Ubuntu
eglibc package

Bug #893605
Comment #4

Comment 4 for bug 893605

Revision history for this message

Ppluzhnikov-google (ppluzhnikov-google) wrote on 2012-01-10:

Valgrind confirms:

==11099== Invalid read of size 8
==11099== at 0x4009B1A: do_lookup_x (dl-lookup.c:98)
==11099== by 0x400A4E2: _dl_lookup_symbol_x (dl-lookup.c:739)
==11099== by 0x730D419: do_sym (dl-sym.c:178)
==11099== by 0x11D23043: dlsym_doit (dlsym.c:51)
==11099== by 0x400F0F5: _dl_catch_error (dl-error.c:178)
==11099== by 0x11D2352E: _dlerror_run (dlerror.c:164)
==11099== by 0x11D23099: dlsym (dlsym.c:71)
==11099== by 0xA2DD3EF: g_module_symbol (gmodule-dl.c:147)
==11099== by 0xA2DD8A9: g_module_open (gmodule.c:630)
==11099== by 0x592C17D: gnc_module_load_common (gnc-module.c:501)
==11099== by 0x592C467: gnc_module_load (gnc-module.c:552)
==11099== by 0x405CD4: load_gnucash_modules (gnucash-bin.c:595)
==11099== Address 0x194e2a28 is 456 bytes inside a block of size 904 free'd
==11099== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==11099== by 0x4012871: _dl_scope_free (dl-scope.c:32)
==11099== by 0x40143D5: _dl_close_worker (dl-close.c:130)
==11099== by 0x4014FBD: _dl_close (dl-close.c:779)
==11099== by 0x400F0F5: _dl_catch_error (dl-error.c:178)
==11099== by 0x11D2352E: _dlerror_run (dlerror.c:164)
==11099== by 0x11D2300E: dlclose (dlclose.c:48)
==11099== by 0xA2DD299: g_module_close (gmodule-dl.c:134)
==11099== by 0x592BC0D: gnc_module_get_info (gnc-module.c:329)
==11099== by 0x592B812: gnc_module_system_refresh (gnc-module.c:190)
==11099== by 0x592B72C: gnc_module_system_init (gnc-module.c:137)
==11099== by 0x406391: main (gnucash-bin.c:851)

The problem appears to have been introduced here:

4bff6e01 (Andreas Schwab 2011-02-25 20:49:48 -0500 127) {
4bff6e01 (Andreas Schwab 2011-02-25 20:49:48 -0500 128) struct link_map **oldp = map->l_initfini;
4bff6e01 (Andreas Schwab 2011-02-25 20:49:48 -0500 129) map->l_initfini = map->l_orig_initfini;
4bff6e01 (Andreas Schwab 2011-02-25 20:49:48 -0500 130) _dl_scope_free (oldp);
4bff6e01 (Andreas Schwab 2011-02-25 20:49:48 -0500 131) }

@@ -119,8 +119,17 @@ _dl_close_worker (struct link_map *map)
   if (map->l_direct_opencount > 0 || map->l_type != lt_loaded
       || dl_close_state != not_pending)
     {
- if (map->l_direct_opencount == 0 && map->l_type == lt_loaded)
- dl_close_state = rerun;
+ if (map->l_direct_opencount == 0)
+ {
+ if (map->l_type == lt_loaded)
+ dl_close_state = rerun;
+ else if (map->l_type == lt_library)
+ {
+ struct link_map **oldp = map->l_initfini;
+ map->l_initfini = map->l_orig_initfini;
+ _dl_scope_free (oldp);
+ }
+ }

The libraries that are loaded as direct dependencies of a.out have
map->l_type == lt_library.

Valgrind confirms:

==11099== Invalid read of size 8
==11099==    at 0x4009B1A: do_lookup_x (dl-lookup.c:98)
==11099==    by 0x400A4E2: _dl_lookup_symbol_x (dl-lookup.c:739)
==11099==    by 0x730D419: do_sym (dl-sym.c:178)
==11099==    by 0x11D23043: dlsym_doit (dlsym.c:51)
==11099==    by 0x400F0F5: _dl_catch_error (dl-error.c:178)
==11099==    by 0x11D2352E: _dlerror_run (dlerror.c:164)
==11099==    by 0x11D23099: dlsym (dlsym.c:71)
==11099==    by 0xA2DD3EF: g_module_symbol (gmodule-dl.c:147)
==11099==    by 0xA2DD8A9: g_module_open (gmodule.c:630)
==11099==    by 0x592C17D: gnc_module_load_common (gnc-module.c:501)
==11099==    by 0x592C467: gnc_module_load (gnc-module.c:552)
==11099==    by 0x405CD4: load_gnucash_modules (gnucash-bin.c:595)
==11099==  Address 0x194e2a28 is 456 bytes inside a block of size 904 free'd
==11099==    at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==11099==    by 0x4012871: _dl_scope_free (dl-scope.c:32)
==11099==    by 0x40143D5: _dl_close_worker (dl-close.c:130)
==11099==    by 0x4014FBD: _dl_close (dl-close.c:779)
==11099==    by 0x400F0F5: _dl_catch_error (dl-error.c:178)
==11099==    by 0x11D2352E: _dlerror_run (dlerror.c:164)
==11099==    by 0x11D2300E: dlclose (dlclose.c:48)
==11099==    by 0xA2DD299: g_module_close (gmodule-dl.c:134)
==11099==    by 0x592BC0D: gnc_module_get_info (gnc-module.c:329)
==11099==    by 0x592B812: gnc_module_system_refresh (gnc-module.c:190)
==11099==    by 0x592B72C: gnc_module_system_init (gnc-module.c:137)
==11099==    by 0x406391: main (gnucash-bin.c:851)

The problem appears to have been introduced here:

4bff6e01 (Andreas Schwab 2011-02-25 20:49:48 -0500 127)             {
4bff6e01 (Andreas Schwab 2011-02-25 20:49:48 -0500 128)               struct link_map **oldp = map->l_initfini;
4bff6e01 (Andreas Schwab 2011-02-25 20:49:48 -0500 129)               map->l_initfini = map->l_orig_initfini;
4bff6e01 (Andreas Schwab 2011-02-25 20:49:48 -0500 130)               _dl_scope_free (oldp);
4bff6e01 (Andreas Schwab 2011-02-25 20:49:48 -0500 131)             }

@@ -119,8 +119,17 @@ _dl_close_worker (struct link_map *map)
   if (map->l_direct_opencount > 0 || map->l_type != lt_loaded
       || dl_close_state != not_pending)
     {
-      if (map->l_direct_opencount == 0 && map->l_type == lt_loaded)
-       dl_close_state = rerun;
+      if (map->l_direct_opencount == 0)
+       {
+         if (map->l_type == lt_loaded)
+           dl_close_state = rerun;
+         else if (map->l_type == lt_library)
+           {
+             struct link_map **oldp = map->l_initfini;
+             map->l_initfini = map->l_orig_initfini;
+             _dl_scope_free (oldp);
+           }
+       }

The libraries that are loaded as direct dependencies of a.out have
map->l_type == lt_library.

Ubuntueglibc package

Comment 4 for bug 893605

Ubuntu
eglibc package