Red Hat Bugzilla – Bug 150647
glibc detected free(): invalid next size (fast): 0x08bfc970
Last modified: 2007-11-30 17:07:16 EST
See the bug #150582 for more info.
It seems that this bug affect FC3 and RHEL4 and is related to glibc (try Google).
This is not a bug in glibc, but in the application that triggered it.
glibc just reports that the application has broken memory allocation handling
and terminates the process, as that can be a sign of exploit.
If you run the program with MALLOC_CHECK_=0, these checks will be gone
(unless the program is suid/sgid).
The program should be run under valgrind or LD_PRELOAD=libefence.so.0 to
find out where exactly its memory allocation handling is broken.
Is this a new feature in glibc in compare to RHEL3's glibc?
Yes, see RELEASE-NOTES:
o The version of glibc provided with Red Hat Enterprise Linux 4 performs
additional internal sanity checks to prevent and detect data
corruption as early as possible. By default, should corruption be
detected, a message similar to the following will be displayed on
standard error (or logged via syslog if stderr is not open):
*** glibc detected *** double free or corruption: 0x0937d008 ***
By default, the program that generated this error will also be killed;
however, this (and whether or not an error message is generated) can
be controlled via the MALLOC_CHECK_ environment variable. The
following settings are supported:
o 0 -- Do not generate an error message, and do not kill the
o 1 -- Generate an error message, but do not kill the program
o 2 -- Do not generate an error message, but kill the program
o 3 -- Generate an error message and kill the program
If MALLOC_CHECK_ is explicitly set a value other than 0, this causes
glibc to perform more tests that are more extensive than the default,
and may impact performance.
Should you have a program from a third party ISV that triggers these
corruption checks and displays a message, you should file a defect
report with the application's vendor, since this indicates a serious
Thank you for your exact and fast help. I did not make a connection between
those two informations.
So it seems that Samba from RHEL4 has a serious bug...