coredumps with insmod at xrealloc_vector()

Harald Küthe harald-tuxbox at arcor.de
Wed Aug 27 21:22:11 UTC 2008


Hello list,

I'm getting coredumps in bb-1.12.0 in obj_create_alloced_section at 
xrealloc_vector at an insmod call.
It looks like xrealloc_vector() is assuming that the memory of 
f->sections is quantisized
in steps as stated in the 2nd parameter of xrealloc_vector().
In insmod it seems that the inital malloc of f->sections is not.

static struct obj_section *obj_create_alloced_section_first(struct 
obj_file *f,...)
...
    f->sections = xrealloc(f->sections, (newidx + 1) * sizeof(sec));

At the 1st call of xrealloc_vector() no xrealloc is done. Then the 2nd 
call is causing a memory error/coredump. (*** glibc detected *** 
realloc(): invalid next size: 0x10068710Aborted (core dumped))
When I remove "if (!(idx & (mask - 1))) in xrealloc_vector_helper() so 
that xrealloc is called each time things are running.

I hope I analyzed well enough.
Any suggestions are welcome.

Best regards
Harald



More information about the busybox mailing list