Bug 172918 - logrotate-3.7.2-11: /usr/sbin/logrotate: free(): invalid pointer: 0x08054610
logrotate-3.7.2-11: /usr/sbin/logrotate: free(): invalid pointer: 0x08054610
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: logrotate (Show other bugs)
rawhide
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Peter Vrabec
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-11-11 04:53 EST by Ville Herva
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-11-13 08:45:12 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Removes lines that crash logrotate. This is the right thing to do? (2.01 KB, patch)
2005-11-11 07:42 EST, Mateus César Gröess
no flags Details | Diff

  None (edit)
Description Ville Herva 2005-11-11 04:53:03 EST
Description of problem:
Nightly logrotate run gives

*** glibc detected *** /usr/sbin/logrotate: free(): invalid pointer: 0x08054610 
+***                                                                            
======= Backtrace: =========                                                    
/lib/libc.so.6[0x42b2a940]                                                      
/lib/libc.so.6(__libc_free+0x77)[0x42b2ae8b]                                    
/usr/sbin/logrotate[0x8049cf5]                                                  
/usr/sbin/logrotate[0x804ce0c]                                                  
/lib/libc.so.6(__libc_start_main+0xdf)[0x42adc50f]                              
/usr/sbin/logrotate[0x8049851]                                                  
======= Memory map: ========                                                    
08048000-08053000 r-xp 00000000 03:02 492310     /usr/sbin/logrotate            
08053000-08054000 rw-p 0000a000 03:02 492310     /usr/sbin/logrotate            
08054000-08075000 rw-p 08054000 00:00 0          [heap]                         
42aa2000-42abb000 r-xp 00000000 03:02 1133342    /lib/ld-2.3.90.so              
42abb000-42abc000 r--p 00018000 03:02 1133342    /lib/ld-2.3.90.so              
42abc000-42abd000 rw-p 00019000 03:02 1133342    /lib/ld-2.3.90.so              
42abf000-42ac1000 r-xp 00000000 03:02 1133364    /lib/libdl-2.3.90.so           
42ac1000-42ac2000 r--p 00001000 03:02 1133364    /lib/libdl-2.3.90.so           
42ac2000-42ac3000 rw-p 00002000 03:02 1133364    /lib/libdl-2.3.90.so           
42ac7000-42bec000 r-xp 00000000 03:02 1133362    /lib/libc-2.3.90.so            
42bec000-42bee000 r--p 00125000 03:02 1133362    /lib/libc-2.3.90.so            
42bee000-42bf0000 rw-p 00127000 03:02 1133362    /lib/libc-2.3.90.so            
42bf0000-42bf2000 rw-p 42bf0000 00:00 0                                         
42d52000-42d5b000 r-xp 00000000 03:02 1133367                                   
+/lib/libgcc_s-4.0.2-20051007.so.1                                              
42d5b000-42d5c000 rw-p 00009000 03:02 1133367                                   
+/lib/libgcc_s-4.0.2-20051007.so.1                                              
43a3e000-43a45000 r-xp 00000000 03:02 218908     /usr/lib/libpopt.so.0.0.0      
43a45000-43a46000 rw-p 00007000 03:02 218908     /usr/lib/libpopt.so.0.0.0      
487f6000-48828000 r-xp 00000000 03:02 1133065    /lib/libsepol.so.1             
48828000-48829000 rw-p 00032000 03:02 1133065    /lib/libsepol.so.1             
48829000-48833000 rw-p 48829000 00:00 0                                         
48978000-4898c000 r-xp 00000000 03:02 1133298    /lib/libselinux.so.1           
4898c000-4898d000 rw-p 00013000 03:02 1133298    /lib/libselinux.so.1           
b7e00000-b7e21000 rw-p b7e00000 00:00 0                                         
b7e21000-b7f00000 ---p b7e21000 00:00 0                                         
b7fad000-b7fb6000 r-xp 00000000 03:02 1133424    /lib/libnss_files-2.3.90.so    
b7fb6000-b7fb7000 r--p 00008000 03:02 1133424    /lib/libnss_files-2.3.90.so    
b7fb7000-b7fb8000 rw-p 00009000 03:02 1133424    /lib/libnss_files-2.3.90.so    
b7fb8000-b7fba000 r-xp 00000000 03:02 1133303    /lib/libsetrans.so.0           
b7fba000-b7fbb000 rw-p 00001000 03:02 1133303    /lib/libsetrans.so.0           
b7fbb000-b7fbe000 rw-p b7fbb000 00:00 0                                         
bfbc9000-bfbdf000 rw-p bfbc9000 00:00 0          [stack]                        
ffffe000-fffff000 ---p 00000000 00:00 0          [vdso]                         
/etc/cron.daily/logrotate: line 3: 25797 Aborted                                
+/usr/sbin/logrotate /etc/logrotate.conf                                        


