Ubuntu
eglibc package

argz_extract() breaks freeing of both "argv" and "argz" strings

Bug #662561 reported by Nikita Zlobin
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
eglibc (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

Hi all. I'm using kxstudio, but libc6 packages are taken from ubuntu.
Where to find info about "argz" functions family: in argz manual (man argz).

Try this example:
/******************************************************************/

#include <argz.h>
#include <stdio.h>

/* "argz" parameter, which is command line with arguments,
 * separated by NULL characters, can be found in /proc/[PID]/cmdline file for any PID */
char * cmdline;
char * cmdline_size;
get_process_cmdline( &cmdline, &cmdline_size ); // User-defined function

int argc = argz_count( cmdline, cmdline_size ); // All right...
char ** argv = malloc( argc + 1);

if (argc) printf ( "arg0: %s", argv[0] ); // Success
if (argc > 0) printf ( "arg1: %s", argv[1] ); // Success

free( * argv ); /* Without effect - argv[0] and argv[1] are still reachable */
free( argv ); /* segmentation fault! =) */

/*************************************************/

Below is output of program, using argz functionality:

======================================================================

*** glibc detected *** gladish: free(): invalid next size (fast): 0x0000000002310460 ***
======= Backtrace: =========
/lib/libc.so.6(+0x775b6)[0x7f5e94f255b6]
/lib/libc.so.6(cfree+0x73)[0x7f5e94f2be53]
gladish[0x42c989]
gladish[0x41b763]
gladish[0x41b9b3]
gladish[0x41bb13]
gladish[0x41be5a]
gladish[0x41b5c1]
gladish[0x41bff7]
gladish[0x40fd65]
/lib/libglib-2.0.so.0(+0x3f09b)[0x7f5e998db09b]
/lib/libglib-2.0.so.0(g_main_context_dispatch+0x1f2)[0x7f5e998da8c2]
/lib/libglib-2.0.so.0(+0x42748)[0x7f5e998de748]
/lib/libglib-2.0.so.0(g_main_loop_run+0x195)[0x7f5e998dec55]
/usr/lib/libgtk-x11-2.0.so.0(gtk_main+0xa7)[0x7f5e9747abb7]
gladish[0x410072]
/lib/libc.so.6(__libc_start_main+0xfd)[0x7f5e94eccc4d]
gladish[0x40fbd9]
======= Memory map: ========
00400000-00440000 r-xp 00000000 08:04 785500 /usr/bin/gladish
0063f000-00640000 r--p 0003f000 08:04 785500 /usr/bin/gladish
00640000-00642000 rw-p 00040000 08:04 785500 /usr/bin/gladish
00642000-00644000 rw-p 00000000 00:00 0
02044000-023d9000 rw-p 00000000 00:00 0 [heap]
7f5e88000000-7f5e88021000 rw-p 00000000 00:00 0
7f5e88021000-7f5e8c000000 ---p 00000000 00:00 0
7f5e8c9be000-7f5e8ca1e000 rw-s 00000000 00:04 209223742 /SYSV00000000 (deleted)
7f5e8cafc000-7f5e8cbd6000 r-xp 00000000 08:04 796199 /usr/lib/libasound.so.2.0.0
7f5e8cbd6000-7f5e8cdd6000 ---p 000da000 08:04 796199 /usr/lib/libasound.so.2.0.0
7f5e8cdd6000-7f5e8cddc000 r--p 000da000 08:04 796199 /usr/lib/libasound.so.2.0.0
