Bug 214710

Summary: git-http-fetch: double free or corruption
Product: [Fedora] Fedora Reporter: Damian Wrobel <dwrobel>
Component: gitAssignee: Chris Wright <chrisw>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: medium    
Version: rawhideCC: extras-qa
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-03-19 22:46:19 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
git-http-fetch generated core file none

Description Damian Wrobel 2006-11-08 22:12:11 UTC 
Description of problem:
  Git command git-http-fetch -v -a 082f2f84be5db164280483efa7eb1549d867353d   
  http://www.kernel crashes with abort.

Version-Release number of selected component (if applicable):
git-svn-1.4.2.4-2.fc7
gitk-1.4.2.4-2.fc7
git-email-1.4.2.4-2.fc7
git-arch-1.4.2.4-2.fc7
git-1.4.2.4-2.fc7
git-core-1.4.2.4-2.fc7
git-cvs-1.4.2.4-2.fc7

  Rest of packages is from yesterday Fedora development branch.

How reproducible:
  100%

Steps to Reproduce:
  Run git-pull command on the linux kernel git repository.

Actual results:

[dw@wrobel 2.6.19-rc5]$ git-pull
Fetching refs/heads/master from
http://www.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6.git using http
error: Request for 082f2f84be5db164280483efa7eb1549d867353d aborted
*** glibc detected *** git-http-fetch: double free or corruption (!prev):
0x080a57d0 ***
======= Backtrace: =========
/lib/libc.so.6[0x4cee0e3d]
/lib/libc.so.6(cfree+0x90)[0x4cee4490]
git-http-fetch[0x804b40c]
git-http-fetch[0x804da11]
git-http-fetch[0x804a227]
git-http-fetch[0x804bdf8]
/lib/libc.so.6(__libc_start_main+0xdc)[0x4ce90e5c]
git-http-fetch[0x8049c41]
======= Memory map: ========
08048000-08061000 r-xp 00000000 08:02 24480388   /usr/bin/git-http-fetch
08061000-08062000 rw-p 00019000 08:02 24480388   /usr/bin/git-http-fetch
08062000-080ae000 rw-p 08062000 00:00 0          [heap]
4511f000-4512a000 r-xp 00000000 08:02 14796798   /lib/libgcc_s-4.1.1-20061104.so.1
4512a000-4512b000 rw-p 0000a000 08:02 14796798   /lib/libgcc_s-4.1.1-20061104.so.1
4c4ac000-4c4c5000 r-xp 00000000 08:02 14794833   /lib/ld-2.5.90.so
4c4c5000-4c4c6000 r--p 00019000 08:02 14794833   /lib/ld-2.5.90.so
4c4c6000-4c4c7000 rw-p 0001a000 08:02 14794833   /lib/ld-2.5.90.so
4c4c9000-4c4d8000 r-xp 00000000 08:02 14958804   /lib/libresolv-2.5.90.so
4c4d8000-4c4d9000 r--p 0000e000 08:02 14958804   /lib/libresolv-2.5.90.so
4c4d9000-4c4da000 rw-p 0000f000 08:02 14958804   /lib/libresolv-2.5.90.so
4c4da000-4c4dc000 rw-p 4c4da000 00:00 0 
4c4de000-4c5fa000 r-xp 00000000 08:02 14958806   /lib/libcrypto.so.0.9.8b
4c5fa000-4c60c000 rw-p 0011c000 08:02 14958806   /lib/libcrypto.so.0.9.8b
4c60c000-4c610000 rw-p 4c60c000 00:00 0 
4c612000-4c64e000 r-xp 00000000 08:02 25331015   /usr/lib/libcurl.so.4.0.0
4c64e000-4c64f000 rw-p 0003c000 08:02 25331015   /usr/lib/libcurl.so.4.0.0
4c673000-4c675000 r-xp 00000000 08:02 14958805   /lib/libcom_err.so.2.1
4c675000-4c676000 rw-p 00001000 08:02 14958805   /lib/libcom_err.so.2.1
4c6a9000-4c72e000 r-xp 00000000 08:02 25334836   /usr/lib/libkrb5.so.3.2
4c72e000-4c730000 rw-p 00084000 08:02 25334836   /usr/lib/libkrb5.so.3.2
4c732000-4c757000 r-xp 00000000 08:02 25334835   /usr/lib/libk5crypto.so.3.0
