Bug 196848

Summary:	double free or corruption
Product:	[Fedora] Fedora	Reporter:	John Ellson <john.ellson>
Component:	cvs	Assignee:	Maros Barabas <mbarabas>
Status:	CLOSED RAWHIDE	QA Contact:	Ben Levenson <benl>
Severity:	medium	Docs Contact:
Priority:	medium
Version:	rawhide	CC:	mbarabas, stransky
Target Milestone:	---
Target Release:	---
Hardware:	x86_64
OS:	Linux
Whiteboard:
Fixed In Version:		Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2006-06-29 07:45:13 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:
Bug Depends On:
Bug Blocks:	150224

Description John Ellson 2006-06-27 08:20:29 UTC

Description of problem:
$ cvs -d:pserver:anonymous.sourceforge.net:/cvsroot/swig login
Logging in to :pserver:anonymous.sourceforge.net:2401/cvsroot/swig
CVS password:
*** glibc detected *** cvs: double free or corruption (fasttop):
0x000000000069a940 ***


Version-Release number of selected component (if applicable):
cvs-1.11.22-2


How reproducible:
100% on FC-devel

Not reproducable on FC5 with cvs-1.11.21-3.2

Steps to Reproduce:
1. cvs -d:pserver:anonymous.sourceforge.net:/cvsroot/swig login
2. (hit return at "CVS password:" prompt.)
3.
  
