Bug 989262 - segmentation fault with -M option
segmentation fault with -M option
Status: CLOSED DUPLICATE of bug 986085
Product: Fedora
Classification: Fedora
Component: man-db (Show other bugs)
19
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Peter Schiffer
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-07-28 17:34 EDT by Jan Včelák
Modified: 2013-09-24 10:36 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-09-24 10:36:32 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
proposed patch (618 bytes, patch)
2013-07-28 17:36 EDT, Jan Včelák
no flags Details | Diff

  None (edit)
Description Jan Včelák 2013-07-28 17:34:54 EDT
Description of problem:

'man' command crashes when run with -M command line option


Version-Release number of selected component (if applicable):
man-db-2.6.3-6.fc19.x86_64


How reproducible:
always


Steps to Reproduce:
1. man -M foo bar
2.
3.

Actual results:
*** Error in `man': free(): invalid pointer: 0x00007fff7f840aba ***
======= Backtrace: =========
/lib64/libc.so.6(+0x7d0e8)[0x7fe9151250e8]
man[0x4052b8]
/lib64/libc.so.6(__libc_start_main+0xf5)[0x7fe9150c9b75]
man[0x405625]
======= Memory map: ========
...


Expected results:
No manual entry for bar.


Additional info:

(gdb) bt
#0  0x00007ffff7216a19 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1  0x00007ffff7218128 in __GI_abort () at abort.c:90
#2  0x00007ffff7256d47 in __libc_message (do_abort=do_abort@entry=2, fmt=fmt@entry=0x7ffff735eb88 "*** Error in `%s': %s: 0x%s ***\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:196
#3  0x00007ffff725cc17 in malloc_printerr (action=<optimized out>, str=0x7ffff735ebb0 "munmap_chunk(): invalid pointer", ptr=<optimized out>) at malloc.c:4916
#4  0x00000000004052b8 in main (argc=4, argv=0x7fffffffd6b8) at man.c:1367


The program tries to free 'manp' variable, which contains value assigned from argv and therefore allocated by caller (shell), man.c line 429.
Comment 1 Jan Včelák 2013-07-28 17:36:31 EDT
Created attachment 779450 [details]
proposed patch

Add strdup to assignment of manp variable.
Comment 2 Colin Watson 2013-07-29 06:27:35 EDT
Thanks for the effort, but nack on this patch.  The free in question was an incorrect change in a Fedora patch; it was dropped in 2.6.4-1.  Dropping it for 2.6.3-7 as well is probably the right answer if you need to stay with 2.6.3.
Comment 3 Jan Včelák 2013-07-29 07:51:38 EDT
Right Colin, that's probably a better solution.
Comment 4 Peter Schiffer 2013-09-24 10:36:32 EDT

*** This bug has been marked as a duplicate of bug 986085 ***

Note You need to log in before you can comment on or make changes to this bug.