Version-Release number of selected component (if applicable):


How reproducible:
Every night

Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Peter Vrabec 2005-11-11 05:07:37 EST
Can you reproduce this with the debuginfo rpm installed, please?
Comment 2 Ville Herva 2005-11-11 05:12:09 EST
I'll try.
Comment 3 Ville Herva 2005-11-11 05:15:15 EST
Hmm, there was a newer rpm already, logrotate-3.7.2-11. (My yum update hadn't 
gone through for a couple of nights). 

I'll see if it reproduces at all, although changelog doesn't seem interesting.

In any case, I now have debuginfo in place.
Comment 4 Ville Herva 2005-11-11 05:17:32 EST
Hmm, I now get

root@host:/etc/cron.daily>/usr/sbin/logrotate /etc/logrotate.conf
error: Ignoring apache.rpmsave, because of .rpmsave ending
error: Ignoring named.rpmnew, because of .rpmnew ending
error: Ignoring named.rpmsave, because of .rpmsave ending
error: Ignoring rpm.rpmnew, because of .rpmnew ending
*** glibc detected *** /usr/sbin/logrotate: free(): invalid pointer: 0x08054610 
***
======= Backtrace: =========
/lib/libc.so.6[0x42b2a940]
/lib/libc.so.6(__libc_free+0x77)[0x42b2ae8b]
/usr/sbin/logrotate[0x8049c46]
/usr/sbin/logrotate[0x804cd9c]
/lib/libc.so.6(__libc_start_main+0xdf)[0x42adc50f]
/usr/sbin/logrotate[0x8049851]
======= Memory map: ========
08048000-08053000 r-xp 00000000 03:02 491599     /usr/sbin/logrotate
08053000-08054000 rw-p 0000a000 03:02 491599     /usr/sbin/logrotate
08054000-08075000 rw-p 08054000 00:00 0          [heap]
42aa2000-42abb000 r-xp 00000000 03:02 1133342    /lib/ld-2.3.90.so
42abb000-42abc000 r--p 00018000 03:02 1133342    /lib/ld-2.3.90.so
42abc000-42abd000 rw-p 00019000 03:02 1133342    /lib/ld-2.3.90.so
42abf000-42ac1000 r-xp 00000000 03:02 1133364    /lib/libdl-2.3.90.so
42ac1000-42ac2000 r--p 00001000 03:02 1133364    /lib/libdl-2.3.90.so
42ac2000-42ac3000 rw-p 00002000 03:02 1133364    /lib/libdl-2.3.90.so
42ac7000-42bec000 r-xp 00000000 03:02 1133362    /lib/libc-2.3.90.so
42bec000-42bee000 r--p 00125000 03:02 1133362    /lib/libc-2.3.90.so
42bee000-42bf0000 rw-p 00127000 03:02 1133362    /lib/libc-2.3.90.so
42bf0000-42bf2000 rw-p 42bf0000 00:00 0 
42d52000-42d5b000 r-xp 00000000 03:02 1133367    /lib/libgcc_s-4.0.2-20051007.
so.1
42d5b000-42d5c000 rw-p 00009000 03:02 1133367    /lib/libgcc_s-4.0.2-20051007.
so.1
43a3e000-43a45000 r-xp 00000000 03:02 218908     /usr/lib/libpopt.so.0.0.0
43a45000-43a46000 rw-p 00007000 03:02 218908     /usr/lib/libpopt.so.0.0.0
487f6000-48828000 r-xp 00000000 03:02 1133065    /lib/libsepol.so.1
48828000-48829000 rw-p 00032000 03:02 1133065    /lib/libsepol.so.1
48829000-48833000 rw-p 48829000 00:00 0 
48978000-4898c000 r-xp 00000000 03:02 1133298    /lib/libselinux.so.1
4898c000-4898d000 rw-p 00013000 03:02 1133298    /lib/libselinux.so.1
b7e00000-b7e21000 rw-p b7e00000 00:00 0 
b7e21000-b7f00000 ---p b7e21000 00:00 0 
b7f31000-b7f3a000 r-xp 00000000 03:02 1133424    /lib/libnss_files-2.3.90.so
b7f3a000-b7f3b000 r--p 00008000 03:02 1133424    /lib/libnss_files-2.3.90.so
b7f3b000-b7f3c000 rw-p 00009000 03:02 1133424    /lib/libnss_files-2.3.90.so
b7f3c000-b7f3e000 r-xp 00000000 03:02 1133303    /lib/libsetrans.so.0
b7f3e000-b7f3f000 rw-p 00001000 03:02 1133303    /lib/libsetrans.so.0
b7f3f000-b7f42000 rw-p b7f3f000 00:00 0 
bf94d000-bf963000 rw-p bf94d000 00:00 0          [stack]
ffffe000-fffff000 ---p 00000000 00:00 0          [vdso]
zsh: abort      /usr/sbin/logrotate /etc/logrotate.conf
root@host:/etc/cron.daily>rpm -q logrotate logrotate-debuginfo 
logrotate-3.7.2-11
logrotate-debuginfo-3.7.2-11



