Bug 151410 - gdb: double free or corruption (out)
gdb: double free or corruption (out)
Status: CLOSED DUPLICATE of bug 162882
Product: Fedora
Classification: Fedora
Component: gdb (Show other bugs)
4
i386 Linux
medium Severity high
: ---
: ---
Assigned To: Jan Kratochvil
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-03-17 13:08 EST by Michael Schwendt
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-08-14 19:06:38 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Michael Schwendt 2005-03-17 13:08:58 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050308 Firefox/1.0.1 Fedora/1.0.1-5

Description of problem:
While trying to debug a segfault in Sylpheed using ddd:

(gdb) list 'procheader_get_one_field'
*** glibc detected *** gdb: double free or corruption (out): 0xbff96158 ***
======= Backtrace: =========
/lib/tls/libc.so.6[0xc3b6d8]
/lib/tls/libc.so.6(__libc_free+0x77)[0xc3bc89]
gdb(find_line_pc_range+0x21)[0x80f2b2a]
gdb[0x80ddaed]
gdb(execute_command+0x2f0)[0x80843f6]
gdb[0x810fd70]
gdb[0x81102be]
gdb(rl_callback_read_char+0x55)[0x81e8504]
gdb[0x810f6eb]
gdb[0x810efdd]
gdb[0x810eaeb]
gdb(gdb_do_one_event+0x124)[0x810f282]
gdb[0x8083eb4]
gdb(catch_errors+0x4c)[0x808405c]
gdb[0x80c11e7]
gdb(current_interp_command_loop+0x35)[0x810ca78]
gdb[0x807b2ab]
gdb[0x8083eb4]
gdb(catch_errors+0x4c)[0x808405c]
gdb[0x807bb11]
gdb[0x8083eb4]
gdb(catch_errors+0x4c)[0x808405c]
gdb(gdb_main+0x31)[0x807c306]
gdb(main+0x3f)[0x807b297]
/lib/tls/libc.so.6(__libc_start_main+0xc6)[0xbeddb6]
gdb[0x807b1d1]
======= Memory map: ========
002c9000-002d2000 r-xp 00000000 03:07 352417     /lib/libgcc_s-4.0.0-20050309.so.1
002d2000-002d3000 rwxp 00009000 03:07 352417     /lib/libgcc_s-4.0.0-20050309.so.1
005fd000-00635000 r-xp 00000000 03:07 196923     /usr/lib/libncurses.so.5.4
00635000-0063d000 rwxp 00038000 03:07 196923     /usr/lib/libncurses.so.5.4
0063d000-0063e000 rwxp 0063d000 00:00 0 
00649000-0064e000 r-xp 00000000 03:07 288366     /lib/tls/libthread_db-1.0.so
0064e000-0064f000 r-xp 00004000 03:07 288366     /lib/tls/libthread_db-1.0.so
0064f000-00650000 rwxp 00005000 03:07 288366     /lib/tls/libthread_db-1.0.so
00bbb000-00bd5000 r-xp 00000000 03:07 352415     /lib/ld-2.3.4.so
00bd5000-00bd6000 r-xp 00019000 03:07 352415     /lib/ld-2.3.4.so
00bd6000-00bd7000 rwxp 0001a000 03:07 352415     /lib/ld-2.3.4.so
00bd9000-00cf7000 r-xp 00000000 03:07 488392     /lib/tls/libc-2.3.4.so
00cf7000-00cf9000 r-xp 0011d000 03:07 488392     /lib/tls/libc-2.3.4.so
00cf9000-00cfb000 rwxp 0011f000 03:07 488392     /lib/tls/libc-2.3.4.so
00cfb000-00cfd000 rwxp 00cfb000 00:00 0 
00cff000-00d1f000 r-xp 00000000 03:07 488393     /lib/tls/libm-2.3.4.so
00d1f000-00d20000 r-xp 0001f000 03:07 488393     /lib/tls/libm-2.3.4.so
00d20000-00d21000 rwxp 00020000 03:07 488393     /lib/tls/libm-2.3.4.so
00d23000-00d25000 r-xp 00000000 03:07 352416     /lib/libdl-2.3.4.so
00d25000-00d26000 r-xp 00001000 03:07 352416     /lib/libdl-2.3.4.so
00d26000-00d27000 rwxp 00002000 03:07 352416     /lib/libdl-2.3.4.so
08048000-08273000 r-xp 00000000 03:07 211098     /usr/bin/gdb
08273000-0827f000 rw-p 0022b000 03:07 211098     /usr/bin/gdb
0827f000-08299000 rw-p 0827f000 00:00 0 
097ad000-09a70000 rw-p 097ad000 00:00 0 
b7b00000-b7b21000 rw-p b7b00000 00:00 0 
b7b21000-b7c00000 ---p b7b21000 00:00 0 
b7d01000-b7fd8000 rw-p b7d01000 00:00 0 
b7fea000-b7fed000 rw-p b7fea000 00:00 0 
bff91000-c0000000 rw-p bff91000 00:00 0 
ffffe000-fffff000 ---p 00000000 00:00 0 

Aborted


Version-Release number of selected component (if applicable):
gdb-6.3.0.0-0.29

How reproducible:
Always

Steps to Reproduce:
-  

Additional info:
Comment 1 Michael Schwendt 2005-03-17 13:14:50 EST
Backtrace with gdb debuginfo:

