Bug 467275 - alpine: malloc(): memory corruption: 0x09fa8180
alpine: malloc(): memory corruption: 0x09fa8180
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: alpine (Show other bugs)
9
All Linux
medium Severity medium
: ---
: ---
Assigned To: Joshua Daniel Franklin
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-10-16 12:33 EDT by Mike McGrath
Modified: 2008-12-12 11:04 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-12-12 11:04:39 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Mike McGrath 2008-10-16 12:33:49 EDT
Description of problem:
I've got a message that when I try to open it, I see part of the message then immediately get a backtrace.

Version-Release number of selected component (if applicable):
alpine-2.00-1.fc9.i386

How reproducible:
every time

Steps to Reproduce:
1.  Log in
2.  Open message
3.  Doom
  
Actual results:

I get this traceback:

*** glibc detected *** alpine: malloc(): memory corruption: 0x09fa8180 ***       
======= Backtrace: =========                                                     
/lib/libc.so.6[0xb02596]                                                         
/lib/libc.so.6(__libc_malloc+0x95)[0xb03ce5]                                     
/lib/libc.so.6[0xab9c67]                                                         
/lib/libc.so.6[0xab7d7c]                                                         
/lib/libc.so.6[0xab7731]                                                         
/lib/libc.so.6(dcgettext+0x43)[0xab6463]                                         
alpine[0x806e58c]                                                                
alpine[0x811e5bb]                                                                
[0x110400]                                                                       
/lib/libc.so.6(memcpy+0x61)[0xb08ff1]                                            
alpine[0x8230fef]                                                                
alpine[0x8263b03]                                                                
alpine[0x82682d7]                                                                
alpine[0x8269b5f]                                                                
alpine[0x8269c97]                                                                
alpine[0x826b907]                                                                
alpine[0x826fc84]                                                                
alpine[0x8246080]                                                                
alpine[0x817f252]                                                                
alpine[0x817f97f]                                                                
alpine[0x8216614]                                                                
alpine[0x81cc738]                                                                
alpine[0x81cd6e7]                                                                
alpine[0x80e8e14]                                                                
alpine[0x8074362]                                                                
/lib/libc.so.6(__libc_start_main+0xe6)[0xaa85d6]                                 
alpine[0x804d5c1]                                                                
======= Memory map: ========                                                     
00110000-00111000 r-xp 00110000 00:00 0          [vdso]                          
00111000-0011b000 r-xp 00000000 fd:00 122995     /lib/libnss_files-2.8.so        
0011b000-0011c000 r--p 0000a000 fd:00 122995     /lib/libnss_files-2.8.so        
0011c000-0011d000 rw-p 0000b000 fd:00 122995     /lib/libnss_files-2.8.so        
0011d000-00121000 r-xp 00000000 fd:00 122993     /lib/libnss_dns-2.8.so          
00121000-00122000 r--p 00003000 fd:00 122993     /lib/libnss_dns-2.8.so          
00122000-00123000 rw-p 00004000 fd:00 122993     /lib/libnss_dns-2.8.so          
002f8000-00310000 r-xp 00000000 fd:00 125772     /lib/libaudit.so.0.0.0          
00310000-00311000 r--p 00017000 fd:00 125772     /lib/libaudit.so.0.0.0          
00311000-00312000 rw-p 00018000 fd:00 125772     /lib/libaudit.so.0.0.0          
00314000-0031f000 r-xp 00000000 fd:00 126002     /lib/libpam.so.0.81.12          
0031f000-00320000 rw-p 0000a000 fd:00 126002     /lib/libpam.so.0.81.12          
003b2000-003c8000 r-xp 00000000 fd:00 125583     /lib/libtinfo.so.5.6            
003c8000-003cb000 rw-p 00015000 fd:00 125583     /lib/libtinfo.so.5.6            
00462000-00464000 r-xp 00000000 fd:00 123069     /lib/libcom_err.so.2.1          
00464000-00465000 rw-p 00001000 fd:00 123069     /lib/libcom_err.so.2.1          
005e2000-00606000 r-xp 00000000 fd:00 69984      /usr/lib/libk5crypto.so.3.1     
00606000-00607000 rw-p 00024000 fd:00 69984      /usr/lib/libk5crypto.so.3.1
007b9000-00800000 r-xp 00000000 fd:00 123074     /lib/libssl.so.0.9.8g
00800000-00804000 rw-p 00046000 fd:00 123074     /lib/libssl.so.0.9.8g
008f0000-008f8000 r-xp 00000000 fd:00 69981      /usr/lib/libkrb5support.so.0.1
008f8000-008f9000 rw-p 00007000 fd:00 69981      /usr/lib/libkrb5support.so.0.1
0093a000-00948000 r-xp 00000000 fd:00 287115     /usr/lib/liblber-2.4.so.2.0.6
00948000-00949000 rw-p 0000d000 fd:00 287115     /usr/lib/liblber-2.4.so.2.0.6
0094b000-00978000 r-xp 00000000 fd:00 72610      /usr/lib/libgssapi_krb5.so.2.2
00978000-0097a000 rw-p 0002d000 fd:00 72610      /usr/lib/libgssapi_krb5.so.2.2
009cf000-009e9000 r-xp 00000000 fd:00 124200     /lib/libselinux.so.1
009e9000-009ea000 r--p 00019000 fd:00 124200     /lib/libselinux.so.1
009ea000-009eb000 rw-p 0001a000 fd:00 124200     /lib/libselinux.so.1
009ed000-00a02000 r-xp 00000000 fd:00 123083     /lib/libpthread-2.8.so
00a02000-00a03000 r--p 00014000 fd:00 123083     /lib/libpthread-2.8.so
00a03000-00a04000 rw-p 00015000 fd:00 123083     /lib/libpthread-2.8.so
00a04000-00a06000 rw-p 00a04000 00:00 0
00a23000-00a2b000 r-xp 00000000 fd:00 125094     /lib/librt-2.8.so
00a2b000-00a2c000 r--p 00007000 fd:00 125094     /lib/librt-2.8.so
00a2c000-00a2d000 rw-p 00008000 fd:00 125094     /lib/librt-2.8.so
00a6b000-00a6d000 r-xp 00000000 fd:00 124650     /lib/libkeyutils-1.2.so
00a6d000-00a6e000 rw-p 00001000 fd:00 124650     /lib/libkeyutils-1.2.so
00a72000-00a8e000 r-xp 00000000 fd:00 124144     /lib/ld-2.8.so
00a8e000-00a8f000 r--p 0001c000 fd:00 124144     /lib/ld-2.8.so
00a8f000-00a90000 rw-p 0001d000 fd:00 124144     /lib/ld-2.8.so
00a92000-00bf5000 r-xp 00000000 fd:00 124151     /lib/libc-2.8.so
00bf5000-00bf7000 r--p 00163000 fd:00 124151     /lib/libc-2.8.so
00bf7000-00bf8000 rw-p 00165000 fd:00 124151     /lib/libc-2.8.so
00bf8000-00bfb000 rw-p 00bf8000 00:00 0
00bfd000-00c24000 r-xp 00000000 fd:00 124275     /lib/libm-2.8.so
00c24000-00c25000 r--p 00026000 fd:00 124275     /lib/lAborted