Do I need to do something special to have the addresses resolved from the 
debuginfo?
Comment 5 Ville Herva 2005-11-11 05:30:25 EST
I now figured out to run it under gdb. I even installed glibc-debuginfo. Here's 
the beef:

root@host:/etc/cron.daily>gdb /usr/sbin/logrotate
GNU gdb Red Hat Linux (6.3.0.0-1.81rh)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux-gnu"...Using host libthread_db 
library "/lib/libthread_db.so.1".

(gdb) run /etc/logrotate.conf
Starting program: /usr/sbin/logrotate /etc/logrotate.conf
Reading symbols from shared object read from target memory...done.
Loaded system supplied DSO at 0xffffe000
error: Ignoring apache.rpmsave, because of .rpmsave ending
error: Ignoring named.rpmnew, because of .rpmnew ending
error: Ignoring named.rpmsave, because of .rpmsave ending
error: Ignoring rpm.rpmnew, because of .rpmnew ending
*** glibc detected *** /usr/sbin/logrotate: free(): invalid pointer: 0x08054610 
***
======= Backtrace: =========
/lib/libc.so.6[0x42b2a940]
/lib/libc.so.6(__libc_free+0x77)[0x42b2ae8b]
/usr/sbin/logrotate[0x8049c46]
/usr/sbin/logrotate[0x804cd9c]
/lib/libc.so.6(__libc_start_main+0xdf)[0x42adc50f]
/usr/sbin/logrotate[0x8049851]
======= Memory map: ========
08048000-08053000 r-xp 00000000 03:02 491599     /usr/sbin/logrotate
08053000-08054000 rw-p 0000a000 03:02 491599     /usr/sbin/logrotate
08054000-08075000 rw-p 08054000 00:00 0          [heap]
42aa2000-42abb000 r-xp 00000000 03:02 1133342    /lib/ld-2.3.90.so
42abb000-42abc000 r--p 00018000 03:02 1133342    /lib/ld-2.3.90.so
42abc000-42abd000 rw-p 00019000 03:02 1133342    /lib/ld-2.3.90.so
42abf000-42ac1000 r-xp 00000000 03:02 1133364    /lib/libdl-2.3.90.so
42ac1000-42ac2000 r--p 00001000 03:02 1133364    /lib/libdl-2.3.90.so
42ac2000-42ac3000 rw-p 00002000 03:02 1133364    /lib/libdl-2.3.90.so
42ac7000-42bec000 r-xp 00000000 03:02 1133362    /lib/libc-2.3.90.so
42bec000-42bee000 r--p 00125000 03:02 1133362    /lib/libc-2.3.90.so
42bee000-42bf0000 rw-p 00127000 03:02 1133362    /lib/libc-2.3.90.so
42bf0000-42bf2000 rw-p 42bf0000 00:00 0 
42d52000-42d5b000 r-xp 00000000 03:02 1133367    /lib/libgcc_s-4.0.2-20051007.
so.1