#0  0x00bbb7e2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
#1  0x00c00a7c in raise () from /lib/tls/libc.so.6
#2  0x00c021c8 in abort () from /lib/tls/libc.so.6
#3  0x00c35aea in __libc_message () from /lib/tls/libc.so.6
#4  0x00c3b6d8 in _int_free () from /lib/tls/libc.so.6
#5  0x00c3bc89 in free () from /lib/tls/libc.so.6
#6  0x080f2b2a in find_line_pc_range (sal=
      {symtab = 0x959298c, section = 0x937d818, line = 42, pc = 134790016, end =
 134790025}, startptr=0xbff582c0, endptr=0xbff582c4)
    at ../../gdb-6.3/gdb/symtab.c:2432
#7  0x080ddaed in line_info (arg=0x9519230 "\214)Y\t\030Ø7\t*", from_tty=0)
    at ../../gdb-6.3/gdb/source.c:1351
#8  0x080843f6 in execute_command (p=0x92e9073 "'", from_tty=0)
    at ../../gdb-6.3/gdb/top.c:733
#9  0x0810fd70 in command_handler (command=0x92e9050 "")
    at ../../gdb-6.3/gdb/event-top.c:500
#10 0x081102be in command_line_handler (
    rl=0x94c3cf8 "info line 'procheader_get_one_field'")
    at ../../gdb-6.3/gdb/event-top.c:799
#11 0x081e8504 in rl_callback_read_char ()
    at ../../gdb-6.3/readline/callback.c:123
#12 0x0810f6eb in rl_callback_read_char_wrapper (client_data=0x0)
    at ../../gdb-6.3/gdb/event-top.c:166
#13 0x0810efdd in handle_file_event (event_file_desc=6)
    at ../../gdb-6.3/gdb/event-loop.c:721
#14 0x0810eaeb in process_event () at ../../gdb-6.3/gdb/event-loop.c:334
#15 0x0810f282 in gdb_do_one_event (data=0x0)
    at ../../gdb-6.3/gdb/event-loop.c:371
#16 0x08083eb4 in catcher (func=0x8083fff <do_catch_errors>, 
    func_uiout=0x9317c70, func_args=0xbff58580, func_val=0xbff58578, 
    func_caught=0xbff5857c, errstring=0x0, gdberrmsg=0x0, mask=6)
    at ../../gdb-6.3/gdb/top.c:431
#17 0x0808405c in catch_errors (func=0, func_args=0x0, errstring=0x0, mask=0)
    at ../../gdb-6.3/gdb/top.c:536
#18 0x080c11e7 in tui_command_loop (data=0x0)
    at ../../gdb-6.3/gdb/tui/tui-interp.c:150
#19 0x0810ca78 in current_interp_command_loop ()
    at ../../gdb-6.3/gdb/interps.c:277
#20 0x0807b2ab in captured_command_loop (data=0x0)
    at ../../gdb-6.3/gdb/main.c:91
#21 0x08083eb4 in catcher (func=0x8083fff <do_catch_errors>, 
    func_uiout=0x9317c70, func_args=0xbff586f0, func_val=0xbff586e8, 
    func_caught=0xbff586ec, errstring=0x0, gdberrmsg=0x0, mask=6)
    at ../../gdb-6.3/gdb/top.c:431
#22 0x0808405c in catch_errors (func=0, func_args=0x0, errstring=0x0, mask=0)
    at ../../gdb-6.3/gdb/top.c:536
#23 0x0807bb11 in captured_main (data=0x0) at ../../gdb-6.3/gdb/main.c:801
#24 0x08083eb4 in catcher (func=0x8083fff <do_catch_errors>, 
    func_uiout=0x8279120, func_args=0xbff58970, func_val=0xbff58968, 
    func_caught=0xbff5896c, errstring=0x0, gdberrmsg=0x0, mask=6)
    at ../../gdb-6.3/gdb/top.c:431
#25 0x0808405c in catch_errors (func=0, func_args=0x0, errstring=0x0, mask=0)
    at ../../gdb-6.3/gdb/top.c:536
#26 0x0807c306 in gdb_main (args=0x6) at ../../gdb-6.3/gdb/main.c:810
#27 0x0807b297 in main (argc=0, argv=0x0) at ../../gdb-6.3/gdb/gdb.c:35
Comment 2 Jan Kratochvil 2006-07-25 11:27:45 EDT
I believe the bug is probably present in FC5 (gdb-6.3.0.0-1.122) but I was
unable to easily reproduce it on the FC5 distributed "sylpheed-2.2.6-3.fc5". 
Please provide more info for reproducibility and a possible backport.
RawHide/FC6 has the specific code rewritten (in the upstream gdb-6.5) and it
appears as to be fixed.
Comment 3 Michael Schwendt 2006-07-25 14:04:25 EDT
Well, 16 months ago (FC4 Test1) it was reproducible always. If you had
asked me at that time, I would have spent additional time into examining
look whether a more detailed test-case or test-environment would be
necessary.

I've used ddd/gdb in different ways since then, and after 16 months without
feedback, all I can add right now is that I cannot reproduce it with
gdb-6.5-3.fc6 from Rawhide. Maybe it's fixed, maybe it needs more to
cause it.

Theoretically, it should be reproducible with FC4. ;)
Comment 4 Jan Kratochvil 2006-08-14 19:06:38 EDT
Thanks for the bugreport before, fortunately the bug got fixed in the meantime.
This Bug was fixed by gdb-6.3.0.0-1.66.


*** This bug has been marked as a duplicate of 162882 ***

Note You need to log in before you can comment on or make changes to this bug.