4c757000-4c758000 rw-p 00025000 08:02 25334835   /usr/lib/libk5crypto.so.3.0
4c75a000-4c761000 r-xp 00000000 08:02 25334833   /usr/lib/libkrb5support.so.0.1
4c761000-4c762000 rw-p 00006000 08:02 25334833   /usr/lib/libkrb5support.so.0.1
4c764000-4c7a5000 r-xp 00000000 08:02 14958807   /lib/libssl.so.0.9.8b
4c7a5000-4c7a9000 rw-p 00040000 08:02 14958807   /lib/libssl.so.0.9.8b
4c7ab000-4c7d5000 r-xp 00000000 08:02 25334837   /usr/lib/libgssapi_krb5.so.2.2
4c7d5000-4c7d6000 rw-p 00029000 08:02 25334837   /usr/lib/libgssapi_krb5.so.2.2
4ca69000-4ca99000 r-xp 00000000 08:02 25334933   /usr/lib/libidn.so.11.5.19
4ca99000-4ca9a000 rw-p 0002f000 08:02 25334933   /usr/lib/libidn.so.11.5.19
4ce7b000-4cfb2000 r-xp 00000000 08:02 14795760   /lib/libc-2.5.90.so
4cfb2000-4cfb4000 r--p 00137000 08:02 14795760   /lib/libc-2.5.90.so
4cfb4000-4cfb5000 rw-p 00139000 08:02 14795760   /lib/libc-2.5.90.so
4cfb5000-4cfb8000 rw-p 4cfb5000 00:00 0 
4cfe3000-4cfe5000 r-xp 00000000 08:02 14795762   /lib/libdl-2.5.90.so
4cfe5000-4cfe6000 r--p 00001000 08:02 14795762   /lib/libdl-2.5.90.so
4cfe6000-4cfe7000 rw-p 00002000 08:02 14795762   /lib/libdl-2.5.90.so
4d002000-4d014000 r-xp 00000000 08:02 25330636   /usr/lib/libz.so.1.2.3
4d014000-4d015000 rw-p 00011000 08:02 25330636   /usr/lib/libz.so.1.2.3
4d1bc000-4d1db000 r-xp 00000000 08:02 14958797   /lib/libexpat.so.0.5.0
4d1db000-4d1dd000 rw-p 0001e000 08:02 14958797   /lib/libexpat.so.0.5.0
a9500000-a9521000 rw-p a9500000 00:00 0 
a9521000-a9600000 ---p a9521000 00:00 0 
a96c9000-b08d8000 r--p 00000000 08:02 27675479  
/home/dw/projects/linux-2.6/2.6.19-rc5/.git/objects/pack/pack-b247c4c1c1fb2b05f968d30e59ce3c2d37e4b948.pack
b08d8000-b0e2f000 r--p 00000000 08:02 27675486  
/home/dw/projects/linux-2.6/2.6.19-rc5/.git/objects/pack/pack-b247c4c1c1fb2b05f968d30e59ce3c2d37e4b948.idx
b0e2f000-b14ec000 r--p 00000000 08:02 27675485  
/home/dw/projects/linux-2.6/2.6.19-rc5/.git/objects/pack/pack-1d309de746f2b624d754622834d93b394bf43488.idx
b14ec000-b1a52000 r--p 00000000 08:02 27675484  
/home/dw/projects/linux-2.6/2.6.19-rc5/.git/objects/pack/pack-b8cadaba308f7b1b641b59529878d1763a719456.idx
b1a52000-b1faf000 r--p 00000000 08:02 27675483  
/home/dw/projects/linux-2.6/2.6.19-rc5/.git/objects/pack/pack-e92eb40ed7bf50033863955a07bad2f434897ad3.idx
b1faf000-b267c000 r--p 00000000 08:02 27675488  
/home/dw/projects/linux-2.6/2.6.19-rc5/.git/objects/pack/pack-1be8996e83e570ebc4db11557ce2f08e140f553f.idx
b267c000-b2ab5000 r--p 00000000 08:02 27675480  
/home/dw/projects/linux-2.6/2.6.19-rc5/.git/objects/pack/pack-f441e4383150183821d69d8cf0ed098895c56c57.idx
b2ab5000-b2f12000 r--p 00000000 08:02 27675478  
/home/dw/projects/linux-2.6/2.6.19-rc5/.git/objects/pack/pack-a48d6398d664d9459f6cd25d96a53c740ed9c72f.idx
b2f12000-b373f000 r--p 00000000 08:02 24840170  
/home/dw/projects/linux-2.6/2.6.19-rc5/.git/objects/pack/pack-8d33a4b6429aa8a1147d60cf4b7bf4da072a9f2d.idx
b373f000-b3b92000 r--p 00000000 08:02 27675475  
/home/dw/projects/linux-2.6/2.6.19-rc5/.git/objects/pack/pack-f205091d37d8566e776aaac29581a186ee418f59.idx
b3b92000-b4005000 r--p /usr/bin/git-fetch: line 288: 11493 Aborted             
   (core dumped) git-http-fetch -v -a "$head" "$remote/"


