[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <loom.20131227T193125-746@post.gmane.org>
Date: Fri, 27 Dec 2013 18:35:00 +0000 (UTC)
From: David Wuertele <dave+gmane@...rtele.com>
To: musl@...ts.openwall.com
Subject: NULL deref SEGV in malloc.c:unbin()
I wonder if anyone has hit this before? In unbin(), c->next->prev is set, but
c->next is NULL. It happens repeatedly, and here's what gdb says:
(gdb) b fopen
Breakpoint 9 at 0x90f78: file src/stdio/fopen.c, line 13.
(gdb) c
Continuing.
Breakpoint 9, fopen (filename=0xaabe4 "/etc/hosts", mode=0xaabf0 "r")
at src/stdio/fopen.c:13
13 src/stdio/fopen.c: No such file or directory.
in src/stdio/fopen.c
(gdb) b unbin
Breakpoint 10 at 0x8bc44: file src/malloc/malloc.c, line 239.
(gdb) c
Continuing.
Breakpoint 10, unbin (c=0x21408b8, i=40) at src/malloc/malloc.c:239
239 src/malloc/malloc.c: No such file or directory.
in src/malloc/malloc.c
(gdb) print *c
$6 = {psize = 2096, csize = 2097, next = 0x2140088, prev = 0x0}
(gdb) s
241 in src/malloc/malloc.c
(gdb)
Program received signal SIGSEGV, Segmentation fault.
0x0008bcc0 in unbin (c=0x21408b8, i=40) at src/malloc/malloc.c:241
241 in src/malloc/malloc.c
(gdb)
The root cause was not obvious on scanning the source.
Is this perhaps something that's already been fixed?
Dave
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
