possible double-free in yelp
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
yelp (Ubuntu) |
Fix Released
|
Low
|
Sebastien Bacher |
Bug Description
I recently upgraded my system from warty to hoary and yelp
is now unable to launch, stuck in an endless loop in mallopt.
When executing it under gdb, using MALLOC_CHECK_=1 to debug
the glibc memory allocator, I get the following information:
$ MALLOC_CHECK_=1 gdb yelp
...
free(): invalid pointer 0x831b778!
free(): invalid pointer 0x8308b50!
free(): invalid pointer 0x8306458!
free(): invalid pointer 0x8306598!
free(): invalid pointer 0x8306bb0!
free(): invalid pointer 0x830aad0!
free(): invalid pointer 0x830ab38!
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1224942720 (LWP 15946)]
0xb7444c37 in xmlFreeNodeList () from /usr/lib/
(gdb) bt
#0 0xb7444c37 in xmlFreeNodeList () from /usr/lib/
#1 0xb7444c9b in xmlFreeNodeList () from /usr/lib/
#2 0xb7444c9b in xmlFreeNodeList () from /usr/lib/
#3 0xb7444c9b in xmlFreeNodeList () from /usr/lib/
#4 0xb74427bd in xmlFreeDoc () from /usr/lib/
#5 0x0805bc0f in toc_pager_
#6 0x0805b788 in toc_pager_
#7 0xb75d297f in g_child_watch_add () from /usr/lib/
#8 0xb75cfc8b in g_main_depth () from /usr/lib/
#9 0xb75d0c31 in g_main_
#10 0xb75d0f53 in g_main_
#11 0xb75d149a in g_main_loop_run () from /usr/lib/
#12 0xb77226d3 in bonobo_main () from /usr/lib/
#13 0x08064839 in main ()
So it seems that a pointer to non-allocated memory (or already freed one)
is passed to free. I think it more probable that it is a case of double
free problem since the program goes in an endless loop when trying to
allocate some more memory when using non-checking version of malloc/free.
I'm having this problem with version 2.9.3-0ubuntu1 of yelp and version
2.6.17-0ubuntu1 of libxml2 (that can be the other culprit, but since it
is impossible to attach a bug to two different package, and yelp is the
only program that crash for me, I don't think so).
If you can direct me to debug version of those program/library I can
try to look in more detail to this problem (I don't really want to
compile both of them from source, especially after looking at the
yelp dependencies).
Have a nice day.
sorry for the long reply. I don't have this issue here, do you still get it with
the current versions ?