug?

Well I tried the following patch, but that did not fix the bug.
(Though I have to use ls --help for reproducing the bug).

Thanks for investigating this irritating issue!
-- 
Bill. <[EMAIL PROTECTED]>

Imagine a large red swirl here. 

--- build-tree/glibc-2.3.2/iconv/gconv_close.c.old  2005-02-15 
13:24:35.0 +0100
+++ build-tree/glibc-2.3.2/iconv/gconv_close.c  2005-02-15 14:33:08.0 
+0100
@@ -30,6 +30,7 @@
   struct __gconv_step *srunp;
   struct __gconv_step_data *drunp;
   size_t nsteps;
+  int ret;

   /* Free all resources by calling destructor functions and release
  the implementations.  */
@@ -57,9 +58,10 @@
 }
   while (!((drunp++)->__flags & __GCONV_IS_LAST));

+  /* Close the participating modules.  */
+  ret = __gconv_close_transform (srunp, nsteps);
+
   /* Free the data allocated for the descriptor.  */
   free (cd);
-
-  /* Close the participating modules.  */
-  return __gconv_close_transform (srunp, nsteps);
+  return ret;
 }




-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#279722: libc6: application sometimes crashes, valgrind shows error in gconv_db.c

2005-02-17 Thread Loïc Minier 
Hi,

On Thu, Feb 17, 2005, Bill Allombert wrote:
> Well I tried the following patch, but that did not fix the bug.
> (Though I have to use ls --help for reproducing the bug).

 Sadly, I'm out of ideas here, clearly some data is freed and used again
 afterwards (to clean allocated data in a substructure mostly), but that
 probably happens at a higher level, and I'm kind of lost in higher
 level functions.  :-/

   Thanks for trying swapping the free (I really can't build glibc on my
 laptop)!

-- 
Loïc Minier <[EMAIL PROTECTED]>
"Neutral President: I have no strong feelings one way or the other."

Bug#279722: libc6: application sometimes crashes, valgrind shows error in gconv_db.c

2005-02-03 Thread Loïc Minier 
Hi,

 This is a followup for Debian bug .

wim delvaux <[EMAIL PROTECTED]> - Thu, Nov 04, 2004:

> Valgrind shows the following backtrace ...
> ==7105== Invalid read of size 4
> ==7105==at 0x1C22857E: __gconv_release_step (gconv_db.c:198)
> ==7105==by 0x1C22914C: __gconv_close_transform (gconv_db.c:751)

 I can get that one fairly easily with:
% valgrind --db-attach=yes ls -l

 (% locale [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
 [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
 [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
 [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
 [EMAIL PROTECTED] LC_ALL=)

 I get the same bt, I installed the -dbg version of glibc and debuilded
 a part of the source (to get the patches applied):

(gdb) bt
#0  0x1b94e58f in __gconv_release_step (step=0x1bae2ccc) at gconv_db.c:198
#1  0x1b94f14d in __gconv_close_transform (steps=0x1bae2c90, nsteps=2)
at gconv_db.c:751
#2  0x1b94e256 in __gconv_close (cd=0x1bae3868) at gconv_close.c:64
#3  0x1b95c54d in _nl_free_domain_conv (domain=0x1baba698) at loadmsgcat.c:873
#4  0x1b95d0b4 in _nl_unload_domain (domain=0x1baba698) at loadmsgcat.c:1289
#5  0x1ba42afd in free_mem () at finddomain.c:179
#6  0x1ba42c45 in *__GI___libc_freeres () at set-freeres.c:49
#7  0x1b8fec51 in _vgw__freeres () at vg_intercept.c:117
#8  0x1b962b18 in *__GI_exit (status=0) at exit.c:82

 I think the problem is in iconv/gconv_close.c, in __gconv_close() at
 the very end of the file:
  while (!((drunp++)->__flags & __GCONV_IS_LAST));

  /* Free the data allocated for the descriptor.  */
  free (cd);

  /* Close the participating modules.  */
  return __gconv_close_transform (srunp, nsteps);

 I think "srunp" uses a reference in "cd".

 I already tried in the past to build glibc on my system, and this was
 too long a task for my laptop, could someone try swapping the free
 after the __gconv_close_transform() or hand me a build if he can't
 reproduce the bug?

   Thanks,

-- 
Loïc Minier <[EMAIL PROTECTED]>
"Neutral President: I have no strong feelings one way or the other."