glibc detected freeing invalid pointer on ash... might be a bug, but I'm not sure
Franklin
franklin at goodhorse.idv.tw
Mon Mar 12 02:09:29 UTC 2007
Hi list,
Recently I'm playing embedded system running on mpc8349 (powerpc).
I built the toolchain myself, including glibc-2.4, binutils-2.17 and gcc-4.1.1
Then I downloaded the busybox 1.4.1 and built it. However, when running
starting script, it shown the following messages and the system was unusable:
*** glibc detected *** -sh: free(): invalid pointer: 0x1007f1a8 ***
======= Backtrace: =========
/usr/powerpc/lib/libc.so.6[0xfe016ec]
/usr/powerpc/lib/libc.so.6(__libc_free+0xc0)[0xfe03120]
-sh[0x10045138]
-sh[0x100527b4]
-sh[0x10050490]
-sh[0x10050650]
-sh[0x100517ac]
-sh[0x10051d2c]
-sh[0x100042bc]
-sh[0x1000449c]
/usr/powerpc/lib/libc.so.6[0xfda9750]
/usr/powerpc/lib/libc.so.6[0xfda9974]
I tried to hacked into shells/ash.c, added some debug messages and found that,
in the popstackmark() in ash.c (about line 8315+),
while (stackp != mark->stackp) {
sp = stackp;
stackp = sp->prev;
ckfree(sp);
}
in some cases the mark->stackp became NULL, so the stackp would never be equal
to mark->stackp, then finally it will try to free the stackbase, which is a
static non-pointer struct variable, and glibc complains about it.
I don't know what cases cause the mark->stackp become NULL. I think that the
mark itself might be invalid too. I did not dig too much, I just added a
if (!mark->stackp) return;
before the while loop, and the shell goes well.
It may be a bug, but I'm not sure. May someone please take a look at this. I
think that it should at least avoid freeing the stackbase.
Regards,
Franklin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.busybox.net/pipermail/busybox/attachments/20070312/e43f2963/attachment-0002.pgp
More information about the busybox
mailing list