Expected results:

The message opens

Additional info:

I also get this message in my selinux audit log:

type=ANOM_ABEND msg=audit(1224173887.091:35): auid=500 uid=500 gid=500 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 pid=3304 comm="alpine" sig=6

I've done an audit2allow and audit2why with it but with no success. I get the same error with selinux in permissive.  I get the same error when I try to export the message from the folder list.
Comment 1 Joshua Daniel Franklin 2008-10-21 12:05:21 EDT
Sorry for the delay... We don't patch alpine, so this is probably either an upstream bug or a problem specific to Fedora. I have seen messages that crash alpine (or pine) in the past. Can you report this to the alpine mailing list? Attaching the full problematic email would be helpful if it's not confidential; if it is... well, you'll have to do the debugging. :)

http://mailman2.u.washington.edu/mailman/listinfo/alpine-info

At this point I'm thinking the selinux message is a red herring.
Comment 2 Joshua Daniel Franklin 2008-12-11 18:26:10 EST
Any luck with this, Mike? Does this also happen on that message in F10?
Comment 3 Mike McGrath 2008-12-11 19:08:17 EST
Honestly I've not seen it since I posted this report.  I also don't remember what message it was I was able to reproduce it with :-/  If you want to close it I'll reopen if it happens again.
Comment 4 Joshua Daniel Franklin 2008-12-12 11:04:39 EST
Well, I expected better of you, Mike. :) I'll close NOTABUG. FYI, if you know what box the message might be in you can page through and see if alpine crashes as it reads the headers.

Note You need to log in before you can comment on or make changes to this bug.