42d5b000-42d5c000 rw-p 00009000 03:02 1133367    /lib/libgcc_s-4.0.2-20051007.
so.1
43a3e000-43a45000 r-xp 00000000 03:02 218908     /usr/lib/libpopt.so.0.0.0
43a45000-43a46000 rw-p 00007000 03:02 218908     /usr/lib/libpopt.so.0.0.0
487f6000-48828000 r-xp 00000000 03:02 1133065    /lib/libsepol.so.1
48828000-48829000 rw-p 00032000 03:02 1133065    /lib/libsepol.so.1
48829000-48833000 rw-p 48829000 00:00 0 
48978000-4898c000 r-xp 00000000 03:02 1133298    /lib/libselinux.so.1
4898c000-4898d000 rw-p 00013000 03:02 1133298    /lib/libselinux.so.1
b7e00000-b7e21000 rw-p b7e00000 00:00 0 
b7e21000-b7f00000 ---p b7e21000 00:00 0 
b7f70000-b7f79000 r-xp 00000000 03:02 1133424    /lib/libnss_files-2.3.90.so
b7f79000-b7f7a000 r--p 00008000 03:02 1133424    /lib/libnss_files-2.3.90.so
b7f7a000-b7f7b000 rw-p 00009000 03:02 1133424    /lib/libnss_files-2.3.90.so
b7f7b000-b7f7d000 r-xp 00000000 03:02 1133303    /lib/libsetrans.so.0
b7f7d000-b7f7e000 rw-p 00001000 03:02 1133303    /lib/libsetrans.so.0
b7f7e000-b7f81000 rw-p b7f7e000 00:00 0 
bfd8c000-bfda2000 rw-p bfd8c000 00:00 0          [stack]
ffffe000-fffff000 ---p 00000000 00:00 0          [vdso]

Program received signal SIGABRT, Aborted.
0xffffe410 in __kernel_vsyscall ()
(gdb) bt
#0  0xffffe410 in __kernel_vsyscall ()
#1  0x42aef7e8 in *__GI_raise (sig=6)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:67
#2  0x42af0f58 in *__GI_abort () at ../sysdeps/generic/abort.c:88
#3  0x42b24a3a in __libc_message (do_abort=Variable "do_abort" is not available.
)
    at ../sysdeps/unix/sysv/linux/libc_fatal.c:170
#4  0x42b2a940 in _int_free (av=0x42bef880, mem=0x8054610) at malloc.c:5591
#5  0x42b2ae8b in *__GI___libc_free (mem=0x8054610) at malloc.c:3422
#6  0x08049c46 in free_logInfo (logsPtr=0xbfd9f11c, numLogsPtr=0xbfd9f124)
    at logrotate.c:100
#7  0x0804cd9c in main (argc=2, argv=0xbfd9f5c4) at logrotate.c:1318
#8  0x42adc50f in __libc_start_main (main=0x804c9a3 <main>, argc=2, 
    ubp_av=0xbfd9f5c4, init=0x805059c <__libc_csu_init>, 
    fini=0x80505f8 <__libc_csu_fini>, rtld_fini=0x42aafd3d <_dl_fini>, 
    stack_end=0xbfd9f5bc) at ../sysdeps/generic/libc-start.c:231
#9  0x08049851 in _start ()
(gdb) 



