Bug 150647 – glibc detected free(): invalid next size (fast): 0x08bfc970

Bug 150647 - glibc detected free(): invalid next size (fast): 0x08bfc970

Summary:	glibc detected free(): invalid next size (fast): 0x08bfc970

Status:	CLOSED NOTABUG

Aliases:	None

Product:	Red Hat Enterprise Linux 4
Classification:	Red Hat
Component:	glibc (Show other bugs)
Sub Component:
Version:	4.0
Hardware:	All Linux

Priority	medium Severity medium
Target Milestone:	---
Target Release:	---
Assigned To:	Jakub Jelinek
QA Contact:	Brian Brock
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2005-03-09 04:47 EST by Milan Kerslager
Modified:	2007-11-30 17:07 EST (History)
CC List:	0 users

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2005-03-09 04:57:17 EST
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Milan Kerslager 2005-03-09 04:47:32 EST

See the bug #150582 for more info.

It seems that this bug affect FC3 and RHEL4 and is related to glibc (try Google).

Comment 1 Jakub Jelinek 2005-03-09 04:57:17 EST

This is not a bug in glibc, but in the application that triggered it.
glibc just reports that the application has broken memory allocation handling
and terminates the process, as that can be a sign of exploit.

If you run the program with MALLOC_CHECK_=0, these checks will be gone
(unless the program is suid/sgid).

The program should be run under valgrind or LD_PRELOAD=libefence.so.0 to
find out where exactly its memory allocation handling is broken.

Comment 2 Milan Kerslager 2005-03-09 05:12:48 EST

Is this a new feature in glibc in compare to RHEL3's glibc?

Comment 3 Jakub Jelinek 2005-03-09 05:15:29 EST

Yes, see RELEASE-NOTES:
    glibc

     o The version of glibc provided with Red Hat Enterprise Linux 4 performs
       additional internal sanity checks to prevent and detect data
       corruption as early as possible. By default, should corruption be
       detected, a message similar to the following will be displayed on
       standard error (or logged via syslog if stderr is not open):

       *** glibc detected *** double free or corruption: 0x0937d008 ***

       By default, the program that generated this error will also be killed;
       however, this (and whether or not an error message is generated) can
       be controlled via the MALLOC_CHECK_ environment variable. The
       following settings are supported:

          o 0 -- Do not generate an error message, and do not kill the
            program

          o 1 -- Generate an error message, but do not kill the program

          o 2 -- Do not generate an error message, but kill the program

          o 3 -- Generate an error message and kill the program

  Note

       If MALLOC_CHECK_ is explicitly set a value other than 0, this causes
       glibc to perform more tests that are more extensive than the default,
       and may impact performance.

       Should you have a program from a third party ISV that triggers these
       corruption checks and displays a message, you should file a defect
       report with the application's vendor, since this indicates a serious
       bug.

Comment 4 Milan Kerslager 2005-03-09 05:23:04 EST

Thank you for your exact and fast help. I did not make a connection between
those two informations.

So it seems that Samba from RHEL4 has a serious bug...

Note You need to log in before you can comment on or make changes to this bug.