Actual results:
*** glibc detected *** cvs: double free or corruption (fasttop):
0x000000000069a940 ***
======= Backtrace: =========
/lib64/libc.so.6[0x395336dde3]
/lib64/libc.so.6(__libc_free+0x84)[0x395336df64]
cvs[0x42a6a7]
cvs[0x42c9b2]
/lib64/libc.so.6(__libc_start_main+0xf4)[0x395331d2b4]
cvs[0x4049a9]
======= Memory map: ========
00400000-00492000 r-xp 00000000 fd:00 21864866                          
/usr/bin/cvs
00691000-00694000 rw-p 00091000 fd:00 21864866                          
/usr/bin/cvs
00694000-006b6000 rw-p 00694000 00:00 0                                  [heap]
314f200000-314f20c000 r-xp 00000000 fd:00 21659780                      
/lib64/libpam.so.0.81.3
314f20c000-314f40b000 ---p 0000c000 fd:00 21659780                      
/lib64/libpam.so.0.81.3
314f40b000-314f40c000 rw-p 0000b000 fd:00 21659780                      
/lib64/libpam.so.0.81.3
3150400000-315040d000 r-xp 00000000 fd:00 21659781                      
/lib64/libgcc_s-4.1.1-20060619.so.1
315040d000-315060d000 ---p 0000d000 fd:00 21659781                      
/lib64/libgcc_s-4.1.1-20060619.so.1
315060d000-315060e000 rw-p 0000d000 fd:00 21659781                      
/lib64/libgcc_s-4.1.1-20060619.so.1
3952600000-395261a000 r-xp 00000000 fd:00 21659719                      
/lib64/ld-2.4.90.so
3952719000-395271a000 r--p 00019000 fd:00 21659719                      
/lib64/ld-2.4.90.so
395271a000-395271b000 rw-p 0001a000 fd:00 21659719                      
/lib64/ld-2.4.90.so
3952f00000-3952f11000 r-xp 00000000 fd:00 21660621                      
/lib64/libaudit.so.0.0.0
3952f11000-3953010000 ---p 00011000 fd:00 21660621                      
/lib64/libaudit.so.0.0.0
3953010000-3953012000 rw-p 00010000 fd:00 21660621                      
/lib64/libaudit.so.0.0.0
3953300000-3953440000 r-xp 00000000 fd:00 21659784                      
/lib64/libc-2.4.90.so
3953440000-395353f000 ---p 00140000 fd:00 21659784                      
/lib64/libc-2.4.90.so
395353f000-3953543000 r--p 0013f000 fd:00 21659784                      
/lib64/libc-2.4.90.so
3953543000-3953544000 rw-p 00143000 fd:00 21659784                      
/lib64/libc-2.4.90.so
3953544000-3953549000 rw-p 3953544000 00:00 0
3953800000-3953802000 r-xp 00000000 fd:00 21659888                      
/lib64/libdl-2.4.90.so
3953802000-3953902000 ---p 00002000 fd:00 21659888                      
/lib64/libdl-2.4.90.so
3953902000-3953903000 r--p 00002000 fd:00 21659888                      
/lib64/libdl-2.4.90.so
3953903000-3953904000 rw-p 00003000 fd:00 21659888                      
/lib64/libdl-2.4.90.so
3953a00000-3953a14000 r-xp 00000000 fd:00 22190775                      
/usr/lib64/libz.so.1.2.3
3953a14000-3953b13000 ---p 00014000 fd:00 22190775                      
/usr/lib64/libz.so.1.2.3
3953b13000-3953b14000 rw-p 00013000 fd:00 22190775                      
/usr/lib64/libz.so.1.2.3
3955c00000-3955c11000 r-xp 00000000 fd:00 21659875                      
/lib64/libresolv-2.4.90.so
3955c11000-3955d11000 ---p 00011000 fd:00 21659875                      
/lib64/libresolv-2.4.90.so
3955d11000-3955d12000 r--p 00011000 fd:00 21659875                      
/lib64/libresolv-2.4.90.so
3955d12000-3955d13000 rw-p 00012000 fd:00 21659875                      
/lib64/libresolv-2.4.90.so
3955d13000-3955d15000 rw-p 3955d13000 00:00 0
3959200000-3959213000 r-xp 00000000 fd:00 21660615                      
/lib64/libnsl-2.4.90.so
3959213000-3959313000 ---p 00013000 fd:00 21660615                      
/lib64/libnsl-2.4.90.so
3959313000-3959314000 r--p 00013000 fd:00 21660615                      
/lib64/libnsl-2.4.90.so
3959314000-3959315000 rw-p 00014000 fd:00 21660615                      
/lib64/libnsl-2.4.90.so
3959315000-3959317000 rw-p 3959315000 00:00 0
395d000000-395d005000 r-xp 00000000 fd:00 21659903                      
/lib64/libcrypt-2.4.90.so
395d005000-395d104000 ---p 00005000 fd:00 21659903                      
/lib64/libcrypt-2.4.90.so
395d104000-395d105000 r--p 00004000 fd:00 21659903                      
/lib64/libcrypt-2.4.90.so
395d105000-395d106000 rw-p 00005000 fd:00 21659903                      
/lib64/libcrypt-2.4.90.so
395d106000-395d134000 rw-p 395d106000 00:00 0
39ef800000-39ef802000 r-xp 00000000 fd:00 21661979                      
/lib64/libcom_err.so.2.1
39ef802000-39efa01000 ---p 00002000 fd:00 21661979                      
/lib64/libcom_err.so.2.1
39efa01000-39efa02000 rw-p 00001000 fd:00 21661979                      
/lib64/libcom_err.so.2.1
2aaaaaaab000-2aaaaaaad000 rw-p 2aaaaaaab000 00:00 0
2aaaaaad9000-2aaaaaadb000 rw-p 2aaaaaad9000 00:00 0
2aaaaaadb000-2aaaaaaf2000 r-xp 00000000 fd:00 20314345                  
/usr/lib64/libgssapi_krb5.so.2.2
2aaaaaaf2000-2aaaaacf2000 ---p 00017000 fd:00 20314345                  
/usr/lib64/libgssapi_krb5.so.2.2
2aaaaacf2000-2aaaaacf3000 rw-p 00017000 fd:00 20314345                  
/usr/lib64/libgssapi_krb5.so.2.2
2aaaaacf3000-2aaaaad0e000 r-xp 00000000 fd:00 20308116                  
/usr/lib64/libkrb4.so.2.0
2aaaaad0e000-2aaaaaf0d000 ---p 0001b000 fd:00 20308116                  
/usr/lib64/libkrb4.so.2.0
2aaaaaf0d000-2aaaaaf0f000 rw-p 0001a000 fd:00 20308116                  
/usr/lib64/libkrb4.so.2.0
2aaaaaf0f000-2aaaaaf15000 rw-p 2aaaaaf0f000 00:00 0
2aaaaaf15000-2aaaaaf18000 r-xp 00000000 fd:00 20314344                  
/usr/lib64/libdes425.so.3.0
2aaaaaf18000-2aaaab117000 ---p 00003000 fd:00 20314344                  
/usr/lib64/libdes425.so.3.0
2aaaab117000-2aaaab118000 rw-p 00002000 fd:00 20314344                  
/usr/lib64/libdes425.so.3.0
2aaaab118000-2aaaab13a000 r-xp 00000000 fd:00 20314349                  
/usr/lib64/libk5crypto.so.3.0
2aaaab13a000-2aaaab339000 ---p 00022000 fd:00 20314349                  
/usr/lib64/libk5crypto.so.3.0
2aaaab339000-2aaaab33b000 rw-p 00021000 fd:00 20314349                  
/usr/lib64/libk5crypto.so.3.0
2aaaab33b000-2aaaab33c000 rw-p 2aaaab33b000 00:00 0
2aaaab33c000-2aaaab3b0000 r-xp 00000000 fd:00 20314355                  
/usr/lib64/libkrb5.so.3.2
2aaaab3b0000-2aaaab5b0000 ---p 00074000 fd:00 20314355                  
/usr/lib64/libkrb5.so.3.2
2aaaab5b0000-2aaaab5b4000 rw-p 00074000 fd:00 20314355                  
/usr/lib64/libkrb5.so.3.2
2aaaab5b4000-2aaaab5b5000 rw-p 2aaaab5b4000 00:00 0
2aaaab5b5000-2aaaab5b8000 r-xp 00000000 fd:00 20314357                  
/usr/lib64/libkrb5support.so.0.0
2aaaab5b8000-2aaaab7b7000 ---p 00003000 fd:00 20314357                  
/usr/lib64/libkrb5support.so.0.0
2aaaab7b7000-2aaaab7b8000 rw-p 00002000 fd:00 20314357                  
/usr/lib64/libkrb5support.so.0.0
2aaaab7b8000-2aaaab7bb000 rw-p 2aaaab7b8000 00:00 0
2aaaab7bb000-2aaaab7c5000 r-xp 00000000 fd:00 21660448                  
/lib64/libnss_files-2.4.90.so
2aaaab7c5000-2aaaab8c4000 ---p 0000a000 fd:00 21660448                  
/lib64/libnss_files-2.4.90.so
2aaaab8c4000-2aaaab8c5000 r--p 00009000 fd:00 21660448                  
/lib64/libnss_files-2.4.90.so
2aaaab8c5000-2aaaab8c6000 rw-p 0000a000 fd:00 21660448                  
/lib64/libnss_files-2.4.90.so
2aaaab8f3000-2aaaab8f7000 r-xp 00000000 fd:00 21660441                  
/lib64/libnss_dns-2.4.90.so
2aaaab8f7000-2aaaab9f7000 ---p 00004000 fd:00 21660441                  
/lib64/libnss_dns-2.4.90.so
2aaaab9f7000-2aaaab9f8000 r--p 00004000 fd:00 21660441                  
/lib64/libnss_dns-2.4.90.so
2aaaab9f8000-2aaaab9f9000 rw-p 00005000 fd:00 21660441                  
/lib64/libnss_dns-2.4.90.so
2aaaaba00000-2aaaaba21000 rw-p 2aaaaba00000 00:00 0
2aaaaba21000-2aaaabb00000 ---p 2aaaaba21000 00:00 0
7fffd5291000-7fffd52a6000 rw-p 7fffd5291000 00:00 0                      [stack]
ffffffffff600000-ffffffffffe00000 ---p 00000000 00:00 0                  [vdso]


