Bug 432330 - glibc detected double free or corruption
glibc detected double free or corruption
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: logrotate (Show other bugs)
rawhide
i386 Linux
low Severity low
: ---
: ---
Assigned To: Tomas Smetana
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-02-11 05:28 EST by Tomas Smetana
Modified: 2008-03-14 07:36 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-03-14 07:36:20 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Tomas Smetana 2008-02-11 05:28:07 EST
+++ This bug was initially created as a clone of Bug #431836 +++

Description of problem:
When /var/lib/logrotate.status is corrupted, logrotate crashes with a glibc
backtrace:
[root@logger ~]# logrotate -f /etc/syslog-ng/syslog-ng.logrotate 
error: bad line 340 in state file /var/lib/logrotate.status
*** glibc detected *** logrotate: double free or corruption (!prev): 0x080ff0d0 ***
======= Backtrace: =========
/lib/libc.so.6[0xbbcaa6]
/lib/libc.so.6(cfree+0x90)[0xbbffc0]
logrotate[0x804d23d]
/lib/libc.so.6(__libc_start_main+0xdc)[0xb6bdec]
logrotate[0x80495c1]
======= Memory map: ========
00656000-0065d000 r-xp 00000000 08:01 522847     /usr/lib/libpopt.so.0.0.0
0065d000-0065e000 rwxp 00006000 08:01 522847     /usr/lib/libpopt.so.0.0.0
00a35000-00a36000 r-xp 00a35000 00:00 0          [vdso]
00b39000-00b52000 r-xp 00000000 08:01 776925     /lib/ld-2.5.so
00b52000-00b53000 r-xp 00019000 08:01 776925     /lib/ld-2.5.so
00b53000-00b54000 rwxp 0001a000 08:01 776925     /lib/ld-2.5.so
00b56000-00c90000 r-xp 00000000 08:01 776926     /lib/libc-2.5.so
00c90000-00c92000 r-xp 0013a000 08:01 776926     /lib/libc-2.5.so
00c92000-00c93000 rwxp 0013c000 08:01 776926     /lib/libc-2.5.so
00c93000-00c96000 rwxp 00c93000 00:00 0 
00cc1000-00cc3000 r-xp 00000000 08:01 776928     /lib/libdl-2.5.so
00cc3000-00cc4000 r-xp 00001000 08:01 776928     /lib/libdl-2.5.so
00cc4000-00cc5000 rwxp 00002000 08:01 776928     /lib/libdl-2.5.so
00cf5000-00d0a000 r-xp 00000000 08:01 776943     /lib/libselinux.so.1
00d0a000-00d0c000 rwxp 00015000 08:01 776943     /lib/libselinux.so.1
00d0e000-00d49000 r-xp 00000000 08:01 776942     /lib/libsepol.so.1
00d49000-00d4a000 rwxp 0003a000 08:01 776942     /lib/libsepol.so.1
00d4a000-00d54000 rwxp 00d4a000 00:00 0 
046a5000-046b0000 r-xp 00000000 08:01 776949     /lib/libgcc_s-4.1.2-20070626.so.1
046b0000-046b1000 rwxp 0000a000 08:01 776949     /lib/libgcc_s-4.1.2-20070626.so.1
08048000-08052000 r-xp 00000000 08:01 530746     /usr/sbin/logrotate
08052000-08053000 rw-p 0000a000 08:01 530746     /usr/sbin/logrotate
080f8000-08119000 rw-p 080f8000 00:00 0 
b7e00000-b7e21000 rw-p b7e00000 00:00 0 
b7e21000-b7f00000 ---p b7e21000 00:00 0 
b7f28000-b7f2b000 rw-p b7f28000 00:00 0 
b7f35000-b7f36000 rw-p b7f35000 00:00 0 
bfcc2000-bfcd7000 rw-p bfcc2000 00:00 0          [stack]
Abgebrochen

Version-Release number of selected component (if applicable):
logrotate-3.7.4-8

How reproducible:
Each time.

Steps to Reproduce:
1. Copy lines somewhere in /var/lib/logrotate.status and corrupt it: Replace
path of logfile with linefeed. Like this:

"
" 2008-1-21

2. Call 'logrotate -f <name of logrotate script>'
  
Actual results:
logrotate gives error message and glibc throws backtrace

Expected results:
logrotate gives error message and terminates


Additional info:

-- Additional comment from tsmetana@redhat.com on 2008-02-11 05:25 EST --
Created an attachment (id=294546)
Proposed patch

This is clearly a bug -- the uninitalised variable may happen to be freed.

Note You need to log in before you can comment on or make changes to this bug.