Description of problem: strace has internal memory allocation bugs (trace below) To reproduce: strace -ff -o /tmp/wombat kdesu /bin/ls works for me as a reproducer on both FC10 and FC11 [4.5.18.1.fc10] This one is actually quite nasty because it means it may be possible to construct an attack vector that waits for an admin to do the typical "strace -p suspicious-process" *** glibc detected *** strace: malloc(): memory corruption (fast): 0x0000000001d18da0 *** ======= Backtrace: ========= /lib64/libc.so.6[0x3083677ec8] /lib64/libc.so.6[0x308367b561] /lib64/libc.so.6(__libc_malloc+0x98)[0x308367ca38] strace[0x408728] strace[0x40598e] strace[0x404696] /lib64/libc.so.6(__libc_start_main+0xe6)[0x308361e576] strace[0x401e69] ======= Memory map: ======== 00400000-00447000 r-xp 00000000 09:03 3584297 /usr/bin/strace 00647000-00648000 rw-p 00047000 09:03 3584297 /usr/bin/strace 00648000-00656000 rw-p 00648000 00:00 0 00847000-00848000 rw-p 00047000 09:03 3584297 /usr/bin/strace 01d18000-01d39000 rw-p 01d18000 00:00 0 [heap] 3082200000-3082220000 r-xp 00000000 09:03 5996550 /lib64/ld-2.9.so 308241f000-3082420000 r--p 0001f000 09:03 5996550 /lib64/ld-2.9.so 3082420000-3082421000 rw-p 00020000 09:03 5996550 /lib64/ld-2.9.so 3083600000-3083768000 r-xp 00000000 09:03 5996573 /lib64/libc-2.9.so 3083768000-3083968000 ---p 00168000 09:03 5996573 /lib64/libc-2.9.so 3083968000-308396c000 r--p 00168000 09:03 5996573 /lib64/libc-2.9.so 308396c000-308396d000 rw-p 0016c000 09:03 5996573 /lib64/libc-2.9.so 308396d000-3083972000 rw-p 308396d000 00:00 0 308a200000-308a216000 r-xp 00000000 09:03 5997170 /lib64/libgcc_s-4.3.2-20081105.so.1 308a216000-308a416000 ---p 00016000 09:03 5997170 /lib64/libgcc_s-4.3.2-20081105.so.1 308a416000-308a417000 rw-p 00016000 09:03 5997170 /lib64/libgcc_s-4.3.2-20081105.so.1 7f1c44000000-7f1c44021000 rw-p 7f1c44000000 00:00 0 7f1c44021000-7f1c48000000 ---p 7f1c44021000 00:00 0 7f1c4b963000-7f1c4b965000 rw-p 7f1c4b963000 00:00 0 7f1c4b98c000-7f1c4b98f000 rw-p 7f1c4b98c000 00:00 0 7fffd5d9b000-7fffd5db0000 rw-p 7ffffffea000 00:00 0 [stack] 7fffd5de8000-7fffd5de9000 r-xp 7fffd5de8000 00:00 0 [vdso] ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall] Aborted
Following trace is for strace-4.5.18-2.fc11.x86_64, but it works fine with current Git. Should be fixed when strace upstream settles down and produce new version. Core was generated by `strace -ff -o /tmp/wombat kdesu /bin/ls'. Program terminated with signal 6, Aborted. #0 0x000000346ac332f5 in *__GI_raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 64 return INLINE_SYSCALL (tgkill, 3, pid, selftid, sig); Current language: auto; currently minimal Thread 1 (Thread 18123): #0 0x000000346ac332f5 in *__GI_raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 pid = <value optimized out> selftid = <value optimized out> #1 0x000000346ac34b20 in *__GI_abort () at abort.c:88 act = {__sigaction_handler = {sa_handler = 0x600000008, sa_sigaction = 0x600000008}, sa_mask = { __val = {140735744234608, 140735744234464, 140735744234656, 140735744239942, 6, 225130530316, 3, 140735744234666, 6, 225130530320, 2, 140735744234654, 