Expected results:


Additional info:

Comment 1 Maros Barabas 2006-06-27 13:33:02 UTC

Could you please run it under gdb and send more info like backtrace and so on..
? (I can't reproduce it)

Comment 2 John Ellson 2006-06-27 14:10:15 UTC

Apparently its specific to x86_64, I can't reproduce on i386.

I installed cvs-debuginfo and ran under gdb:

Program received signal SIGABRT, Aborted.
0x000000395332f925 in raise () from /lib64/libc.so.6
(gdb) where
#0  0x000000395332f925 in raise () from /lib64/libc.so.6
#1  0x0000003953331270 in abort () from /lib64/libc.so.6
#2  0x0000003953366c0b in __libc_message () from /lib64/libc.so.6
#3  0x000000395336dde3 in _int_free () from /lib64/libc.so.6
#4  0x000000395336df64 in free () from /lib64/libc.so.6
#5  0x000000000042a6a7 in login (argc=Variable "argc" is not available.
) at login.c:581
#6  0x000000000042c9b2 in main (argc=1, argv=0x699640) at main.c:980
#7  0x000000395331d2b4 in __libc_start_main () from /lib64/libc.so.6
#8  0x00000000004049a9 in _start ()
#9  0x00007fff98c14228 in ?? ()
#10 0x0000000000000000 in ?? ()
(gdb) list login.c:581
576                                   typed_password);
577
578         memset (typed_password, 0, strlen (typed_password));
579         free (typed_password);
580
581         free (cvs_password);
582         free (cvsroot_canonical);
583         cvs_password = NULL;
584
585         return 0;
(gdb) p cvs_password
$1 = 0x69a900 ""
(gdb)

Comment 3 Maros Barabas 2006-06-28 09:02:54 UTC

I can't reproduce it even on x86_64, but try package
http://people.redhat.com/stransky/barry/cvs-1.11.22-3.src.rpm please. There was
maybe only one mistake. Please send me your result.

Comment 4 John Ellson 2006-06-28 09:40:23 UTC

Yep, that works for me.

I first reverified that the problem was still occurring with cvs-1.11.22-2, then
I upgraded to cvs-1.11.22-3 and the problem was gone, then I downgraded to
cvs-1.11.22-2 and the problem came back.  So the problem is completely
reproducible here, and fixed by your latest change in cvs-1.11.22-3.  Thanks.

Comment 5 Maros Barabas 2006-06-28 12:32:13 UTC

I hope, that I completly fixed the problem. Please check this package:
http://people.redhat.com/stransky/barry/cvs-1.11.22-3.src.rpm.
Thanks.

Comment 6 John Ellson 2006-06-28 12:45:28 UTC

Yep, that works too.  

(The cvs-1.1.22-3.src.rpm in Comment #3 and Comment #5 are different, I
assume intentionally?   It would be clearer if the version number was updated.)

Comment 7 Maros Barabas 2006-06-28 12:50:46 UTC

Ok, thanks for testing.