Bad code in rcorder(8) (Was: Re: New RCorder: abi loaded too late)

Ulrich Spoerlein q at galgenberg.net
Wed Feb 22 06:48:40 PST 2006 

Divacky Roman wrote:
> well. there are leaks :) if you try the
> http://www.freebsd.org/cgi/query-pr.cgi?pr=91789
> 
> I think you'll get touch-after-free as well 

Ah I see. I first tried this with rcorder from early January and I got
errors from 20 different contexts. I now just checked out a fresh
rcorder from RELENG_6 and there are still two problems remaining. So the
patch in the PR did not address all problems.

Here's the output

...
/etc/rc.d/ipfw
/etc/rc.d/nsswitch
rcorder: Circular dependency on file `/etc/rc.d/NETWORKING'.
==3431== Invalid read of size 4
==3431==    at 0x80499B0: satisfy_req (rcorder.c:654)
==3431==    by 0x804979A: do_file (rcorder.c:758)
==3431==    by 0x80499DA: satisfy_req (rcorder.c:686)
==3431==    by 0x804979A: do_file (rcorder.c:758)
==3431==  Address 0x3C1E6AEC is 0 bytes inside a block of size 8 free'd
==3431==    at 0x3C03267F: free (in /usr/local/lib/valgrind/vgpreload_memcheck.so)
==3431==    by 0x80497B2: do_file (rcorder.c:761)
==3431==    by 0x80499DA: satisfy_req (rcorder.c:686)
==3431==    by 0x804979A: do_file (rcorder.c:758)
==3431== 
==3431== Invalid read of size 4
==3431==    at 0x80497A5: do_file (rcorder.c:759)
==3431==    by 0x80499DA: satisfy_req (rcorder.c:686)
==3431==    by 0x804979A: do_file (rcorder.c:758)
==3431==    by 0x80499DA: satisfy_req (rcorder.c:686)
==3431==  Address 0x3C1E6AF0 is 4 bytes inside a block of size 8 free'd
==3431==    at 0x3C03267F: free (in /usr/local/lib/valgrind/vgpreload_memcheck.so)
==3431==    by 0x80497B2: do_file (rcorder.c:761)
==3431==    by 0x80499DA: satisfy_req (rcorder.c:686)
==3431==    by 0x804979A: do_file (rcorder.c:758)
rcorder: Circular dependency on provision `fake_prov_00000006' in file `/etc/rc.d/NETWORKING'.
/etc/rc.d/ip6addrctl
/etc/rc.d/atm2
...
==3431== 
==3431== ERROR SUMMARY: 4 errors from 2 contexts (suppressed: 0 from 0)
==3431== malloc/free: in use at exit: 17128 bytes in 536 blocks.
==3431== malloc/free: 3579 allocs, 3043 frees, 631699 bytes allocated.

hth,
Ulrich Spoerlein
-- 
 PGP Key ID: 20FEE9DD				Encrypted mail welcome!
Fingerprint: AEC9 AF5E 01AC 4EE1 8F70  6CBD E76E 2227 20FE E9DD
Which is worse: ignorance or apathy?
Don't know. Don't care.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20060222/350dcd04/attachment.bin

More information about the freebsd-current mailing list