Bug 166350 - MALLOC_PERTURB_=117 firefox crashes
MALLOC_PERTURB_=117 firefox crashes
Product: Fedora
Classification: Fedora
Component: glibc (Show other bugs)
x86_64 Linux
medium Severity medium
: ---
: ---
Assigned To: Jakub Jelinek
Brian Brock
Depends On:
  Show dependency treegraph
Reported: 2005-08-19 13:08 EDT by Jakub Jelinek
Modified: 2007-11-30 17:11 EST (History)
3 users (show)

See Also:
Fixed In Version: 2.3.90-12
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-09-14 03:09:46 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Jakub Jelinek 2005-08-19 13:08:47 EDT
$ rpm -q firefox; MALLOC_PERTURB_=117 firefox

results in firefox crash, though nothing is shown in the logs.
Sometimes it crashes immediately after painting its window, sometimes only
after clicking on the URL edit box.

MALLOC_PERTURB_=117 causes all newly allocated memory via malloc/realloc/etc.
(but of course not calloc nor the old already initialized part in realloc)
to be initialized to that byte and on free being reset to a related value.
Comment 1 Dave Jones 2005-09-12 23:20:47 EDT
This is no longer reproducable for me with glibc-2.3.90-12
Another casuality of the broken 64bit calloc perhaps ?
Comment 2 Ulrich Drepper 2005-09-13 01:01:23 EDT
Dave, can you verify that -11 fails?  I only have firefix 1.0.4 installed (since
1.0.6 doesn't work for all the extensions I use).
Comment 3 Dave Jones 2005-09-14 02:41:10 EDT
Yep, definitly hit it with -11.
Before yesterdays glibc update, I had to unset MALLOC_PERTURB every time I
started firefox. It would die instantly after painting the default home page.

I've now been stopping/starting it multiple times in the last day, with
MALLOC_PERTURB still set, and no ill effects to be seen.

Hmm, though I'm running rawhide on my em64t box, which obviously has the much
newer firefox-1.1-0.2.8.deerpark.alpha2 package. I only just realised this was
an FC4 bug, sorry for the noise.

My FC4 boxes are all 32bit, and don't seem to hit this bug at all.

Note You need to log in before you can comment on or make changes to this bug.