Need anything more?
Comment 6 Ville Herva 2005-11-11 05:30:52 EST
Oh, and this was with logrotate-3.7.2-11.
Comment 7 Ville Herva 2005-11-11 05:49:56 EST
Here's some more, FWIW:

0xffffe410 in __kernel_vsyscall ()
(gdb) bt
#0  0xffffe410 in __kernel_vsyscall ()
#1  0x42aef7e8 in *__GI_raise (sig=6)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:67
#2  0x42af0f58 in *__GI_abort () at ../sysdeps/generic/abort.c:88
#3  0x42b24a3a in __libc_message (do_abort=Variable "do_abort" is not available.
)   
    at ../sysdeps/unix/sysv/linux/libc_fatal.c:170
#4  0x42b2a940 in _int_free (av=0x42bef880, mem=0x8054610) at malloc.c:5591
#5  0x42b2ae8b in *__GI___libc_free (mem=0x8054610) at malloc.c:3422
#6  0x08049c46 in free_logInfo (logsPtr=0xbfb42e2c, numLogsPtr=0xbfb42e34)
    at logrotate.c:100
#7  0x0804cd9c in main (argc=2, argv=0xbfb432d4) at logrotate.c:1318
#8  0x42adc50f in __libc_start_main (main=0x804c9a3 <main>, argc=2,
    ubp_av=0xbfb432d4, init=0x805059c <__libc_csu_init>,
    fini=0x80505f8 <__libc_csu_fini>, rtld_fini=0x42aafd3d <_dl_fini>,
    stack_end=0xbfb432cc) at ../sysdeps/generic/libc-start.c:231
#9  0x08049851 in _start ()
(gdb) up
#1  0x42aef7e8 in *__GI_raise (sig=6)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:67
67        int res = INLINE_SYSCALL (tgkill, 3, pid, selftid, sig);
(gdb)
#2  0x42af0f58 in *__GI_abort () at ../sysdeps/generic/abort.c:88
88            raise (SIGABRT);
(gdb)
#3  0x42b24a3a in __libc_message (do_abort=Variable "do_abort" is not available.
)   
    at ../sysdeps/unix/sysv/linux/libc_fatal.c:170
170           abort ();
(gdb)
#4  0x42b2a940 in _int_free (av=0x42bef880, mem=0x8054610) at malloc.c:5591
5591          __libc_message (action & 2,
(gdb)
#5  0x42b2ae8b in *__GI___libc_free (mem=0x8054610) at malloc.c:3422
3422      _int_free(ar_ptr, mem);
(gdb)
#6  0x08049c46 in free_logInfo (logsPtr=0xbfb42e2c, numLogsPtr=0xbfb42e34)
    at logrotate.c:100
100                 free((char *) log->compress_options_list[j]);
(gdb) list
95              for (j = 0; j < log->numFiles; j++)
96                  free(log->files[j]);
97              free(log->files);
98
99              for (j = 0; j < log->compress_options_count; j++)
100                 free((char *) log->compress_options_list[j]);
101             free(log->compress_options_list);
102         }
103         free(*logsPtr);
104         *numLogsPtr = 0;
(gdb) p j
Variable "j" is not available.
(gdb) p log->compress_options_count
$3 = 1
(gdb) p log
$1 = (logInfo *) 0x8056260
(gdb) p log->compress_options_list
$2 = (const char **) 0x8054608
(gdb) p log->compress_options_list[0]
$4 = 0x8054610 "-9"

Comment 8 Mateus César Gröess 2005-11-11 06:04:25 EST
My changes caused this bug. I can take a look at this problem, but I don't know
how reproduce it. Can you post your logrotate config files?

