Bug 431836 - glibc detected double free or corruption
glibc detected double free or corruption
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: logrotate (Show other bugs)
5.1
i386 Linux
low Severity low
: rc
: ---
Assigned To: Tomas Smetana
:
: 451632 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-02-07 04:05 EST by Berthold Cogel
Modified: 2013-04-12 15:31 EDT (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-09-17 13:27:32 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Proposed patch (1.41 KB, patch)
2008-02-11 05:25 EST, Tomas Smetana
no flags Details | Diff
Hopefully a better patch. (413 bytes, patch)
2008-04-23 08:28 EDT, Tomas Smetana
no flags Details | Diff

  None (edit)
Description Berthold Cogel 2008-02-07 04:05:09 EST
Description of problem:
When /var/lib/logrotate.status is corrupted, logrotate crashes with a glibc
backtrace:
[root@logger ~]# logrotate -f /etc/syslog-ng/syslog-ng.logrotate 
error: bad line 340 in state file /var/lib/logrotate.status
*** glibc detected *** logrotate: double free or corruption (!prev): 0x080ff0d0 ***
======= Backtrace: =========
/lib/libc.so.6[0xbbcaa6]
/lib/libc.so.6(cfree+0x90)[0xbbffc0]
logrotate[0x804d23d]
/lib/libc.so.6(__libc_start_main+0xdc)[0xb6bdec]
logrotate[0x80495c1]
======= Memory map: ========
00656000-0065d000 r-xp 00000000 08:01 522847     /usr/lib/libpopt.so.0.0.0
0065d000-0065e000 rwxp 00006000 08:01 522847     /usr/lib/libpopt.so.0.0.0
00a35000-00a36000 r-xp 00a35000 00:00 0          [vdso]
00b39000-00b52000 r-xp 00000000 08:01 776925     /lib/ld-2.5.so
00b52000-00b53000 r-xp 00019000 08:01 776925     /lib/ld-2.5.so
00b53000-00b54000 rwxp 0001a000 08:01 776925     /lib/ld-2.5.so
00b56000-00c90000 r-xp 00000000 08:01 776926     /lib/libc-2.5.so
00c90000-00c92000 r-xp 0013a000 08:01 776926     /lib/libc-2.5.so
00c92000-00c93000 rwxp 0013c000 08:01 776926     /lib/libc-2.5.so
00c93000-00c96000 rwxp 00c93000 00:00 0 
00cc1000-00cc3000 r-xp 00000000 08:01 776928     /lib/libdl-2.5.so
00cc3000-00cc4000 r-xp 00001000 08:01 776928     /lib/libdl-2.5.so
00cc4000-00cc5000 rwxp 00002000 08:01 776928     /lib/libdl-2.5.so
00cf5000-00d0a000 r-xp 00000000 08:01 776943     /lib/libselinux.so.1
00d0a000-00d0c000 rwxp 00015000 08:01 776943     /lib/libselinux.so.1
00d0e000-00d49000 r-xp 00000000 08:01 776942     /lib/libsepol.so.1
00d49000-00d4a000 rwxp 0003a000 08:01 776942     /lib/libsepol.so.1
00d4a000-00d54000 rwxp 00d4a000 00:00 0 
046a5000-046b0000 r-xp 00000000 08:01 776949     /lib/libgcc_s-4.1.2-20070626.so.1
046b0000-046b1000 rwxp 0000a000 08:01 776949     /lib/libgcc_s-4.1.2-20070626.so.1
08048000-08052000 r-xp 00000000 08:01 530746     /usr/sbin/logrotate
08052000-08053000 rw-p 0000a000 08:01 530746     /usr/sbin/logrotate
080f8000-08119000 rw-p 080f8000 00:00 0 
b7e00000-b7e21000 rw-p b7e00000 00:00 0 
b7e21000-b7f00000 ---p b7e21000 00:00 0 
b7f28000-b7f2b000 rw-p b7f28000 00:00 0 
b7f35000-b7f36000 rw-p b7f35000 00:00 0 
bfcc2000-bfcd7000 rw-p bfcc2000 00:00 0          [stack]
Abgebrochen

Version-Release number of selected component (if applicable):
logrotate-3.7.4-8

How reproducible:
Each time.

Steps to Reproduce:
1. Copy lines somewhere in /var/lib/logrotate.status and corrupt it: Replace
path of logfile with linefeed. Like this:

"
" 2008-1-21

2. Call 'logrotate -f <name of logrotate script>'
  
Actual results:
logrotate gives error message and glibc throws backtrace

Expected results:
logrotate gives error message and terminates


Additional info:
Comment 1 Tomas Smetana 2008-02-11 05:25:06 EST
Created attachment 294546 [details]
Proposed patch

This is clearly a bug -- the uninitalised variable may happen to be freed.
Comment 3 Tomas Smetana 2008-04-23 08:00:02 EDT
The initialization itself should help.  The if() tests are useles.  After
applying the patch I'm not able to reproduce the bug.
Comment 4 Tomas Smetana 2008-04-23 08:14:12 EDT
The patch doesn't help if there are some lines correct and some corrupted.
Comment 5 Tomas Smetana 2008-04-23 08:28:10 EDT
Created attachment 303486 [details]
Hopefully a better patch.
Comment 6 Tomas Smetana 2008-06-16 07:21:47 EDT
*** Bug 451632 has been marked as a duplicate of this bug. ***
Comment 8 RHEL Product and Program Management 2008-07-21 19:06:53 EDT
This request was evaluated by Red Hat Product Management for
inclusion, but this component is not scheduled to be updated in
the current Red Hat Enterprise Linux release. If you would like
this request to be reviewed for the next minor release, ask your
support representative to set the next rhel-x.y flag to "?".
Comment 9 Bryan Mason 2008-08-19 14:43:11 EDT
Resetting flags to target RHEL 5.4...
Comment 10 Bryan Mason 2008-08-19 14:44:43 EDT
Customer has verified that the patch in Comment #5 resolves the issue in their environment.
Comment 17 errata-xmlrpc 2008-09-17 13:27:32 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2008-0881.html

Note You need to log in before you can comment on or make changes to this bug.