Ubuntu
slocate package

searching with wildcards: double free or corruption detected by glibc

Bug #134213 reported by Marlin Forbes
28
Affects Status Importance Assigned to Milestone
slocate (Debian)
Fix Released
Unknown
slocate (Ubuntu)
Invalid
Medium
Unassigned

Bug Description

Binary package hint: slocate

OS: Feisty Fawn with custom kernel.
PKG: slocate - Secure Locate 3.1 - Released March 7, 2006

INPUT:
slocate 'alongstring?', or slocate "alongstring?"
OR
slocate 'alongstring*', or slocate "alongstring*"

The total length of the parameter including the wildcard must be 12 characters or more.

OUTPUT:
*** glibc detected *** slocate: double free or corruption (fasttop): 0x080527e8 ***
======= Backtrace: =========
/lib/libc.so.6[0xb7eda312]
/lib/libc.so.6(cfree+0x89)[0xb7edb9c9]
slocate[0x804b149]
slocate[0x804af63]
/lib/libc.so.6(__libc_start_main+0xdc)[0xb7e8bebc]
slocate[0x80492e1]
======= Memory map: ========
08048000-08050000 r-xp 00000000 08:03 4080651 /usr/bin/slocate
08050000-08051000 rw-p 00007000 08:03 4080651 /usr/bin/slocate
08051000-08072000 rw-p 08051000 00:00 0 [heap]
b7d00000-b7d21000 rw-p b7d00000 00:00 0
b7d21000-b7e00000 ---p b7d21000 00:00 0
b7e37000-b7e42000 r-xp 00000000 08:03 4390974 /lib/libgcc_s.so.1
b7e42000-b7e43000 rw-p 0000a000 08:03 4390974 /lib/libgcc_s.so.1
b7e43000-b7e4b000 r-xp 00000000 08:03 4390993 /lib/libnss_files-2.5.so
b7e4b000-b7e4d000 rw-p 00007000 08:03 4390993 /lib/libnss_files-2.5.so
b7e4d000-b7e55000 r-xp 00000000 08:03 4391003 /lib/libnss_nis-2.5.so
b7e55000-b7e57000 rw-p 00007000 08:03 4391003 /lib/libnss_nis-2.5.so
b7e57000-b7e69000 r-xp 00000000 08:03 4390987 /lib/libnsl-2.5.so
b7e69000-b7e6b000 rw-p 00011000 08:03 4390987 /lib/libnsl-2.5.so
b7e6b000-b7e6d000 rw-p b7e6b000 00:00 0
b7e6d000-b7e73000 r-xp 00000000 08:03 4390989 /lib/libnss_compat-2.5.so
b7e73000-b7e75000 rw-p 00005000 08:03 4390989 /lib/libnss_compat-2.5.so
b7e75000-b7e76000 rw-p b7e75000 00:00 0
b7e76000-b7f9c000 r-xp 00000000 08:03 4390949 /lib/libc-2.5.so
b7f9c000-b7f9d000 r--p 00125000 08:03 4390949 /lib/libc-2.5.so
b7f9d000-b7f9f000 rw-p 00126000 08:03 4390949 /lib/libc-2.5.so
b7f9f000-b7fa2000 rw-p b7f9f000 00:00 0
b7fb5000-b7fb7000 rw-p b7fb5000 00:00 0
b7fb7000-b7fb8000 r-xp b7fb7000 00:00 0 [vdso]
b7fb8000-b7fd1000 r-xp 00000000 08:03 4390933 /lib/ld-2.5.so
b7fd1000-b7fd3000 rw-p 00019000 08:03 4390933 /lib/ld-2.5.so
bfa00000-bfa16000 rw-p bfa00000 00:00 0 [stack]

Revision history for this message
Sven Herzberg (herzi) wrote :

I can confirm this bug. I was looking for "bluetooth*desktop" and locate crashed.

