Bug 91280

Summary: Programs compiled against libc and libm produces segmentation faults.
Product: [Retired] Red Hat Linux Reporter: Bernard Heymann <bernardh>
Component: libcAssignee: Jakub Jelinek <jakub>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 9   
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2003-07-10 21:08:43 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Software package
none
Library to the Bsoft package
none
Example image for the Bsoft package none

Description Bernard Heymann 2003-05-20 19:11:21 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.3)
Gecko/20030312

Description of problem:
I have a multiplatform package that compiles and runs fine on many platforms,
including previous Redhat Linux distributions (up to 8). Compiling it on Redhat
9 causes a specific segmentation fault which I traced to the particular libc and
libm shared objects in /lib/tls. If I create links to the corresponding shared
objects in /lib, my package runs, but when I log out, the login screen never
comes up. Also on reboot, the X-server refuses to come up. The conclusion is
that something is wrong with /lib/tls/libc-2.3.2.so and/or /lib/tls/libm-2.3.2.so.

More detail: Here is what I get when I run gdb on a core file:
[bheymann@Callisto] 511 (~/projects/rubisco): gdb bhead core.1256
GNU gdb Red Hat Linux (5.3post-0.20021129.18rh)
Copyright 2003 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux-gnu"...
Core was generated by `bhead -v7 t.map t2.map'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /home4/EMprogs/bsoft_linux/lib/libbsoft.so...done.
Loaded symbols for /home4/EMprogs/bsoft_linux/lib/libbsoft.so
Reading symbols from /usr/lib/libstdc++.so.5...done.
Loaded symbols for /usr/lib/libstdc++.so.5
Reading symbols from /lib/tls/libm.so.6...done.
Loaded symbols for /lib/tls/libm.so.6
Reading symbols from /lib/libgcc_s.so.1...done.
Loaded symbols for /lib/libgcc_s.so.1
Reading symbols from /lib/tls/libc.so.6...done.
Loaded symbols for /lib/tls/libc.so.6
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
#0  0x420744f5 in _int_malloc () from /lib/tls/libc.so.6
(gdb) where
#0  0x420744f5 in _int_malloc () from /lib/tls/libc.so.6
#1  0x4207360b in malloc () from /lib/tls/libc.so.6
#2  0x400bd068 in balloc(long) (memsize=1108550432) at utilities.c:165
#3  0x40056df5 in img_read_data(_IO_FILE*, Bimage*, int, int, int, int) (
    fimg=0x804b9a0, p=0x804b388, select=0, swap=0, vax=0, pad=0) at rwimg.c:223
#4  0x40052714 in readCCP4(Bimage*) (p=0x804b388) at rwCCP4.c:134
#5  0x400569a1 in read_img(char*, int, int) (filename=0xbffff5c8 "t.map",
    readdataflag=1, select=-1) at rwimg.c:114
#6  0x0804914b in main (argc=4, argv=0xbfffdcc4) at bhead.c:152
#7  0x420156a4 in __libc_start_main () from /lib/tls/libc.so.6
(gdb) up
#1  0x4207360b in malloc () from /lib/tls/libc.so.6
(gdb) up
#2  0x400bd068 in balloc(long) (memsize=1108550432) at utilities.c:165
165             if ( ( ptr = (char *) malloc(memsize*sizeof(char)) ) == NULL ) {
Current language:  auto; currently c++
(gdb) up
#3  0x40056df5 in img_read_data(_IO_FILE*, Bimage*, int, int, int, int) (
    fimg=0x804b9a0, p=0x804b388, select=0, swap=0, vax=0, pad=0) at rwimg.c:223
223             char*                   data = (char *) balloc(datasize*sizeof(c
har));
(gdb) p datasize
$1 = 40000
(gdb) quit

The key line is #2, where the argument (memsize=1108550432) passed into the
function balloc is incorrect, regardless of the actual value passed
(datasize=40000). It seems there is a problem with the argument passing.

Version-Release number of selected component (if applicable):
libc-2.3.2.so

How reproducible:
Always

Steps to Reproduce:
1. Install Bsoft: Unpack tgz file
2. Compile under Redhat 9: type "bmake" in the bsoft directory
3. Run a program, reading and writing an image file:
bimg -v7 img.pif out.pif

Actual Results:  Segmentation fault
Cause: Failure in memory allocation because the wrong argument value was passed
to the function calling malloc.

Expected Results:  Correct memory allocating, reading and writing of the data files.

Additional info:
Comment 1 Bernard Heymann 2003-05-20 19:30:06 UTC 
Created attachment 91840 [details]
Software package

Unpack into a previously created directory called "bsoft":
tar xzvf bsoft20030520.tgz

Also unpack the associated file in the same directory:
tar xzvf lib20030520.tgz

In the bsoft directory, compile with:
bmake

The bsoft.cshrc file contains the required environmental variables to run the
programs.
Comment 2 Bernard Heymann 2003-05-20 19:31:18 UTC 
Created attachment 91841 [details]
Library to the Bsoft package

Unpack inside the bsoft directory:
tar xzvf lib20030520.tgz
Comment 3 Bernard Heymann 2003-05-20 19:33:01 UTC 
Created attachment 91842 [details]
Example image for the Bsoft package

Read this image and write a new image with the Bsoft program, bimg:
bimg -v7 img.pif out.pif
Comment 4 Jakub Jelinek 2003-05-21 09:45:52 UTC 
That looks like memory corruption in your program. Try running it under
ElectricFence, with MALLOC_CHECK_=3 in environment or under valgrind.
Comment 5 Bernard Heymann 2003-05-21 17:58:25 UTC 
I compiled and run valgrind with a couple of my programs, finding a few minor
transgressions. However, using valgrind the bug I reported here did not show up
and the programs ran normally. Outside valgrind, I got the segmentation fault as
mentioned in the original bug report. I'm confident this is not a memory
corruption issue, as I have some memory-checking built into the package and I'm
conscientiously eliminating memory allocation and deallocation inconsistencies.
In addition, this package runs on at least 5 other platforms as well as previous
Redhat systems (8 and before). I really think it is a problem in the libraries
/lib/tls/libc-2.3.2.so and/or /lib/tls/libm-2.3.2.so (probably
/lib/tls/libc-2.3.2.so).
Comment 6 Bernard Heymann 2003-07-10 21:10:03 UTC 
Problem solved by upgrading glibc using the following rpms:
atrpms-kickstart-9-2.i386.rpm
gd-2.0.8-5.i686.rpm
glibc-2.3.2-57.i686.rpm
glibc-common-2.3.2-57.i386.rpm
glibc-debug-2.3.2-57.i386.rpm
glibc-devel-2.3.2-57.i386.rpm
glibc-kernheaders-2.4-8.18.i386.rpm
glibc-profile-2.3.2-57.i386.rpm
glibc-utils-2.3.2-57.i386.rpm
nptl-devel-2.3.2-57.i686.rpm