7f5e8cddc000-7f5e8cddd000 rw-p 000e0000 08:04 796199 /usr/lib/libasound.so.2.0.0
7f5e8ce11000-7f5e8ce15000 r-xp 00000000 08:04 799982 /usr/lib/libcanberra-0.22/libcanberra-alsa.so
7f5e8ce15000-7f5e8d014000 ---p 00004000 08:04 799982 /usr/lib/libcanberra-0.22/libcanberra-alsa.so
7f5e8d014000-7f5e8d015000 r--p 00003000 08:04 799982 /usr/lib/libcanberra-0.22/libcanberra-alsa.so
7f5e8d015000-7f5e8d016000 rw-p 00004000 08:04 799982 /usr/lib/libcanberra-0.22/libcanberra-alsa.so
7f5e8d016000-7f5e8d076000 rw-s 00000000 00:04 209190932 /SYSV00000000 (deleted)
7f5e8d076000-7f5e8d6bd000 r--p 00000000 08:04 1068210 /usr/share/icons/gnome/icon-theme.cache
7f5e8d6bd000-7f5e8e462000 r--p 00000000 08:04 1046777 /usr/share/icons/hicolor/icon-theme.cache
7f5e8e462000-7f5e8e4fa000 r--p 00000000 08:04 1058979 /usr/share/fonts/truetype/ttf-dejavu/DejaVuSans.ttf
7f5e8e4fa000-7f5e8e592000 r--p 00000000 08:04 1058979 /usr/share/fonts/truetype/ttf-dejavu/DejaVuSans.ttf
7f5e8e592000-7f5e8e62a000 r--p 00000000 08:04 1058979 /usr/share/fonts/truetype/ttf-dejavu/DejaVuSans.ttf
7f5e8e62a000-7f5e8e6c2000 r--p 00000000 08:04 1058979 /usr/share/fonts/truetype/ttf-dejavu/DejaVuSans.ttf
7f5e8e6c2000-7f5e8e75a000 r--p 00000000 08:04 1058979 /usr/share/fonts/truetype/ttf-dejavu/DejaVuSans.ttf
7f5e8e75a000-7f5e8e7f2000 r--p 00000000 08:04 1058979 /usr/share/fonts/truetype/ttf-dejavu/DejaVuSans.ttf
7f5e8e7f2000-7f5e8e88a000 r--p 00000000 08:04 1058979 /usr/share/fonts/truetype/ttf-dejavu/DejaVuSans.ttf
7f5e8e88a000-7f5e8e922000 r--p 00000000 08:04 1058979 /usr/share/fonts/truetype/ttf-dejavu/DejaVuSans.ttf
7f5e8e922000-7f5e8e9ba000 r--p 00000000 08:04 1058979 /usr/share/fonts/truetype/ttf-dejavu/DejaVuSans.ttf
7f5e8e9ba000-7f5e8ea52000 r--p 00000000 08:04 1058979 /usr/share/fonts/truetype/ttf-dejavu/DejaVuSans.ttf
7f5e8ea52000-7f5e8ea57000 r-xp 00000000 08:04 949601 /usr/lib/gtk-2.0/2.10.0/loaders/libpixbufloader-png.so
7f5e8ea57000-7f5e8ec56000 ---p 00005000 08:04 949601 /usr/lib/gtk-2.0/2.10.0/loaders/libpixbufloader-png.so
7f5e8ec56000-7f5e8ec57000 r--p 00004000 08:04 949601 /usr/lib/gtk-2.0/2.10.0/loaders/libpixbufloader-png.so
7f5e8ec57000-7f5e8ec58000 rw-p 00005000 08:04 949601 /usr/lib/gtk-2.0/2.10.0/loaders/libpixbufloader-png.so
7f5e8ec58000-7f5e8ecf0000 r--p 00000000 08:04 1058979 /usr/share/fonts/truetype/ttf-dejavu/DejaVuSans.ttf
7f5e8ecf0000-7f5e8ecf2000 r-xp 00000000 08:04 920845 /usr/lib/pango/1.6.0/modules/pango-basic-fc.so
7f5e8ecf2000-7f5e8eef1000 ---p 00002000 08:04 920845 /usr/lib/pango/1.6.0/modules/pango-basic-fc.so
7f5e8eef1000-7f5e8eef2000 r--p 00001000 08:04 920845 /usr/lib/pango/1.6.0/modules/pango-basic-fc.so
7f5e8eef2000-7f5e8eef3000 rw-p 00002000 08:04 920845 /usr/lib/pango/1.6.0/modules/pango-basic-fc.so