Revision history for this message
Sven Herzberg (herzi) wrote :

==13879== Memcheck, a memory error detector.
==13879== Copyright (C) 2002-2006, and GNU GPL'd, by Julian Seward et al.
==13879== Using LibVEX rev 1658, a library for dynamic binary translation.
==13879== Copyright (C) 2004-2006, and GNU GPL'd, by OpenWorks LLP.
==13879== Using valgrind-3.2.1-Debian, a dynamic binary instrumentation framework.
==13879== Copyright (C) 2000-2006, and GNU GPL'd, by Julian Seward et al.
==13879== For more details, rerun with: -v
==13879==
==13879== Invalid free() / delete / delete[]
==13879== at 0x402123A: free (vg_replace_malloc.c:233)
==13879== by 0x804B148: free_cmd_data (in /usr/bin/slocate)
==13879== by 0x804AF62: main (in /usr/bin/slocate)
==13879== Address 0x41547A8 is 0 bytes inside a block of size 20 free'd
==13879== at 0x402123A: free (vg_replace_malloc.c:233)
==13879== by 0x804D5FD: match (in /usr/bin/slocate)
==13879== by 0x80496E7: search_path (in /usr/bin/slocate)
==13879== by 0x8049D73: search_db (in /usr/bin/slocate)
==13879== by 0x804AF27: main (in /usr/bin/slocate)
==13879==
==13879== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 19 from 1)
==13879== malloc/free: in use at exit: 176 bytes in 12 blocks.
==13879== malloc/free: 9,720,890 allocs, 9,720,879 frees, 414,990,507 bytes allocated.
==13879== For counts of detected errors, rerun with: -v
==13879== searching for pointers to 12 not-freed blocks.
==13879== checked 55,912 bytes.
==13879==
==13879== LEAK SUMMARY:
==13879== definitely lost: 176 bytes in 12 blocks.
==13879== possibly lost: 0 bytes in 0 blocks.
==13879== still reachable: 0 bytes in 0 blocks.
==13879== suppressed: 0 bytes in 0 blocks.
==13879== Use --leak-check=full to see details of leaked memory.

Now I can look into the source...

Revision history for this message
Sebastien Bacher (seb128) wrote :

==8621== Invalid free() / delete / delete[]
==8621== at 0x402237F: free (vg_replace_malloc.c:233)
==8621== by 0x804B442: free_cmd_data (cmds.c:63)
==8621== by 0x804B366: main (slocate.c:805)
==8621== Address 0x415D7A8 is 0 bytes inside a block of size 20 free'd
==8621== at 0x402237F: free (vg_replace_malloc.c:233)
==8621== by 0x804D7D6: match (utils.c:143)
==8621== by 0x804A442: search_path (slocate.c:464)
==8621== by 0x804AF1C: search_db (slocate.c:670)
==8621== by 0x804B2E6: main (slocate.c:788)

Sebastien Bacher (seb128)
Changed in slocate:
importance: Undecided → Medium
status: New → Confirmed
Revision history for this message
Didier Misson (dmlinux) wrote :

same problem :

