Bug 109971
Summary: | LTC5316-use free not munmap to deallocate space allocated using mmap | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 3 | Reporter: | IBM Bug Proxy <bugproxy> |
Component: | glibc | Assignee: | Jakub Jelinek <jakub> |
Status: | CLOSED WONTFIX | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | 3.0 | ||
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | powerpc | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2004-10-03 20:16:53 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Can you reproduce it with GCC? fp->_IO_save_base is certainly allocated with malloc in glibc sources. No testcase provided on which this could be reproduced and code inspection doesn't reveal any problems. Please reopen if you have self-contained testcase. |
The following has be reported by IBM LTC: use free not munmap to deallocate space allocated using mmap Hardware Environment: PPC64 Software Environment: RHEL3 RC3 (GAed) Steps to Reproduce: 1. cp spec2000 vortex source and input data 2. Use IBM compiler, cc_r -qsmp -O2 -qipa=level=2 -I_FVT -I_USE_TEST_DATA -I_END_XOPTS - qalias=noansi -o vortex src/*.c 3. ./vortex bendian.raw Actual Results: free(): invalid pointer 0x4001a000! Memory fault Return code: 139 Expected Results: Return code: 0 Additional Information: The problem looks like that on libio/genops, they are calling free(fp- >_IO_save_base) but the address is there was allocated using mmap, not free, so it should be deallocated by calling munmap. There is a macro called FREE_BUF, which is what I think should be used to do this deallocation. It is defined to 'munmap' if mmap is being used, and to 'free' otherwise.This is a GA bug, seems generic. Over to Service.Glen/Greg - Yes, this should be submitted to Red Hat. Thanks. Shimin - thanks for the good details.