7f5e8eef3000-7f5e8eef4000 r--s 00000000 08:04 261548 /var/cache/fontconfig/26de28bc8622bbc1fb67fd234c21975f-le64.cache-3
7f5e8eef4000-7f5e8eef8000 r--s 00000000 08:04 290208 /var/cache/fontconfig/5e10083637a12ecd1bff191eb66bfa2f-le64.cache-3
7f5e8eef8000-7f5e8eef9000 r--s 00000000 08:04 290154 /var/cache/fontconfig/c05880de57d1f5e948fdfacc138775d9-le64.cache-3
7f5e8eef9000-7f5e8eefd000 r--s 00000000 08:04 289702 /var/cache/fontconfig/603b2eb47209ddb3c5269b217a306167-le64.cache-3
7f5e8eefd000-7f5e8ef06000 r--s 00000000 08:04 261586 /var/cache/fontconfig/945677eb7aeaf62f1d50efc3fb3ec7d8-le64.cache-3
7f5e8ef06000-7f5e8ef08000 r--s 00000000 08:04 289695 /var/cache/fontconfig/99e8ed0e538f840c565b6ed5dad60d56-le64.cache-3
7f5e8ef08000-7f5e8ef0e000 r--s 00000000 08:04 289688 /var/cache/fontconfig/e25ca923d7a08ab6b0777bd7eb77ea77-le64.cache-3
7f5e8ef0e000-7f5e8ef0f000 r--s 00000000 08:04 289683 /var/cache/fontconfig/0fafd173547752dce4dee1a69e0b3c95-le64.cache-3
7f5e8ef0f000-7f5e8ef12000 r--s 00000000 08:04 289673 /var/cache/fontconfig/e383d7ea5fbe662a33d9b44caf393297-le64.cache-3
7f5e8ef12000-7f5e8ef15000 r--s 00000000 08:04 287309 /var/cache/fontconfig/2cd17615ca594fa2959ae173292e504c-le64.cache-3
7f5e8ef15000-7f5e8ef1c000 r--s 00000000 08:04 287147 /var/cache/fontconfig/bddabcf04192498a6a74911686fc6962-le64.cache-3
7f5e8ef1c000-7f5e8ef20000 r--s 00000000 08:04 287145 /var/cache/fontconfig/a46337af8a0b4c9b317ad981ec3bdf87-le64.cache-3
7f5e8ef20000-7f5e8ef21000 r--s 00000000 08:04 287144 /var/cache/fontconfig/79b7902a698c37d747b157374a08587f-le64.cache-3
7f5e8ef21000-7f5e8ef23000 r--s 00000000 08:04 287141 /var/cache/fontconfig/1b70ff56935fd37e75520e134628df26-le64.cache-3
7f5e8ef23000-7f5e8ef2a000 r--s 00000000 08:04 287140 /var/cache/fontconfig/3fdcac6013931cd7c06449c5f8fab136-le64.cache-3
7f5e8ef2a000-7f5e8ef2b000 r--s 00000000 08:04 287137 /var/cache/fontconfig/6edd069ccec3ba28096b368c434fa861-le64.cache-3
7f5e8ef2b000-7f5e8ef2e000 r--s 00000000 08:04 287136 /var/cache/fontconfig/ea47318ec9849e1a71e80a5d69d13859-le64.cache-3
7f5e8ef2e000-7f5e8ef30000 r--s 00000000 08:04 287134 /var/cache/fontconfig/e3fa16a14183b06aa45b3e009278fd14-le64.cache-3
7f5e8ef30000-7f5e8ef31000 r--s 00000000 08:04 287133 /var/cache/fontconfig/fc14e3aff40829fbb7132d5e06a8168b-le64.cache-3
7f5e8ef31000-7f5e8ef33000 r--s 00000000 08:04 287132 /var/cache/fontconfig/dc69028cb7d26f67d8024a5e4f94b512-le64.cache-3
7f5e8ef33000-7f5e8ef34000 r--s 00000000 08:04 287127 /var/cache/fontconfig/52728cdc49031813f272d4aa720952ff-le64.cache-3
7f5e8ef34000-7f5e8ef35000 r--s 00000000 08:04 287126 /var/cache/fontconfig/acf24f57989d82ed5c91b60ef9c3a050-le64.cache-3
7f5e8ef35000-7f5e8ef36000 r--s 00000000 08:04 287125 /var/cache/fontconfig/e7071f4a29fa870f4323321c154eba04-le64.cache-3