didier@didier-laptop:/etc/rc3.d$ locate .d/S??apache
/etc/rc2.d/S91apache2
/etc/rc3.d/S91apache2
/etc/rc4.d/S91apache2
/etc/rc5.d/S91apache2
*** glibc detected *** locate: double free or corruption (fasttop): 0x08052850 ***
======= Backtrace: =========
/lib/tls/i686/cmov/libc.so.6[0xb7e39d65]
/lib/tls/i686/cmov/libc.so.6(cfree+0x90)[0xb7e3d800]
locate[0x804b149]
locate[0x804af63]
/lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe0)[0xb7de6050]
locate[0x8049301]
======= Memory map: ========
08048000-08050000 r-xp 00000000 08:07 498554 /usr/bin/slocate
08050000-08051000 rw-p 00007000 08:07 498554 /usr/bin/slocate
08051000-08072000 rw-p 08051000 00:00 0 [heap]
b7c00000-b7c21000 rw-p b7c00000 00:00 0
b7c21000-b7d00000 ---p b7c21000 00:00 0
b7d99000-b7da2000 r-xp 00000000 08:07 466344 /lib/tls/i686/cmov/libnss_files-2.6.1.so
b7da2000-b7da4000 rw-p 00008000 08:07 466344 /lib/tls/i686/cmov/libnss_files-2.6.1.so
b7da4000-b7dac000 r-xp 00000000 08:07 466346 /lib/tls/i686/cmov/libnss_nis-2.6.1.so
b7dac000-b7dae000 rw-p 00007000 08:07 466346 /lib/tls/i686/cmov/libnss_nis-2.6.1.so
b7dae000-b7dc2000 r-xp 00000000 08:07 466334 /lib/tls/i686/cmov/libnsl-2.6.1.so
b7dc2000-b7dc4000 rw-p 00013000 08:07 466334 /lib/tls/i686/cmov/libnsl-2.6.1.so
b7dc4000-b7dc6000 rw-p b7dc4000 00:00 0
b7dc6000-b7dcd000 r-xp 00000000 08:07 466335 /lib/tls/i686/cmov/libnss_compat-2.6.1.so
b7dcd000-b7dcf000 rw-p 00006000 08:07 466335 /lib/tls/i686/cmov/libnss_compat-2.6.1.so
b7dcf000-b7dd0000 rw-p b7dcf000 00:00 0
b7dd0000-b7f14000 r-xp 00000000 08:07 466277 /lib/tls/i686/cmov/libc-2.6.1.so
b7f14000-b7f15000 r--p 00143000 08:07 466277 /lib/tls/i686/cmov/libc-2.6.1.so
b7f15000-b7f17000 rw-p 00144000 08:07 466277 /lib/tls/i686/cmov/libc-2.6.1.so
b7f17000-b7f1a000 rw-p b7f17000 00:00 0
b7f1e000-b7f28000 r-xp 00000000 08:07 465979 /lib/libgcc_s.so.1
b7f28000-b7f29000 rw-p 0000a000 08:07 465979 /lib/libgcc_s.so.1
b7f29000-b7f2c000 rw-p b7f29000 00:00 0
b7f2c000-b7f46000 r-xp 00000000 08:07 466400 /lib/ld-2.6.1.so
b7f46000-b7f48000 rw-p 00019000 08:07 466400 /lib/ld-2.6.1.so
bfa88000-bfa9d000 rw-p bfa88000 00:00 0 [stack]
ffffe000-fffff000 r-xp 00000000 00:00 0 [vdso]
Abandon
didier@didier-laptop:/etc/rc3.d$

Thanks,
;-)

Bug Watch Updater (bug-watch-updater)
Changed in slocate:
status: Unknown → New
Revision history for this message
stilus (stilus) wrote :

This problem still exists in Gutsy:
locate -V
Secure Locate 3.1 - Released March 7, 2006

(pool/main/s/slocate/slocate_3.1-1ubuntu3_i386.deb )

But apparently not in Hardy:
locate -V
mlocate 0.18
Copyright (C) 2007 Red Hat, Inc. All rights reserved.
This software is distributed under the GPL v.2.

This program is provided with NO WARRANTY, to the extent permitted by law.

Revision history for this message
Jean-Baptiste Lallement (jibel) wrote :

stilus, you are referring to 2 different packages. The version string indicates "Secure Locate 3.1" in gutsy but "mlocate 0.18" in Hardy. This report is against slocate.

Bug Watch Updater (bug-watch-updater)
Changed in slocate (Debian):
status: New → Fix Released
Revision history for this message
Phillip Susi (psusi) wrote :

This package has been removed from Ubuntu. Closing all related bugs.

Changed in slocate (Ubuntu):
status: Confirmed → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.