I think free() at logrotate.c:100 shouldn't access invalid pointers. There is a
for() loop to control pointers to be free()d:

099>        for (j = 0; j < log->compress_options_count; j++)
100>            free((char *) log->compress_options_list[j]);
101>        free(log->compress_options_list);
Comment 9 Ville Herva 2005-11-11 06:07:13 EST
logrotate.conf:

-------------------------------------------------------------------
# see "man logrotate" for details
# rotate log files weekly
weekly

# keep 4 weeks worth of backlogs
rotate 4

# send errors to root
#errors root

# create new (empty) log files after rotating old ones
create

# uncomment this if you want your log files compressed
compress
compresscmd /usr/bin/bzip2
compressoptions -9

# RPM packages drop log rotation information into this directory
include /etc/logrotate.d

# no packages own lastlog or wtmp -- we'll rotate them here
/var/log/wtmp {
    monthly
    create 0664 root utmp
    rotate 1
}

# system-specific logs may be configured here

Comment 10 Ville Herva 2005-11-11 07:13:32 EST
How is the log->compress_options_list list initialized? These are not pointers 
to read-only strings, by any chance?
Comment 11 Mateus César Gröess 2005-11-11 07:42:15 EST
It is initialized. compress_options_list is set by poptParseArgvString()
(config.c:860) and this is described in man page of popt library:

-------------------------------------------------------------------
int poptParseArgvString(char * s, int * argcPtr,
                               char *** argvPtr);

       The  argvPtr  created by poptParseArgvString() or poptDupArgv() is
suitable to pass directly to poptGetContext(). Both routines return a single
dynamically allocated contiguous block of storage and should be free()ed when
the application is finished with the storage.
-------------------------------------------------------------------

The problem: if I try free() compress_options_list[0] (which contains "-9" in
your case) an error occurs, but man page says the allocated block should be
free()ed. I need help here. With the attached patch, the error doesn't occurs,
but it basically removes two lines:

-        for (j = 0; j < log->compress_options_count; j++)
-           free((char *) log->compress_options_list[j]);

Other changes don't affect the error. With the lines removed, Valgrind doesn't
report memory leaks caused by poptParseArgvString(). It only reports leaks with
poptGetNextOpt (logrotate.c:1254) and getpwnam (config.c:530) and I don't know
how to fix them, but this is another story. Can someone explain to me why the
list allocated by poptParseArgvString() cannot be free()ed?
Comment 12 Mateus César Gröess 2005-11-11 07:42:59 EST
Created attachment 120933 [details]
Removes lines that crash logrotate. This is the right thing to do?
Comment 13 Ville Herva 2005-11-11 09:11:24 EST
(See http://library.n0i.net/linux-unix/programming/rp-mapi/poptparse_8c-source.
html)

I didn't have time to completely graps the code, but it seems to be that there'
s one single continuously allocated block that needs to be free()d, and compress
_options_list array is just pointers into it. Hence its items should not be free
()d. But I'm not sure, take this with a pinch of salt.

Comment 14 Peter Vrabec 2005-11-11 10:09:35 EST
I agree.

-        for (j = 0; j < log->compress_options_count; j++)
-           free((char *) log->compress_options_list[j]);

seems to be right. Valgrind didn't show any leaks.
Comment 15 Peter Vrabec 2005-11-11 10:35:47 EST
logrotate-3.7.2-12
Comment 16 Ville Herva 2005-11-13 07:33:19 EST
Were you able to reproduce the problem?

I just upgraded to -12. I still get


>gdb /usr/sbin/logrotate                            
GNU gdb Red Hat Linux (6.3.0.0-1.81rh)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux-gnu"...Using host libthread_db 
library "/lib/libthread_db.so.1".