7f5e8ef36000-7f5e8ef37000 r--s 00000000 08:04 287124 /var/cache/fontconfig/e0853c5e7e7fc9a9e822b52cb2e640cf-le64.cache-3
7f5e8ef37000-7f5e8ef39000 r--s 00000000 08:04 287121 /var/cache/fontconfig/946752ae7a90c323083f887d43ff0bb2-le64.cache-3
7f5e8ef39000-7f5e8ef3e000 r--s 00000000 08:04 287118 /var/cache/fontconfig/921a30a17f0be15c70ac14043cb7a739-le64.cache-3
7f5e8ef3e000-7f5e8ef3f000 r--s 00000000 08:04 287115 /var/cache/fontconfig/617957603a337376ca8784972c6029f5-le64.cache-3
7f5e8ef3f000-7f5e8ef40000 r--s 00000000 08:04 287114 /var/cache/fontconfig/77b18b36891b2c3ee123bc985c86a99d-le64.cache-3
7f5e8ef40000-7f5e8ef43000 r--s 00000000 08:04 287113 /var/cache/fontconfig/b5ea634b0fb353b8ea17632d1f9ef766-le64.cache-3
7f5e8ef43000-7f5e8ef4e000 r--s 00000000 08:04 287112 /var/cache/fontconfig/5aa9259560595826861fba5056bf4850-le64.cache-3
7f5e8ef4e000-7f5e8ef52000 r--s 00000000 08:04 287109 /var/cache/fontconfig/6eb3985aa4124903f6ff08ba781cd364-le64.cache-3
7f5e8ef52000-7f5e8ef7b000 r--s 00000000 08:04 287108 /var/cache/fontconfig/4ca92cf76c0cf3dfa7f011127eff595d-le64.cache-3
7f5e8ef7b000-7f5e8efa7000 r--s 00000000 08:04 287101 /var/cache/fontconfig/6abf76b0b4cc7192703d8431ac929b75-le64.cache-3
7f5e8efa7000-7f5e8efd5000 r--s 00000000 08:04 287098 /var/cache/fontconfig/f408d08d2fce062ab660f628db78bf96-le64.cache-3
7f5e8efd5000-7f5e8efd6000 r--s 00000000 08:04 287097 /var/cache/fontconfig/4c73fe0c47614734b17d736dbde7580a-le64.cache-3
7f5e8efd6000-7f5e8efd7000 r--s 00000000 08:04 287075 /var/cache/fontconfig/0d8c3b2ac0904cb8a57a757ad11a4a08-le64.cache-3
7f5e8efd7000-7f5e8efd8000 r--s 00000000 08:04 287072 /var/cache/fontconfig/6a53c69dea097a2d716e069445527da8-le64.cache-3
7f5e8efd8000-7f5e8efda000 r--s 00000000 08:04 287070 /var/cache/fontconfig/406bd5c19e5cc517440ee75488dad48e-le64.cache-3
7f5e8efda000-7f5e8efde000 r--s 00000000 08:04 286951 /var/cache/fontconfig/dfe01fa16583a856689483e0569db943-le64.cache-3
7f5e8efde000-7f5e8efe4000 r--s 00000000 08:04 286934 /var/cache/fontconfig/a755afe4a08bf5b97852ceb7400b47bc-le64.cache-3
7f5e8efe4000-7f5e8efe5000 r--s 00000000 08:04 286812 /var/cache/fontconfig/7ee55724f82591cb35c3d9771e9e69ed-le64.cache-3
7f5e8efe5000-7f5e8efe8000 r--s 00000000 08:04 285539 /var/cache/fontconfig/f680583fed5bdc90d95a16af47e16528-le64.cache-3
7f5e8efe8000-7f5e8efe9000 r--s 00000000 08:04 285535 /var/cache/fontconfig/a8d35ba226d862df35f7c320f882e11a-le64.cache-3
7f5e8efe9000-7f5e8efea000 r--s 00000000 08:04 285516 /var/cache/fontconfig/818fefaf4a9a6d62e9703ad211f6e18f-le64.cache-3
7f5e8efea000-7f5e8efeb000 r--s 00000000 08:04 285513 /var/cache/fontconfig/342245cecc7b46fd40dc20a7c48a9d74-le64.cache-3
7f5e8efeb000-7f5e8eff0000 r--s 00000000 08:04 285512 /var/cache/fontconfig/515ca1ebc4b18308bea979be5704f9db-le64.cache-3
