Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 1446475 Details for
Bug 1584916
gfdonotificationbackend: Fix possible invalid pointer in dbus callback
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
File: backtrace
backtrace (text/plain), 21.36 KB, created by
João Carlos Mendes Luís
on 2018-05-31 23:23:38 UTC
(
hide
)
Description:
File: backtrace
Filename:
MIME Type:
Creator:
João Carlos Mendes Luís
Created:
2018-05-31 23:23:38 UTC
Size:
21.36 KB
patch
obsolete
>[New LWP 5101] >[New LWP 5104] >[New LWP 5102] >[New LWP 5103] >[Thread debugging using libthread_db enabled] >Using host libthread_db library "/lib64/libthread_db.so.1". >Core was generated by `/usr/libexec/gnome-terminal-server'. >Program terminated with signal SIGSEGV, Segmentation fault. >#0 __GI___libc_free (mem=mem@entry=0x3fc8003f00000000) at malloc.c:3104 >3104 if (chunk_is_mmapped (p)) /* release mmapped memory. */ >[Current thread is 1 (Thread 0x7f3360289a80 (LWP 5101))] > >Thread 1 (Thread 0x7f3360289a80 (LWP 5101)): >#0 __GI___libc_free (mem=mem@entry=0x3fc8003f00000000) at malloc.c:3104 > ar_ptr = <optimized out> > p = <optimized out> > hook = 0x0 > mem = 0x3fc8003f00000000 > hook = 0x0 >#1 0x00007f335d42846e in g_free (mem=0x3fc8003f00000000) at gmem.c:189 >No locals. >#2 0x00007f335da42dd6 in freedesktop_notification_free (data=data@entry=0x55db9c537100) at gfdonotificationbackend.c:72 > n = 0x55db9c537100 >#3 0x00007f335da42ee3 in notification_sent (source_object=<optimized out>, result=<optimized out>, user_data=0x55db9c537100) at gfdonotificationbackend.c:335 > n = 0x55db9c537100 > val = <optimized out> > error = 0x55db9cb5bc50 > warning_printed = 1 >#4 0x00007f335d9d32c4 in g_task_return_now (task=0x7f334c01da80) at gtask.c:1145 >No locals. >#5 0x00007f335d9d3ce6 in g_task_return (task=0x7f334c01da80, type=<optimized out>) at gtask.c:1203 > source = 0x55db9c482930 >#6 0x00007f335da06cb9 in g_dbus_connection_call_done (source=<optimized out>, result=0x55db9cbfadc0, user_data=0x7f334c01da80) at gdbusconnection.c:5720 > connection = <optimized out> > task = 0x7f334c01da80 > state = 0x55db9c4ff1a0 > error = 0x55db9cb5bc50 > reply = 0x0 > value = <optimized out> >#7 0x00007f335d9d32c4 in g_task_return_now (task=0x55db9cbfadc0) at gtask.c:1145 >No locals. >#8 0x00007f335d9d3ce6 in g_task_return (task=0x55db9cbfadc0, type=<optimized out>) at gtask.c:1203 > source = 0x55db9c482930 >#9 0x00007f335d9d4830 in g_task_return_new_error (task=task@entry=0x55db9cbfadc0, domain=domain@entry=963, code=code@entry=24, format=format@entry=0x7f335da7d2f5 "%s") at gtask.c:1811 > error = <optimized out> > args = {{gp_offset = 40, fp_offset = 48, overflow_arg_area = 0x7ffe584c0af0, reg_save_area = 0x7ffe584c0a30}} >#10 0x00007f335da00408 in send_message_data_deliver_error (task=0x55db9cbfadc0, domain=963, code=24, message=0x7f335da81334 "Timeout was reached") at gdbusconnection.c:1836 > connection = 0x55db9c3bc6a0 > data = 0x55db9c5086e0 >#11 0x00007f335da0046f in send_message_with_reply_timeout_cb (user_data=user_data@entry=0x55db9cbfadc0) at gdbusconnection.c:1878 > task = 0x55db9cbfadc0 >#12 0x00007f335d4235dd in g_timeout_dispatch (source=0x55db9c482930, callback=0x7f335da00440 <send_message_with_reply_timeout_cb>, user_data=0x55db9cbfadc0) at gmain.c:4615 > timeout_source = 0x55db9c482930 > again = <optimized out> >#13 0x00007f335d422b77 in g_main_dispatch (context=0x55db9c3a4100) at gmain.c:3142 > dispatch = 0x7f335d4235c0 <g_timeout_dispatch> > prev_source = 0x0 > was_in_call = 0 > user_data = 0x55db9cbfadc0 > callback = 0x7f335da00440 <send_message_with_reply_timeout_cb> > cb_funcs = 0x7f335d6ea280 <g_source_callback_funcs> > cb_data = 0x55db9cbd3db0 > need_destroy = <optimized out> > source = 0x55db9c482930 > current = 0x55db9c3a5590 > i = 0 >#14 g_main_context_dispatch (context=context@entry=0x55db9c3a4100) at gmain.c:3795 >No locals. >#15 0x00007f335d422f20 in g_main_context_iterate (context=context@entry=0x55db9c3a4100, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3868 > max_priority = 2147483647 > timeout = 295 > some_ready = 1 > nfds = <optimized out> > allocated_nfds = 4 > fds = 0x55db9ca95100 >#16 0x00007f335d422fac in g_main_context_iteration (context=context@entry=0x55db9c3a4100, may_block=may_block@entry=1) at gmain.c:3929 > retval = <optimized out> >#17 0x00007f335d9e8cad in g_application_run (application=0x55db9c3e40d0, argc=<optimized out>, argv=<optimized out>) at gapplication.c:2401 > arguments = 0x55db9c3e2110 > status = 0 > context = 0x55db9c3a4100 > acquired_context = <optimized out> > __func__ = "g_application_run" >#18 0x000055db9a6481fd in main (argc=<optimized out>, argv=<optimized out>) at server.c:180 > app = 0x55db9c3e40d0 > home_dir = <optimized out> > charset = 0x55db9c34f4a0 "UTF-8" > error = 0x0 > >Thread 2 (Thread 0x7f3352e4d700 (LWP 5104)): >#0 0x00007f335c502c6b in __GI___poll (fds=0x7f334c018730, nfds=2, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29 > resultvar = 18446744073709551100 > sc_cancel_oldtype = 0 >#1 0x00007f335d422e99 in g_main_context_poll (priority=<optimized out>, n_fds=2, fds=0x7f334c018730, timeout=<optimized out>, context=0x7f334c016a30) at gmain.c:4169 > ret = <optimized out> > errsv = <optimized out> > poll_func = 0x7f335d432450 <g_poll> >#2 g_main_context_iterate (context=0x7f334c016a30, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3863 > max_priority = 2147483647 > timeout = -1 > some_ready = <optimized out> > nfds = 2 > allocated_nfds = 2 > fds = 0x7f334c018730 >#3 0x00007f335d423232 in g_main_loop_run (loop=0x7f334c016b70) at gmain.c:4064 > __func__ = "g_main_loop_run" >#4 0x00007f335da14b56 in gdbus_shared_thread_func (user_data=0x7f334c016a00) at gdbusprivate.c:275 > data = 0x7f334c016a00 >#5 0x00007f335d44a486 in g_thread_proxy (data=0x7f334c0060a0) at gthread.c:784 > thread = 0x7f334c0060a0 > __func__ = "g_thread_proxy" >#6 0x00007f335c7d750b in start_thread (arg=0x7f3352e4d700) at pthread_create.c:465 > pd = 0x7f3352e4d700 > now = <optimized out> > unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139858410788608, -5407825740596542360, 139858427570142, 139858427570143, 139858295152800, 139858427570272, 5374253328379642984, 5374258762756621416}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} > not_first_call = <optimized out> >#7 0x00007f335c50d16f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 >No locals. > >Thread 3 (Thread 0x7f3353e4f700 (LWP 5102)): >#0 0x00007f335c502c6b in __GI___poll (fds=0x55db9c3eea40, nfds=1, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29 > resultvar = 18446744073709551100 > sc_cancel_oldtype = 0 >#1 0x00007f335d422e99 in g_main_context_poll (priority=<optimized out>, n_fds=1, fds=0x55db9c3eea40, timeout=<optimized out>, context=0x55db9c3ee770) at gmain.c:4169 > ret = <optimized out> > errsv = <optimized out> > poll_func = 0x7f335d432450 <g_poll> >#2 g_main_context_iterate (context=context@entry=0x55db9c3ee770, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3863 > max_priority = 2147483647 > timeout = -1 > some_ready = <optimized out> > nfds = 1 > allocated_nfds = 1 > fds = 0x55db9c3eea40 >#3 0x00007f335d422fac in g_main_context_iteration (context=context@entry=0x55db9c3ee770, may_block=may_block@entry=1) at gmain.c:3929 > retval = <optimized out> >#4 0x00007f3353e5742d in dconf_gdbus_worker_thread (user_data=0x55db9c3ee770) at dconf-gdbus-thread.c:82 > context = 0x55db9c3ee770 >#5 0x00007f335d44a486 in g_thread_proxy (data=0x55db9c39d050) at gthread.c:784 > thread = 0x55db9c39d050 > __func__ = "g_thread_proxy" >#6 0x00007f335c7d750b in start_thread (arg=0x7f3353e4f700) at pthread_create.c:465 > pd = 0x7f3353e4f700 > now = <optimized out> > unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139858427574016, -5407825740596542360, 140730379797006, 140730379797007, 94401707233360, 140730379797136, 5374251130430129256, 5374258762756621416}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} > not_first_call = <optimized out> >#7 0x00007f335c50d16f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 >No locals. > >Thread 4 (Thread 0x7f335364e700 (LWP 5103)): >#0 0x00007f335c502c6b in __GI___poll (fds=0x7f334c007030, nfds=1, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29 > resultvar = 18446744073709551100 > sc_cancel_oldtype = 0 >#1 0x00007f335d422e99 in g_main_context_poll (priority=<optimized out>, n_fds=1, fds=0x7f334c007030, timeout=<optimized out>, context=0x7f334c005d00) at gmain.c:4169 > ret = <optimized out> > errsv = <optimized out> > poll_func = 0x7f335d432450 <g_poll> >#2 g_main_context_iterate (context=context@entry=0x7f334c005d00, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3863 > max_priority = 2147483647 > timeout = -1 > some_ready = <optimized out> > nfds = 1 > allocated_nfds = 1 > fds = 0x7f334c007030 >#3 0x00007f335d422fac in g_main_context_iteration (context=0x7f334c005d00, may_block=may_block@entry=1) at gmain.c:3929 > retval = <optimized out> >#4 0x00007f335d422ff1 in glib_worker_main (data=<optimized out>) at gmain.c:5724 >No locals. >#5 0x00007f335d44a486 in g_thread_proxy (data=0x7f334c006000) at gthread.c:784 > thread = 0x7f334c006000 > __func__ = "g_thread_proxy" >#6 0x00007f335c7d750b in start_thread (arg=0x7f335364e700) at pthread_create.c:465 > pd = 0x7f335364e700 > now = <optimized out> > unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139858419181312, -5407825740596542360, 139858427569758, 139858427569759, 139858295152640, 139858427569888, 5374252229404886120, 5374258762756621416}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} > not_first_call = <optimized out> >#7 0x00007f335c50d16f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 >No locals. >From To Syms Read Shared Object Library > No /lib64/libvte-2.91.so.0 >0x00007f335fc523d0 0x00007f335fc5f23f Yes /lib64/libz.so.1 >0x00007f335f90de00 0x00007f335f9f83fa Yes /lib64/libgnutls.so.30 >0x00007f335f059800 0x00007f335f39e579 Yes /lib64/libgtk-3.so.0 >0x00007f335ed02f00 0x00007f335ed785d7 Yes /lib64/libgdk-3.so.0 >0x00007f335eaccac0 0x00007f335ead1e2e Yes /lib64/libpangocairo-1.0.so.0 >0x00007f335e884c80 0x00007f335e8a60a6 Yes /lib64/libpango-1.0.so.0 >0x00007f335e65b1f0 0x00007f335e667ac2 Yes /lib64/libatk-1.0.so.0 >0x00007f335e443580 0x00007f335e4444f9 Yes /lib64/libcairo-gobject.so.2 >0x00007f335e132330 0x00007f335e1fcad6 Yes /lib64/libcairo.so.2 >0x00007f335deff3a0 0x00007f335df152b9 Yes /lib64/libgdk_pixbuf-2.0.so.0 >0x00007f335dcec600 0x00007f335dcf1b1e Yes /lib64/libdconf.so.1 >0x00007f335d97f810 0x00007f335da5f6e2 Yes /lib64/libgio-2.0.so.0 >0x00007f335d6fa710 0x00007f335d72c3d5 Yes /lib64/libgobject-2.0.so.0 >0x00007f335d3f2ed0 0x00007f335d46af78 Yes /lib64/libglib-2.0.so.0 >0x00007f335d1d1550 0x00007f335d1d2c43 No /lib64/libuuid.so.1 >0x00007f335cf4a120 0x00007f335cfa6d71 Yes /lib64/libpcre2-8.so.0 >0x00007f335cc25d50 0x00007f335ccacb98 Yes /lib64/libX11.so.6 >0x00007f335c9f2ac0 0x00007f335ca02de5 No /lib64/libgcc_s.so.1 >0x00007f335c7d5b10 0x00007f335c7e3941 Yes /lib64/libpthread.so.0 >0x00007f335c438770 0x00007f335c5793ac Yes /lib64/libc.so.6 >0x00007f335c11c100 0x00007f335c1cc868 No /lib64/libstdc++.so.6 >0x00007f335bd477e0 0x00007f335bde5215 Yes /lib64/libm.so.6 >0x00007f335ba3b3a0 0x00007f335bacdc56 Yes /lib64/libp11-kit.so.0 >0x00007f335b7f1700 0x00007f335b7f51d3 Yes (*) /lib64/libidn2.so.0 >0x00007f335b4814d0 0x00007f335b4b5a63 Yes /lib64/libunistring.so.2 >0x00007f335b268e50 0x00007f335b269ace Yes /lib64/libdl.so.2 >0x00007f335b052c80 0x00007f335b05d973 Yes /lib64/libtasn1.so.6 >0x00007f335ae21b90 0x00007f335ae3e54c Yes /lib64/libnettle.so.6 >0x00007f335abef7f0 0x00007f335abfdb9f Yes /lib64/libhogweed.so.4 >0x00007f335a97c540 0x00007f335a9ce368 Yes /lib64/libgmp.so.10 >0x00007f335a7690f0 0x00007f335a769fe6 Yes /lib64/libgmodule-2.0.so.0 >0x00007f335a552190 0x00007f335a55cad7 Yes /lib64/libXi.so.6 >0x00007f335a349540 0x00007f335a34b7d6 Yes /lib64/libXfixes.so.3 >0x00007f335a122720 0x00007f335a1367e8 Yes /lib64/libatk-bridge-2.0.so.0 >0x00007f3359e77b60 0x00007f3359ebcc41 Yes /lib64/libepoxy.so.0 >0x00007f3359c1f2c0 0x00007f3359c2827d Yes /lib64/libpangoft2-1.0.so.0 >0x00007f33599d6e50 0x00007f33599f6a9a Yes /lib64/libfontconfig.so.1 >0x00007f33597c8b00 0x00007f33597c9475 Yes /lib64/libXinerama.so.1 >0x00007f33595b9c90 0x00007f33595bfc85 Yes /lib64/libXrandr.so.2 >0x00007f33593aa9b0 0x00007f33593af3d0 Yes /lib64/libXcursor.so.1 >0x00007f33591a0c20 0x00007f33591a15f5 Yes /lib64/libXcomposite.so.1 >0x00007f3358f98b90 0x00007f3358f9947b Yes /lib64/libXdamage.so.1 >0x00007f3358d5c4b0 0x00007f3358d76eba Yes /lib64/libxkbcommon.so.0 >0x00007f3358b511f0 0x00007f3358b52cff No /lib64/libwayland-cursor.so.0 >0x00007f3358948640 0x00007f33589487d6 No /lib64/libwayland-egl.so.1 >0x00007f335873d380 0x00007f3358741cff No /lib64/libwayland-client.so.0 >0x00007f33585236c0 0x00007f335852d6cf Yes /lib64/libXext.so.6 >0x00007f335831a1a0 0x00007f335831d326 Yes /lib64/librt.so.1 >0x00007f335806c650 0x00007f33580e43c4 Yes /lib64/libfreetype.so.6 >0x00007f3357e51ec0 0x00007f3357e55923 Yes /lib64/libthai.so.0 >0x00007f3357bb24c0 0x00007f3357c3529d Yes /lib64/libpixman-1.so.0 >0x00007f33579754c0 0x00007f3357996ef8 Yes /lib64/libpng16.so.16 >0x00007f3357768d60 0x00007f3357769853 Yes /lib64/libxcb-shm.so.0 >0x00007f335754b9f0 0x00007f335755db15 Yes /lib64/libxcb.so.1 >0x00007f3357335080 0x00007f3357339ab8 Yes /lib64/libxcb-render.so.0 >0x00007f3357121ac0 0x00007f3357127a95 Yes /lib64/libXrender.so.1 >0x00007f3356f197c0 0x00007f3356f1df7a Yes /lib64/libffi.so.6 >0x00007f3356ca1610 0x00007f3356cf2f3d Yes /lib64/libpcre.so.1 >0x00007f3356a76ca0 0x00007f3356a8dfcf Yes /lib64/libselinux.so.1 >0x00007f335685b830 0x00007f3356867212 Yes /lib64/libresolv.so.2 >0x00007f335660ca30 0x00007f335663f868 No /lib64/libmount.so.1 >0x00007f33600c8d50 0x00007f33600e54d0 Yes /lib64/ld-linux-x86-64.so.2 >0x00007f33563d79e0 0x00007f33563e9378 Yes /lib64/libatspi.so.0 >0x00007f335617e900 0x00007f33561aa161 No /lib64/libdbus-1.so.3 >0x00007f3355ee0070 0x00007f3355f359f8 Yes /lib64/libharfbuzz.so.0 >0x00007f3355ca3a90 0x00007f3355cc0283 Yes /lib64/libexpat.so.1 >0x00007f3355a896b0 0x00007f3355a95742 No /lib64/libbz2.so.1 >0x00007f3355881360 0x00007f3355884500 Yes /lib64/libdatrie.so.1 >0x00007f3355678e20 0x00007f3355679b28 Yes /lib64/libXau.so.6 >0x00007f3355431e70 0x00007f335545dfb8 No /lib64/libblkid.so.1 >0x00007f3355221410 0x00007f3355223e0b Yes /lib64/libXtst.so.6 >0x00007f3354f9e520 0x00007f3354ff850b Yes (*) /lib64/libsystemd.so.0 >0x00007f3354d62730 0x00007f3354d83dd8 Yes /lib64/libgraphite2.so.3 >0x00007f3354a4b580 0x00007f3354b17e18 Yes /lib64/libgcrypt.so.20 >0x00007f335481b060 0x00007f3354831b02 Yes /lib64/liblzma.so.5 >0x00007f3354601f80 0x00007f3354611060 No /lib64/liblz4.so.1 >0x00007f33543eac50 0x00007f33543f4d58 Yes /lib64/libgpg-error.so.0 >0x00007f3353e53c30 0x00007f3353e58c2e Yes /usr/lib64/gio/modules/libdconfsettings.so >0x00007f3352423fd0 0x00007f335243ea96 No /usr/lib64/gio/modules/libgvfsdbus.so >0x00007f33521eb8e0 0x00007f33522028e6 No /usr/lib64/gvfs/libgvfscommon.so >0x00007f3351fd0e70 0x00007f3351fd16da Yes /lib64/libutil.so.1 >0x00007f3351dc8600 0x00007f3351dc91ba Yes /usr/lib64/gconv/ISO8859-15.so >0x00007f3350060bb0 0x00007f3350060f99 Yes /usr/lib64/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-svg.so >0x00007f33435c80b0 0x00007f33435ec781 Yes /lib64/librsvg-2.so.2 >0x00007f3343388c20 0x00007f33433a6fb5 Yes /lib64/libcroco-0.6.so.3 >0x00007f3343046500 0x00007f3343129b1e Yes /lib64/libxml2.so.2 >(*): Shared library is missing debugging information. >$1 = 0x0 >$2 = 0x0 >rax 0x0 0 >rbx 0x3fc8003f00000000 4595923690314530816 >rcx 0x55db9c3efcb0 94401707572400 >rdx 0x0 0 >rsi 0x55db9c537100 94401708912896 >rdi 0x3fc8003f00000000 4595923690314530816 >rbp 0x55db9c878a70 0x55db9c878a70 >rsp 0x7ffe584c0900 0x7ffe584c0900 >r8 0x6 6 >r9 0x7f335c54dda0 139858569125280 >r10 0x7f335c58b2e0 139858569376480 >r11 0x2074756f656d6954 2338623227815618900 >r12 0x55db9c4ff1a0 94401708683680 >r13 0x7ffe584c09a0 140730379798944 >r14 0x55db9cbfadc0 94401716006336 >r15 0x55db9c5086e0 94401708721888 >rip 0x7f335c49a4c1 0x7f335c49a4c1 <__GI___libc_free+33> >eflags 0x10206 [ PF IF RF ] >cs 0x33 51 >ss 0x2b 43 >ds 0x0 0 >es 0x0 0 >fs 0x0 0 >gs 0x0 0 >Dump of assembler code for function __GI___libc_free: > 0x00007f335c49a4a0 <+0>: push %rbx > 0x00007f335c49a4a1 <+1>: sub $0x10,%rsp > 0x00007f335c49a4a5 <+5>: mov 0x32da54(%rip),%rax # 0x7f335c7c7f00 > 0x00007f335c49a4ac <+12>: mov (%rax),%rax > 0x00007f335c49a4af <+15>: test %rax,%rax > 0x00007f335c49a4b2 <+18>: jne 0x7f335c49a560 <__GI___libc_free+192> > 0x00007f335c49a4b8 <+24>: test %rdi,%rdi > 0x00007f335c49a4bb <+27>: je 0x7f335c49a550 <__GI___libc_free+176> >=> 0x00007f335c49a4c1 <+33>: mov -0x8(%rdi),%rax > 0x00007f335c49a4c5 <+37>: lea -0x10(%rdi),%rsi > 0x00007f335c49a4c9 <+41>: test $0x2,%al > 0x00007f335c49a4cb <+43>: jne 0x7f335c49a508 <__GI___libc_free+104> > 0x00007f335c49a4cd <+45>: mov 0x32d8b4(%rip),%rdx # 0x7f335c7c7d88 > 0x00007f335c49a4d4 <+52>: cmpq $0x0,%fs:(%rdx) > 0x00007f335c49a4d9 <+57>: je 0x7f335c49a580 <__GI___libc_free+224> > 0x00007f335c49a4df <+63>: test $0x4,%al > 0x00007f335c49a4e1 <+65>: lea 0x32e738(%rip),%rdi # 0x7f335c7c8c20 <main_arena> > 0x00007f335c49a4e8 <+72>: je 0x7f335c49a4f6 <__GI___libc_free+86> > 0x00007f335c49a4ea <+74>: mov %rsi,%rax > 0x00007f335c49a4ed <+77>: and $0xfffffffffc000000,%rax > 0x00007f335c49a4f3 <+83>: mov (%rax),%rdi > 0x00007f335c49a4f6 <+86>: add $0x10,%rsp > 0x00007f335c49a4fa <+90>: xor %edx,%edx > 0x00007f335c49a4fc <+92>: pop %rbx > 0x00007f335c49a4fd <+93>: jmpq 0x7f335c4969e0 <_int_free> > 0x00007f335c49a502 <+98>: nopw 0x0(%rax,%rax,1) > 0x00007f335c49a508 <+104>: mov 0x32dd86(%rip),%edx # 0x7f335c7c8294 <mp_+52> > 0x00007f335c49a50e <+110>: test %edx,%edx > 0x00007f335c49a510 <+112>: jne 0x7f335c49a543 <__GI___libc_free+163> > 0x00007f335c49a512 <+114>: cmp 0x32dd57(%rip),%rax # 0x7f335c7c8270 <mp_+16> > 0x00007f335c49a519 <+121>: jbe 0x7f335c49a543 <__GI___libc_free+163> > 0x00007f335c49a51b <+123>: cmp $0x2000000,%rax > 0x00007f335c49a521 <+129>: ja 0x7f335c49a543 <__GI___libc_free+163> > 0x00007f335c49a523 <+131>: cmp 0x3303ee(%rip),%rsi # 0x7f335c7ca918 <dumped_main_arena_start> > 0x00007f335c49a52a <+138>: jae 0x7f335c49a570 <__GI___libc_free+208> > 0x00007f335c49a52c <+140>: and $0xfffffffffffffff8,%rax > 0x00007f335c49a530 <+144>: lea (%rax,%rax,1),%rdx > 0x00007f335c49a534 <+148>: mov %rax,0x32dd35(%rip) # 0x7f335c7c8270 <mp_+16> > 0x00007f335c49a53b <+155>: mov %rdx,0x32dd1e(%rip) # 0x7f335c7c8260 <mp_> > 0x00007f335c49a542 <+162>: nop > 0x00007f335c49a543 <+163>: add $0x10,%rsp > 0x00007f335c49a547 <+167>: mov %rsi,%rdi > 0x00007f335c49a54a <+170>: pop %rbx > 0x00007f335c49a54b <+171>: jmpq 0x7f335c4956b0 <munmap_chunk> > 0x00007f335c49a550 <+176>: add $0x10,%rsp > 0x00007f335c49a554 <+180>: pop %rbx > 0x00007f335c49a555 <+181>: retq > 0x00007f335c49a556 <+182>: nopw %cs:0x0(%rax,%rax,1) > 0x00007f335c49a560 <+192>: mov 0x18(%rsp),%rsi > 0x00007f335c49a565 <+197>: add $0x10,%rsp > 0x00007f335c49a569 <+201>: pop %rbx > 0x00007f335c49a56a <+202>: jmpq *%rax > 0x00007f335c49a56c <+204>: nopl 0x0(%rax) > 0x00007f335c49a570 <+208>: cmp 0x330399(%rip),%rsi # 0x7f335c7ca910 <dumped_main_arena_end> > 0x00007f335c49a577 <+215>: jae 0x7f335c49a52c <__GI___libc_free+140> > 0x00007f335c49a579 <+217>: jmp 0x7f335c49a543 <__GI___libc_free+163> > 0x00007f335c49a57b <+219>: nopl 0x0(%rax,%rax,1) > 0x00007f335c49a580 <+224>: mov 0x32d809(%rip),%rdx # 0x7f335c7c7d90 > 0x00007f335c49a587 <+231>: cmpb $0x0,%fs:(%rdx) > 0x00007f335c49a58b <+235>: jne 0x7f335c49a4df <__GI___libc_free+63> > 0x00007f335c49a591 <+241>: mov %rdi,%rbx > 0x00007f335c49a594 <+244>: mov %rsi,0x8(%rsp) > 0x00007f335c49a599 <+249>: callq 0x7f335c498f40 <tcache_init> > 0x00007f335c49a59e <+254>: mov -0x8(%rbx),%rax > 0x00007f335c49a5a2 <+258>: mov 0x8(%rsp),%rsi > 0x00007f335c49a5a7 <+263>: jmpq 0x7f335c49a4df <__GI___libc_free+63> >End of assembler dump. >== EXPLOITABLE ==
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=1446475">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 1584916
: 1446475 |
1446476
|
1446477
|
1446478
|
1446479
|
1446480
|
1446481
|
1446482
|
1446483
|
1446484
|
1446485
|
1446486
|
1446487