Ubuntu
strace package

  1. Bug #367625
  2. Comment #3

Comment 3 for bug 367625

Revision history for this message
Tomas Pospisek (tpo-deb) wrote :

Mind you, this is also possibly security relevant, since memory corruption means (AFAIK) that strace is writing into memory where it has no business writing to. If the straced program is able to make strace write data of its own will there, then it can possibly manipulate strace.

The bug is certainly reproducible with the programm that is currently running. I don't know wheter I can reploduce it at will later.

The programm being traced is a Java application with plenty of threads (other than the first PID these are threads).

Also of note is, that this is also a 64bit AMD machine, same as the other reporters noted.

$ strace -p 6896 -p 6960 -p 6961 -p 6962 -p 6963 -p 6964 -p 6965 -p 6966 -p 6967 -p 6968 -p 6969 -p 6970 -p 6974 -p 14369 -p 14370 2>/tmp/kaksme
*** glibc detected *** strace: malloc(): memory corruption (fast): 0x0000000000c20630 ***
======= Backtrace: =========
/lib/libc.so.6[0x7fba31239cb8]
/lib/libc.so.6[0x7fba3123d351]
/lib/libc.so.6(__libc_malloc+0x98)[0x7fba3123e828]
strace[0x4087d8]
strace[0x405c0e]
strace[0x404916]
/lib/libc.so.6(__libc_start_main+0xe6)[0x7fba311e05a6]
strace[0x402119]
======= Memory map: ========
00400000-00447000 r-xp 00000000 08:05 587743 /usr/bin/strace
00646000-00647000 r--p 00046000 08:05 587743 /usr/bin/strace
00647000-00648000 rw-p 00047000 08:05 587743 /usr/bin/strace
00648000-00656000 rw-p 00648000 00:00 0
00c1d000-00c3e000 rw-p 00c1d000 00:00 0 [heap]
7fba2c000000-7fba2c021000 rw-p 7fba2c000000 00:00 0
7fba2c021000-7fba30000000 ---p 7fba2c021000 00:00 0
7fba30faa000-7fba30fc0000 r-xp 00000000 08:05 538614 /lib/libgcc_s.so.1
7fba30fc0000-7fba311c0000 ---p 00016000 08:05 538614 /lib/libgcc_s.so.1
7fba311c0000-7fba311c1000 r--p 00016000 08:05 538614 /lib/libgcc_s.so.1
7fba311c1000-7fba311c2000 rw-p 00017000 08:05 538614 /lib/libgcc_s.so.1
7fba311c2000-7fba3132a000 r-xp 00000000 08:05 538795 /lib/libc-2.9.so
7fba3132a000-7fba3152a000 ---p 00168000 08:05 538795 /lib/libc-2.9.so
7fba3152a000-7fba3152e000 r--p 00168000 08:05 538795 /lib/libc-2.9.so
7fba3152e000-7fba3152f000 rw-p 0016c000 08:05 538795 /lib/libc-2.9.so
7fba3152f000-7fba31534000 rw-p 7fba3152f000 00:00 0
7fba31534000-7fba31554000 r-xp 00000000 08:05 538607 /lib/ld-2.9.so
7fba3172e000-7fba31730000 rw-p 7fba3172e000 00:00 0
7fba31750000-7fba31753000 rw-p 7fba31750000 00:00 0
7fba31753000-7fba31754000 r--p 0001f000 08:05 538607 /lib/ld-2.9.so
7fba31754000-7fba31755000 rw-p 00020000 08:05 538607 /lib/ld-2.9.so
7fff39740000-7fff39755000 rw-p 7ffffffea000 00:00 0 [stack]
7fff397ff000-7fff39800000 r-xp 7fff397ff000 00:00 0 [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]
Aborted