7f5e8eff0000-7f5e8eff9000 r--s 00000000 08:04 285204 /var/cache/fontconfig/6d41288fd70b0be22e8c3a91e032eec0-le64.cache-3
7f5e8eff9000-7f5e8effa000 r--s 00000000 08:04 284960 /var/cache/fontconfig/ae93d27baa4fa58a887d08a84c8b8bdf-le64.cache-3
7f5e8effa000-7f5e8effe000 r--s 00000000 08:04 272586 /var/cache/fontconfig/24cfa87181cfa5a1c0a5ecfd4c14c4b3-le64.cache-3
7f5e8effe000-7f5e8f001000 r--s 00000000 08:04 290354 /var/cache/fontconfig/de156ccd2eddbdc19d37a45b8b2aac9c-le64.cache-3
7f5e8f001000-7f5e8f003000 r--s 00000000 08:04 284875 /var/cache/fontconfig/4609d6ed693fb2a61c04ed6a1f4c071e-le64.cache-3
7f5e8f003000-7f5e8f00b000 r--s 00000000 08:04 279302 /var/cache/fontconfig/a6354e3ac43af67bd8d7b8e43c34e49f-le64.cache-3
7f5e8f00b000-7f5e8f00c000 r--s 00000000 08:04 279279 /var/cache/fontconfig/4c8bd476623eafb6fe862291a3b05f7d-le64.cache-3
7f5e8f00c000-7f5e8f01c000 r--s 00000000 08:04 277518 /var/cache/fontconfig/0f34bcd4b6ee430af32735b75db7f02b-le64.cache-3
7f5e8f01c000-7f5e8f01f000 r--s 00000000 08:04 277393 /var/cache/fontconfig/d60319d88cac85ba9e1a07bd06cfbb8c-le64.cache-3
7f5e8f01f000-7f5e8f020000 r--s 00000000 08:04 277384 /var/cache/fontconfig/9451a55048e8dbe8633e64d34165fdf2-le64.cache-3
7f5e8f020000-7f5e8f021000 r--s 00000000 08:04 276794 /var/cache/fontconfig/4794a0821666d79190d59a36cb4f44b5-le64.cache-3
7f5e8f021000-7f5e8f024000 r--s 00000000 08:04 276621 /var/cache/fontconfig/48b6b01af2a6a6e7e7f3fa61998c4afa-le64.cache-3
7f5e8f024000-7f5e8f052000 r--s 00000000 08:04 276311 /var/cache/fontconfig/365b55f210c0a22e9a19e35191240f32-le64.cache-3
7f5e8f052000-7f5e8f054000 r--s 00000000 08:04 276201 /var/cache/fontconfig/85130c034ee6c6a57445579585c0b546-le64.cache-3
7f5e8f054000-7f5e8f058000 r--s 00000000 08:04 276091 /var/cache/fontconfig/0dad82dbaa6c15cf0806f139d62298a3-le64.cache-3
7f5e8f058000-7f5e8f05b000 r--s 00000000 08:04 276036 /var/cache/fontconfig/2c5ba8142dffc8bf0377700342b8ca1a-le64.cache-3

ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: libc6 2.11.1-0ubuntu7.2
Uname: Linux 2.6.33-29-realtime x86_64
NonfreeKernelModules: nvidia
Architecture: amd64
Date: Mon Oct 18 14:46:15 2010
InstallationMedia: KXStudio 10.04 "Lucid Lynx" (Live 64bit)
ProcEnviron:
 SHELL=/bin/bash
 PATH=(custom, user)
 LANG=ru_RU.UTF-8
SourcePackage: eglibc

Revision history for this message
Nikita Zlobin (nick87720z) wrote :
Revision history for this message
Nikita Zlobin (nick87720z) wrote :

Classic glibc doesn't break freeing (another user tested on gentoo)

Revision history for this message
dino99 (9d9) wrote :

This is no more a supported version now

Changed in eglibc (Ubuntu):
status: New → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.