(gdb) run /etc/logrotate.conf
Starting program: /usr/sbin/logrotate /etc/logrotate.conf
Reading symbols from shared object read from target memory...done.
Loaded system supplied DSO at 0xffffe000
error: Ignoring apache.rpmsave, because of .rpmsave ending
error: Ignoring named.rpmnew, because of .rpmnew ending
error: Ignoring named.rpmsave, because of .rpmsave ending
error: Ignoring rpm.rpmnew, because of .rpmnew ending
*** glibc detected *** /usr/sbin/logrotate: double free or corruption (fasttop):
 0x08054608 ***
======= Backtrace: =========
/lib/libc.so.6[0x42b2a940]
/lib/libc.so.6(__libc_free+0x77)[0x42b2ae8b]
/usr/sbin/logrotate[0x8049bfd]
/usr/sbin/logrotate[0x804cd5b]
/lib/libc.so.6(__libc_start_main+0xdf)[0x42adc50f]
/usr/sbin/logrotate[0x8049851]
======= Memory map: ========
08048000-08053000 r-xp 00000000 03:02 496755     /usr/sbin/logrotate
08053000-08054000 rw-p 0000a000 03:02 496755     /usr/sbin/logrotate
08054000-08075000 rw-p 08054000 00:00 0          [heap]
42aa2000-42abb000 r-xp 00000000 03:02 1133342    /lib/ld-2.3.90.so
42abb000-42abc000 r--p 00018000 03:02 1133342    /lib/ld-2.3.90.so
42abc000-42abd000 rw-p 00019000 03:02 1133342    /lib/ld-2.3.90.so
42abf000-42ac1000 r-xp 00000000 03:02 1133364    /lib/libdl-2.3.90.so
42ac1000-42ac2000 r--p 00001000 03:02 1133364    /lib/libdl-2.3.90.so
42ac2000-42ac3000 rw-p 00002000 03:02 1133364    /lib/libdl-2.3.90.so
42ac7000-42bec000 r-xp 00000000 03:02 1133362    /lib/libc-2.3.90.so
42bec000-42bee000 r--p 00125000 03:02 1133362    /lib/libc-2.3.90.so
42bee000-42bf0000 rw-p 00127000 03:02 1133362    /lib/libc-2.3.90.so
42bf0000-42bf2000 rw-p 42bf0000 00:00 0 
b7d00000-b7d21000 rw-p b7d00000 00:00 0 
b7d21000-b7e00000 ---p b7d21000 00:00 0 
b7eb1000-b7eba000 r-xp 00000000 03:02 1130543    /lib/libgcc_s-4.0.2-20051109.
so.1
b7eba000-b7ebb000 rw-p 00009000 03:02 1130543    /lib/libgcc_s-4.0.2-20051109.
so.1
b7ebb000-b7ec4000 r-xp 00000000 03:02 1133424    /lib/libnss_files-2.3.90.so
b7ec4000-b7ec5000 r--p 00008000 03:02 1133424    /lib/libnss_files-2.3.90.so
b7ec5000-b7ec6000 rw-p 00009000 03:02 1133424    /lib/libnss_files-2.3.90.so
b7ec6000-b7ec8000 r-xp 00000000 03:02 1133303    /lib/libsetrans.so.0
b7ec8000-b7ec9000 rw-p 00001000 03:02 1133303    /lib/libsetrans.so.0
b7ec9000-b7ecb000 rw-p b7ec9000 00:00 0 
b7ecb000-b7efd000 r-xp 00000000 03:02 1133314    /lib/libsepol.so.1
b7efd000-b7efe000 rw-p 00032000 03:02 1133314    /lib/libsepol.so.1
b7efe000-b7f08000 rw-p b7efe000 00:00 0 
b7f08000-b7f1c000 r-xp 00000000 03:02 1133317    /lib/libselinux.so.1
b7f1c000-b7f1d000 rw-p 00014000 03:02 1133317    /lib/libselinux.so.1
b7f1d000-b7f24000 r-xp 00000000 03:02 213879     /usr/lib/libpopt.so.0.0.0
b7f24000-b7f25000 rw-p 00007000 03:02 213879     /usr/lib/libpopt.so.0.0.0
b7f25000-b7f26000 rw-p b7f25000 00:00 0 
bfd31000-bfd47000 rw-p bfd31000 00:00 0          [stack]
ffffe000-fffff000 ---p 00000000 00:00 0          [vdso]

