Your message dated Wed, 20 Feb 2008 06:59:47 +0100
with message-id <[EMAIL PROTECTED]>
and subject line Re: Bug#457337: libc6: mremap() returns invalid address
has caused the Debian Bug report #457337,
regarding libc6: mremap() returns invalid address
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
457337: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457337
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: libc6
Version: 2.7-4
Severity: normal
Here's a gdb transcript of a part of dlmalloc that is called from some
of my code. Observe how cp, the address returned by mremap, is invalid,
and the code segfaults on the first access to that pointer.
8< ----------------------------------------------------------------------------
Breakpoint 1, mmap_resize (m=0x2b6a5b236010, oldp=0x2b6a5bdb4000,
nb=406784) at src/gklib/dlmalloc.c:2358
2358 if (cp != CMFAIL) {
(gdb) l
2353 size_t offset = oldp->prev_foot & ~IS_MMAPPED_BIT;
2354 size_t oldmmsize = oldsize + offset + MMAP_FOOT_PAD;
2355 size_t newmmsize = mmap_align(nb + SIX_SIZE_T_SIZES +
CHUNK_ALIGN_MASK);
2356 char* cp = (char*)CALL_MREMAP((char*)oldp - offset,
2357 oldmmsize, newmmsize, 1);
2358 if (cp != CMFAIL) {
2359 mchunkptr newp = (mchunkptr)(cp + offset);
2360 size_t psize = newmmsize - offset - MMAP_FOOT_PAD;
2361 newp->head = (psize|CINUSE_BIT);
2362 mark_inuse_foot(m, newp, psize);
(gdb) p cp
$3 = 0x5bdb4000 <Address 0x5bdb4000 out of bounds>
(gdb) n
2359 mchunkptr newp = (mchunkptr)(cp + offset);
(gdb)
2360 size_t psize = newmmsize - offset - MMAP_FOOT_PAD;
(gdb)
2361 newp->head = (psize|CINUSE_BIT);
(gdb)
Program received signal SIGSEGV, Segmentation fault.
0x00002b6a5a88849d in mmap_resize (m=0x2b6a5b236010,
oldp=0x2b6a5bdb4000, nb=406784) at src/gklib/dlmalloc.c:2361
2361 newp->head = (psize|CINUSE_BIT);
(gdb) p oldp
$4 = (mchunkptr) 0x2b6a5bdb4000
(gdb) p offset
$5 = 0
(gdb)
8< ----------------------------------------------------------------------------
If you were wondering, CALL_MREMAP is just
8< ----------------------------------------------------------------------------
#define CALL_MREMAP(addr, osz, nsz, mv) ((void)(addr),(void)(osz), \
(void)(nsz), (void)(mv),MFAIL)
8< ----------------------------------------------------------------------------
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.23 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages libc6 depends on:
ii libgcc1 1:4.2.2-4 GCC support library
libc6 recommends no packages.
-- debconf information:
glibc/restart-failed:
glibc/restart-services:
--- End Message ---
--- Begin Message ---
Andreas Klöckner a écrit :
> On Dienstag 19 Februar 2008, Aurelien Jarno wrote:
>> ping ?
>
> Sorry, I don't have time to track this issue down any further. I figured out
> a
> way to not have dlmalloc call mremap, and that settles the issue for me. :-/
> (#define HAVE_MREMAP 0)
>
> Feel free to close this bug.
>
Doing that with this mail.
--
.''`. Aurelien Jarno | GPG: 1024D/F1BCDB73
: :' : Debian developer | Electrical Engineer
`. `' [EMAIL PROTECTED] | [EMAIL PROTECTED]
`- people.debian.org/~aurel32 | www.aurel32.net
--- End Message ---