2, 225130521557, 1, 225130530316}}, sa_flags = 3, sa_restorer = 0x7fff980ad4a6} sigs = {__val = {32, 0 <repeats 15 times>}} #2 0x000000346ac7005d in __libc_message (do_abort=2, fmt=0x7fff980ad6d0 " /lib64/libc-2.10.1.so\n346af69000-346af6e000 rw-p 346af69000 00:00 0 \n3472400000-3472419000 r-xp 00000000 fd:01 2891362", ' ' <repeats 24 times>, "/lib64/libgcc_s-4.4.1-20090729.so.1\n3472419000-3472619000"...) at ../sysdeps/unix/sysv/linux/libc_fatal.c:170 ap = {{gp_offset = 40, fp_offset = 48, overflow_arg_area = 0x7fff980ade00, reg_save_area = 0x7fff980add10}} ap_copy = {{gp_offset = 16, fp_offset = 48, overflow_arg_area = 0x7fff980ade00, reg_save_area = 0x7fff980add10}} fd = 6 on_2 = <value optimized out> list = <value optimized out> nlist = <value optimized out> cp = <value optimized out> written = 6 #3 0x000000346ac75a96 in malloc_printerr (action=3, str=0x346ad35f60 "munmap_chunk(): invalid pointer", ptr=<value optimized out>) at malloc.c:6217 buf = "0000000002286da0" cp = 0x346ad2c140 "0123456789abcdefghijklmnopqrstuvwxyz" #4 0x000000346ac660dd in _IO_new_fclose (fp=0x2286da0) at iofclose.c:88 status = 0 #5 0x0000000000402396 in droptcb (tcp=0x2286200) at strace.c:1337 No locals. #6 0x000000000040288a in detach (tcp=0x2286200, sig=<value optimized out>) at strace.c:1570 error = <value optimized out> status = 0 catch_sigstop = 0 zombie = 0x0 #7 0x0000000000403c14 in trace () at strace.c:2494 pid = 18128 wait_errno = <value optimized out> status = 1407 tcp = 0x2286200 ru = {ru_utime = {tv_sec = 96, tv_usec = 0}, ru_stime = {tv_sec = 0, tv_usec = 0}, ru_maxrss = 64, ru_ixrss = 0, ru_idrss = 0, ru_isrss = 67108864, ru_minflt = 225129476976, ru_majflt = 0, ru_nswap = 0, ru_inblock = 0, ru_oublock = 0, ru_msgsnd = 0, ru_msgrcv = 0, ru_nsignals = 0, ru_nvcsw = 0, ru_nivcsw = 0} wait4_options = 1073741824 #8 0x0000000000404743 in main (argc=<value optimized out>, argv=0x7fff980ae178) at strace.c:879 tcp = <value optimized out> c = <value optimized out> pid = <value optimized out> optF = <value optimized out> sa = {__sigaction_handler = {sa_handler = 0, sa_sigaction = 0}, sa_mask = {__val = { 0 <repeats 16 times>}}, sa_flags = 0, sa_restorer = 0} buf = '\0' <repeats 8191 times>
*** Bug 502218 has been marked as a duplicate of this bug. ***
This issue was fixed in upstream git long time ago, see http://strace.git.sourceforge.net/git/gitweb.cgi?p=strace/strace;h=v4.5.18-17-ga501f14
strace-4.5.19-1.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/strace-4.5.19-1.fc10
strace-4.5.19-1.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/strace-4.5.19-1.fc11
strace-4.5.19-1.fc10 has been pushed to the Fedora 10 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update strace'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F10/FEDORA-2009-10733
strace-4.5.19-1.fc11 has been pushed to the Fedora 11 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update strace'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F11/FEDORA-2009-10843
strace-4.5.19-1.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.
strace-4.5.19-1.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.