Bug 648906

Summary: gawk regression from RHEL3/4
Product: Red Hat Enterprise Linux 6 Reporter: Vojtech Vitek <vvitek>
Component: gawkAssignee: Vojtech Vitek <vvitek>
Status: CLOSED ERRATA QA Contact: BaseOS QE - Apps <qe-baseos-apps>
Severity: medium Docs Contact:
Priority: low    
Version: 6.0CC: dkutalek, hripps, ovasik, pasteur, psplicha, ychavan
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Prior to this update gawk interpreted (under certain circumstances) some run-time variables as internal zero-length variable prototypes. When gawk tried to free such run-time variables, it actually freed the internal prototypes, that were allocated just once due to memory savings. Consequently gawk sometimes failed and the error message "awk: double free or corruption" was displayed. With this update the problem has been corrected and the error no longer occurs.
 Story Points: ---
Clone Of: 629196 Environment:
Last Closed: 2012-03-13 13:58:23 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 629196    
Bug Blocks:    

Description Vojtech Vitek 2010-11-02 13:30:20 UTC 
+++ This bug was initially created as a clone of Bug #629196 +++

Description of problem:
awk crash with traceback

Version-Release number of selected component (if applicable):
gawk-3.1.5-14.el5.i386 or x86_64


How reproducible:
always

Steps to Reproduce:
1. bash
2.echo "

jpg: 364592 x
gif: 97148 x" | awk '{ if ('\!'length($3)) $3="-"; print sprintf("%-10s%8s%10s%s", $1, $2, "", $3); }'

  
Actual results:

                            -
*** glibc detected *** awk: double free or corruption (fasttop): 0x088988f8 ***
======= Backtrace: =========
/lib/libc.so.6[0x31e5a5]
/lib/libc.so.6(cfree+0x59)[0x31e9e9]
awk(free_wstr+0x1f)[0x806ff2f]
awk(unref+0x53)[0x806ffc3]
awk(reset_record+0x68)[0x80665b8]
awk(set_record+0x10)[0x8067dd0]
awk[0x8069bb8]
awk(do_input+0x27)[0x806d187]
awk(main+0x1063)[0x806f813]
/lib/libc.so.6(__libc_start_main+0xdc)[0x2cae9c]
awk[0x804c9c1]
======= Memory map: ========
00296000-002b1000 r-xp 00000000 08:06 588324     /lib/ld-2.5.so
002b1000-002b2000 r-xp 0001a000 08:06 588324     /lib/ld-2.5.so
002b2000-002b3000 rwxp 0001b000 08:06 588324     /lib/ld-2.5.so
002b5000-00407000 r-xp 00000000 08:06 588325     /lib/libc-2.5.so
00407000-00409000 r-xp 00152000 08:06 588325     /lib/libc-2.5.so
00409000-0040a000 rwxp 00154000 08:06 588325     /lib/libc-2.5.so
0040a000-0040d000 rwxp 0040a000 00:00 0 
0040f000-00436000 r-xp 00000000 08:06 588335     /lib/libm-2.5.so
00436000-00437000 r-xp 00026000 08:06 588335     /lib/libm-2.5.so
00437000-00438000 rwxp 00027000 08:06 588335     /lib/libm-2.5.so
0043a000-0043d000 r-xp 00000000 08:06 588333     /lib/libdl-2.5.so
0043d000-0043e000 r-xp 00002000 08:06 588333     /lib/libdl-2.5.so
0043e000-0043f000 rwxp 00003000 08:06 588333     /lib/libdl-2.5.so
00b33000-00b3e000 r-xp 00000000 08:06 588348     /lib/libgcc_s-4.1.2-20080825.so.1
00b3e000-00b3f000 rwxp 0000a000 08:06 588348     /lib/libgcc_s-4.1.2-20080825.so.1
00b4b000-00b4c000 r-xp 00b4b000 00:00 0          [vdso]
08047000-08095000 r-xp 00000000 08:06 1237943    /bin/gawk
08095000-08096000 rw-p 0004d000 08:06 1237943    /bin/gawk
08096000-0809b000 rw-p 08096000 00:00 0 
08898000-088b9000 rw-p 08898000 00:00 0          [heap]
b7d53000-b7f53000 r--p 00000000 08:06 2143280    /usr/lib/locale/locale-archive
b7f53000-b7f55000 rw-p b7f53000 00:00 0 
b7f60000-b7f61000 rw-p b7f60000 00:00 0 
b7f61000-b7f68000 r--s 00000000 08:06 2316736    /usr/lib/gconv/gconv-modules.cache
bfa2d000-bfa42000 rw-p bffea000 00:00 0          [stack]
Aborted

Expected results:
                            -
                            -
jpg:        364592          x
gif:         97148          x


Additional info:

--- Additional comment from vvitek on 2010-11-02 06:46:57 EDT ---

This bug has been fixed in Fedora rawhide.

Patch was sent to upstream:
http://lists.gnu.org/archive/html/bug-gnu-utils/2010-11/msg00005.html

--- Additional comment from vvitek on 2010-11-02 06:48:57 EDT ---

Created attachment 457148 [details]
Patch sent to upstream

http://lists.gnu.org/archive/html/bug-gnu-utils/2010-11/msg00005.html

--- Additional comment from tru on 2010-11-02 08:53:51 EDT ---

thanks! :P
Comment 2 Suzanne Logcher 2011-02-15 21:44:08 UTC 
This issue was proposed for RHEL 6.1 FasTrack but did not get resolved in time.
It has been moved to RHEL 6.2 FasTrack.
Comment 11 Vojtech Vitek 2012-02-27 16:03:29 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Prior to this update gawk interpreted (under certain circumstances) some
run-time variables as internal zero-length variable prototypes. When gawk tried
to free such run-time variables, it actually freed the internal prototypes, that
were allocated just once due to memory savings. Consequently gawk sometimes
failed and the error message "awk: double free or corruption" was displayed.
With this update the problem has been corrected and the error no longer occurs.
Comment 12 errata-xmlrpc 2012-03-13 13:58:23 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0385.html
Comment 13 Martin Bříza 2012-06-13 09:33:00 UTC 
*** Bug 787703 has been marked as a duplicate of this bug. ***