Program received signal SIGABRT, Aborted.
0xffffe410 in __kernel_vsyscall ()
(gdb) bt
#0  0xffffe410 in __kernel_vsyscall ()
#1  0x42aef7e8 in *__GI_raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.
c:67
#2  0x42af0f58 in *__GI_abort () at ../sysdeps/generic/abort.c:88
#3  0x42b24a3a in __libc_message (do_abort=Variable "do_abort" is not available.
) at ../sysdeps/unix/sysv/linux/libc_fatal.c:170
#4  0x42b2a940 in _int_free (av=0x42bef880, mem=0x8054608) at malloc.c:5591
#5  0x42b2ae8b in *__GI___libc_free (mem=0x8054608) at malloc.c:3422
#6  0x08049bfd in free_logInfo (logsPtr=0xbfd4398c, numLogsPtr=0xbfd43994) at 
logrotate.c:100
#7  0x0804cd5b in main (argc=2, argv=0xbfd43e34) at logrotate.c:1317
#8  0x42adc50f in __libc_start_main (main=0x804c967 <main>, argc=2, ubp_av=0xbfd
43e34, init=0x805071c <__libc_csu_init>, fini=0x8050778 <__libc_csu_fini>, 
    rtld_fini=0x42aafd3d <_dl_fini>, stack_end=0xbfd43e2c) at ../sysdeps/generic
/libc-start.c:231
#9  0x08049851 in _start ()
(gdb) up
#1  0x42aef7e8 in *__GI_raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.
c:67
67	  int res = INLINE_SYSCALL (tgkill, 3, pid, selftid, sig);
(gdb) up
#2  0x42af0f58 in *__GI_abort () at ../sysdeps/generic/abort.c:88
88	      raise (SIGABRT);
(gdb) up
#3  0x42b24a3a in __libc_message (do_abort=Variable "do_abort" is not available.
) at ../sysdeps/unix/sysv/linux/libc_fatal.c:170
170	      abort ();
(gdb) up
#4  0x42b2a940 in _int_free (av=0x42bef880, mem=0x8054608) at malloc.c:5591
5591	      __libc_message (action & 2,
(gdb) up
#5  0x42b2ae8b in *__GI___libc_free (mem=0x8054608) at malloc.c:3422
3422	  _int_free(ar_ptr, mem);
(gdb) up
#6  0x08049bfd in free_logInfo (logsPtr=0xbfd4398c, numLogsPtr=0xbfd43994) at 
logrotate.c:100
100	        free(log->compress_options_list);
(gdb) list 
95	
96	        for (j = 0; j < log->numFiles; j++)
97		    free(log->files[j]);
98	        free(log->files);
99	
100	        free(log->compress_options_list);
101	    }
102	    free(*logsPtr);
103	    *numLogsPtr = 0;
104	}
(gdb) 


Comment 17 Peter Vrabec 2005-11-13 08:45:12 EST
Ohh sorry, I didn't fix it for all cases. 
logrotate-3.7.3-2  should be allright.
Comment 18 Mateus César Gröess 2005-11-13 20:35:52 EST
It was my fault, sorry.
Comment 19 Ville Herva 2005-11-16 06:40:10 EST
3.7.3-2 seems to work for me.

Note You need to log in before you can comment on or make changes to this bug.