devel/libidn: warning when freeing memory
Kaarthik Sivakumar
kaarthik at comcast.net
Thu Apr 22 11:24:08 PDT 2004
See below for response. I kept the entire thing here to provide a
certain context (and sorry for the late reply)...
>>> "MCS" == Michael C Shultz <ringworm at inbox.lv> writes:
MCS> On Sunday 18 April 2004 09:05 pm, Kaarthik Sivakumar wrote:
>> When idn is run, it prints the following message for any string given
>> to it:
>>
>> idn in free(): error: junk pointer, too high to make sense
>>
>> After setting MALLOC_OPTIONS to A and compiling libidn with '-g', I
>> got the following backtrace:
>>
>> ,----
>>
>> | (gdb) run
>> | Starting program: /usr/home/programs/libidn-0.4.2/src/.libs/idn
>> | libidn 0.4.2
>> | Copyright 2002, 2003, 2004 Simon Josefsson.
>> | GNU Libidn comes with NO WARRANTY, to the extent permitted by law.
>> | You may redistribute copies of GNU Libidn under the terms of
>> | the GNU Lesser General Public License. For more information
>> | about these matters, see the file named COPYING.LIB.
>> | Type each input string on a line by itself, terminated by a newline
>> | character. test this string
>> | idn in free(): error: junk pointer, too high to make sense
>> |
>> | Program received signal SIGABRT, Aborted.
>> | 0x281f1d4f in kill () from /lib/libc.so.5
>> | (gdb) bt
>> | #0 0x281f1d4f in kill () from /lib/libc.so.5
>> | #1 0x281e67f8 in raise () from /lib/libc.so.5
>> | #2 0x2825ef02 in abort () from /lib/libc.so.5
>> | #3 0x2825d67e in tcflow () from /lib/libc.so.5
>> | #4 0x2825d6ab in tcflow () from /lib/libc.so.5
>> | #5 0x2825e1d8 in tcflow () from /lib/libc.so.5
>> | #6 0x2825e420 in free () from /lib/libc.so.5
>> | #7 0x08049c1f in main (argc=1, argv=0xbfbfe9f0) at idn.c:381
>> | #8 0x08048c62 in _start ()
>> | (gdb) fr 7
>> | #7 0x08049c1f in main (argc=1, argv=0xbfbfe9f0) at idn.c:381
>> | 381 free (r);
>> | (gdb) l
>> | 376 argv[0], rc);
>> | 377 free (q);
>> | 378 return 1;
>> | 379 }
>> | 380
>> | 381 free (r);
>> | 382 }
>> | 383 #endif
>> | 384
>> | 385 if (args_info.debug_given)
>> | (gdb) p r
>> | $1 = 0x6f732e <Error reading address 0x6f732e: Bad address>
>> | (gdb)
>>
>> `----
>>
>> I tried debugging but I couldnt figure out what was wrong. The address
>> seems low for stack addresses, but it is obviously high for a heap
>> address.
>>
>> Thanks
>>
>> kaarthik
>>
>>
>> _______________________________________________
>> freebsd-ports at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-ports
>> To unsubscribe, send any mail to "freebsd-ports-unsubscribe at freebsd.org"
MCS> The error comes from freeing something that isn't allocated. You don't have
MCS> enough information here to find the problem. Where was "r" and "q" malloc'ed?
MCS> Are either of them being freed more than once? Did one of them get their
MCS> address reassigned? A quick thing you can do is comment out the free's, if
MCS> the problem goes away then you'll know which variable is the culprit.
I ran it without the free on line 381 as you and Kirill Ponomarew
<krion at FreeBSD.org> suggested and that gets rid of the message. But
according to one person who mailed me in private (and this seems to be
most likely thing to have happened), I quote
"0x6f732e in x86's representation is 2e 73 6f 00, which is '.so\0'. It
looks like something else (probably a string mentioning the filename of
a shared library) has overwritten the pointer."
So it looks like something just overwrote that memory location and
that free(p) should really be there. I suspect that without the free
in line 381, the program will likely leak memory for every string that
it is given.
Am I the only one getting this? I just installed this straight from
the ports. My system is
FreeBSD the-saint 5.2-RC2 FreeBSD 5.2-RC2 #0: Sat Mar 13 20:37:02 EST 2004 kaarthik at the-saint:/usr/src/sys/i386/compile/THE-SAINT i386
Isnt anyone else getting this problem?
kaarthik
More information about the freebsd-ports
mailing list