Expected results:

Update git repository.
Comment 1 Damian Wrobel 2006-11-08 22:12:11 UTC 
Created attachment 140724 [details]
git-http-fetch generated core file
Comment 2 Damian Wrobel 2006-11-18 21:39:14 UTC 
Valgrind output:

==16029== 
==16029== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 33 from 1)
==16029== 
==16029== 1 errors in context 1 of 1:
==16029== Invalid free() / delete / delete[]
==16029==    at 0x401FFDA: free (vg_replace_malloc.c:233)
==16029==    by 0x804B40B: process_alternates_response (git-compat-util.h:89)
==16029==    by 0x804DA10: pretty_print_commit (commit.c:587)
==16029==    by 0x804A226: http_options (http.c:140)
==16029==    by 0x804BDF7: remote_ls (http-fetch.c:867)
==16029==    by 0x4055E5B: (below main) (in /lib/libc-2.5.90.so)
==16029==  Address 0x41FB4E0 is 0 bytes inside a block of size 120 free'd
==16029==    at 0x401FFDA: free (vg_replace_malloc.c:233)
==16029==    by 0x804B99C: process_ls_pack (http-fetch.c:900)
==16029==    by 0x804BC47: remote_ls (http-fetch.c:849)
==16029==    by 0x804CAE6: fetch (http-fetch.c:1135)
==16029==    by 0x8049DAF: ??? (http.c:188)
==16029==    by 0x804A118: http_options (http.c:116)
==16029==    by 0x804BDF7: remote_ls (http-fetch.c:867)
==16029==    by 0x4055E5B: (below main) (in /lib/libc-2.5.90.so)
Comment 3 Chris Wright 2006-12-11 08:22:07 UTC 
Is this still an issue?
Comment 4 Damian Wrobel 2006-12-12 19:51:44 UTC 
Yes, it is :-(

Using the following version:

git-core-1.4.4.2-2.fc7
cogito-0.18.2-2.fc7

Trying to clone the repository gives the following result:

cg-clone http://www.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6.git  
defaulting to local storage area
Fetching head...
Fetching objects...
*** glibc detected *** git-http-fetch: double free or corruption (fasttop):
0x080898d8 ***
======= Backtrace: =========
/lib/libc.so.6[0x44bcae3d]
/lib/libc.so.6(cfree+0x90)[0x44bce490]
git-http-fetch[0x804b2ec]
git-http-fetch[0x804c671]
git-http-fetch[0x804a0c7]
git-http-fetch[0x804b5a8]
/lib/libc.so.6(__libc_start_main+0xdc)[0x44b7ae5c]
git-http-fetch[0x8049ae1]
======= Memory map: ========
08048000-08062000 r-xp 00000000 08:02 24482081   /usr/bin/git-http-fetch
08062000-08063000 rw-p 00019000 08:02 24482081   /usr/bin/git-http-fetch
08063000-080b3000 rw-p 08063000 00:00 0          [heap]
44194000-441af000 r-xp 00000000 08:02 14795862   /lib/ld-2.5.90.so
441af000-441b0000 r--p 0001a000 08:02 14795862   /lib/ld-2.5.90.so
441b0000-441b1000 rw-p 0001b000 08:02 14795862   /lib/ld-2.5.90.so
441b3000-441c3000 r-xp 00000000 08:02 14958617   /lib/libresolv-2.5.90.so
441c3000-441c4000 r--p 0000f000 08:02 14958617   /lib/libresolv-2.5.90.so
441c4000-441c5000 rw-p 00010000 08:02 14958617   /lib/libresolv-2.5.90.so
441c5000-441c7000 rw-p 441c5000 00:00 0 
441c9000-442e5000 r-xp 00000000 08:02 14958619   /lib/libcrypto.so.0.9.8b
442e5000-442f7000 rw-p 0011c000 08:02 14958619   /lib/libcrypto.so.0.9.8b
442f7000-442fb000 rw-p 442f7000 00:00 0 
442fd000-442ff000 r-xp 00000000 08:02 14958618   /lib/libcom_err.so.2.1
442ff000-44300000 rw-p 00001000 08:02 14958618   /lib/libcom_err.so.2.1
44335000-4435a000 r-xp 00000000 08:02 25335236   /usr/lib/libk5crypto.so.3.0
4435a000-4435b000 rw-p 00025000 08:02 25335236   /usr/lib/libk5crypto.so.3.0
44376000-443a0000 r-xp 00000000 08:02 25335268   /usr/lib/libgssapi_krb5.so.2.2
443a0000-443a1000 rw-p 00029000 08:02 25335268   /usr/lib/libgssapi_krb5.so.2.2
443a3000-443aa000 r-xp 00000000 08:02 25335225   /usr/lib/libkrb5support.so.0.1
443aa000-443ab000 rw-p 00006000 08:02 25335225   /usr/lib/libkrb5support.so.0.1
443ad000-443e9000 r-xp 00000000 08:02 25335671   /usr/lib/libcurl.so.4.0.0
443e9000-443ea000 rw-p 0003c000 08:02 25335671   /usr/lib/libcurl.so.4.0.0
443f5000-4447a000 r-xp 00000000 08:02 25335264   /usr/lib/libkrb5.so.3.2
4447a000-4447c000 rw-p 00084000 08:02 25335264   /usr/lib/libkrb5.so.3.2
4447e000-444bf000 r-xp 00000000 08:02 14958620   /lib/libssl.so.0.9.8b
444bf000-444c3000 rw-p 00040000 08:02 14958620   /lib/libssl.so.0.9.8b
44730000-44760000 r-xp 00000000 08:02 25335480   /usr/lib/libidn.so.11.5.22
44760000-44761000 rw-p 0002f000 08:02 25335480   /usr/lib/libidn.so.11.5.22
44b65000-44cb0000 r-xp 00000000 08:02 14795880   /lib/libc-2.5.90.so
44cb0000-44cb2000 r--p 0014b000 08:02 14795880   /lib/libc-2.5.90.so
44cb2000-44cb3000 rw-p 0014d000 08:02 14795880   /lib/libc-2.5.90.so
44cb3000-44cb6000 rw-p 44cb3000 00:00 0 
44ce3000-44ce6000 r-xp 00000000 08:02 14958607   /lib/libdl-2.5.90.so
44ce6000-44ce7000 r--p 00002000 08:02 14958607   /lib/libdl-2.5.90.so
44ce7000-44ce8000 rw-p 00003000 08:02 14958607   /lib/libdl-2.5.90.so
44d04000-44d16000 r-xp 00000000 08:02 25330695   /usr/lib/libz.so.1.2.3
44d16000-44d17000 rw-p 00011000 08:02 25330695   /usr/lib/libz.so.1.2.3
44ebe000-44edd000 r-xp 00000000 08:02 14958614   /lib/libexpat.so.0.5.0
44edd000-44edf000 rw-p 0001e000 08:02 14958614   /lib/libexpat.so.0.5.0
4500e000-45019000 r-xp 00000000 08:02 14958616   /lib/libgcc_s-4.1.1-20061130.so.1
45019000-4501a000 rw-p 0000a000 08:02 14958616   /lib/libgcc_s-4.1.1-20061130.so.1
b7e00000-b7e21000 rw-p b7e00000 00:00 0 
b7e21000-b7f00000 ---p b7e21000 00:00 0 
b7fbc000-b7fc6000 r-xp 00000000 08:02 14796314   /lib/libnss_files-2.5.90.so
b7fc6000-b7fc7000 r--p 00009000 08:02 14796314   /lib/libnss_files-2.5.90.so
b7fc7000-b7fc8000 rw-p 0000a000 08:02 14796314   /lib/libnss_files-2.5.90.so
b7fc8000-b7fcc000 rw-p b7fc8000 00:00 0 
b7fe7000-b7fe8000 rw-p b7fe7000 00:00 0 
b7fe8000-b7fe9000 r-xp b7fe8000 00:00 0          [vdso]
bf9a9000-bf9bf000 rw-p bf9a9000 00:00 0          [stack]
error: Request for 4259cb25d436a79bf6b07d8075423573567c211d aborted
progress: 0 objects, 0 bytes
cg-fetch: objects fetch failed
Comment 5 Chris Wright 2007-03-19 22:46:19 UTC 
This has been fixed since git 1.5.0.x.  Also this is a dup of 219980, which
contains pointers to the upstream discussion and fix.

*** This bug has been marked as a duplicate of 219980 ***