2111138 – luac: free(): double free detected in tcache 2

Bug 2111138 - luac: free(): double free detected in tcache 2

Summary: luac: free(): double free detected in tcache 2

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	lua
Sub Component:
Version:	36
Hardware:	armv7hl
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Tom "spot" Callaway
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	2119140 2143525
TreeView+	depends on / blocked

Reported:	2022-07-26 14:49 UTC by Charles R. Anderson
Modified:	2023-01-04 15:29 UTC (History)
CC List:	7 users (show)
Fixed In Version:	lua-5.4.4-7.fc37 lua-5.4.4-7.fc36
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2023-01-04 15:29:49 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
proposed fix for luac double free (2.18 KB, text/plain) 2022-07-26 14:49 UTC, Charles R. Anderson	no flags	Details
View All

Description Charles R. Anderson 2022-07-26 14:49:58 UTC

Created attachment 1899463 [details]
proposed fix for luac double free

Description of problem:

luac crashes with a double free when building lsyncd on f36 on armv7hl.  Strangely, it builds fine on f37 and on other f36 arches.

Version-Release number of selected component (if applicable):
lua-5.4.4-1.fc36

How reproducible:
always

Steps to Reproduce:
1. fedpkg clone lsyncd
2. fedpkg switch-branch f36
3. fedpkg scratch-build

Actual results:

https://koji.fedoraproject.org/koji/taskinfo?taskID=90077485

Building target platforms: armv7hl
Building for target armv7hl
...
gmake[2]: Entering directory '/builddir/build/BUILD/lsyncd-2.3.0/redhat-linux-build'
/usr/bin/cmake -E create_symlink /builddir/build/BUILD/lsyncd-2.3.0/tests tests
Compiling built-in runner
Compiling built-in default configs
/usr/bin/luac -o defaults.out /builddir/build/BUILD/lsyncd-2.3.0/default.lua /builddir/build/BUILD/lsyncd-2.3.0/default-rsync.lua /builddir/build/BUILD/lsyncd-2.3.0/default-rsyncssh.lua /builddir/build/BUILD/lsyncd-2.3.0/default-direct.lua
/usr/bin/luac -o runner.out /builddir/build/BUILD/lsyncd-2.3.0/lsyncd.lua
free(): double free detected in tcache 2
gmake[2]: Leaving directory '/builddir/build/BUILD/lsyncd-2.3.0/redhat-linux-build'
[ 22%] Built target prepare_tests
[ 33%] Generating runner.c
/usr/bin/cmake -E echo Generating\ built-in\ runner\ linkable
Generating built-in runner linkable
/usr/bin/lua /builddir/build/BUILD/lsyncd-2.3.0/bin2carray.lua runner.out runner runner.c
gmake[2]: *** [CMakeFiles/lsyncd.dir/build.make:96: defaults.out] Aborted (core dumped)
gmake[2]: *** Deleting file 'defaults.out'
gmake[2]: Leaving directory '/builddir/build/BUILD/lsyncd-2.3.0/redhat-linux-build'
gmake[1]: Leaving directory '/builddir/build/BUILD/lsyncd-2.3.0/redhat-linux-build'
gmake[1]: *** [CMakeFiles/Makefile2:194: CMakeFiles/lsyncd.dir/all] Error 2
gmake: *** [Makefile:139: all] Error 2

Expected results:

No crash

Additional info:

Upstream mailing list proposes this fix which I've attached as a patch:

http://lua-users.org/lists/lua-l/2022-02/msg00113.html

Comment 1 Charles R. Anderson 2022-08-17 16:28:15 UTC

F35 lsyncd build failure: https://koji.fedoraproject.org/koji/taskinfo?taskID=90929321
F36 lsyncd build failure: https://koji.fedoraproject.org/koji/taskinfo?taskID=90928740

F37 lsyncd build success: https://koji.fedoraproject.org/koji/taskinfo?taskID=90928567
F38 lsyncd build success: https://koji.fedoraproject.org/koji/taskinfo?taskID=90927943

Comment 2 Charles R. Anderson 2022-12-08 14:19:24 UTC

Can you please apply https://src.fedoraproject.org/rpms/lua/pull-request/7 and backport to F36 so I can solve the FTBFS of lsyncd?

Thank you.

Comment 3 Fedora Update System 2022-12-08 18:23:42 UTC

FEDORA-2022-2e6b534152 has been submitted as an update to Fedora 36. https://bodhi.fedoraproject.org/updates/FEDORA-2022-2e6b534152

Comment 4 Fedora Update System 2022-12-08 18:23:42 UTC

FEDORA-2022-a799145f70 has been submitted as an update to Fedora 37. https://bodhi.fedoraproject.org/updates/FEDORA-2022-a799145f70

Comment 5 Fedora Update System 2022-12-09 02:35:55 UTC

FEDORA-2022-a799145f70 has been pushed to the Fedora 37 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2022-a799145f70`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-a799145f70

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 6 Fedora Update System 2022-12-09 02:43:33 UTC

FEDORA-2022-2e6b534152 has been pushed to the Fedora 36 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2022-2e6b534152`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-2e6b534152

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 7 Fedora Update System 2022-12-24 01:09:31 UTC

FEDORA-2022-a799145f70 has been pushed to the Fedora 37 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 8 Fedora Update System 2022-12-24 01:18:34 UTC

FEDORA-2022-2e6b534152 has been pushed to the Fedora 36 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 9 Charles R. Anderson 2022-12-30 05:17:54 UTC

I'm hitting this luac bug on f38 now.  Can you please build this for rawhide/f38?  Thanks!

FTBFS:

Generating built-in runner linkable
/usr/bin/lua /builddir/build/BUILD/lsyncd-2.3.1/bin2carray.lua runner.out runner runner.c
gmake[2]: *** [CMakeFiles/lsyncd.dir/build.make:96: defaults.out] Aborted (core dumped)

https://github.com/lsyncd/lsyncd/issues/687

http://lua-users.org/lists/lua-l/2022-11/msg00008.html

Comment 10 Charles R. Anderson 2023-01-04 15:29:49 UTC

(In reply to Charles R. Anderson from comment #9)
> I'm hitting this luac bug on f38 now.  Can you please build this for
> rawhide/f38?  Thanks!

I was able to submit a build for rawhide since it was already merged:

https://bodhi.fedoraproject.org/updates/FEDORA-2023-f8c4a4a032

Note You need to log in before you can comment on or make changes to this bug.