coredumps with insmod at xrealloc_vector()
Harald Küthe
harald-tuxbox at arcor.de
Wed Aug 27 21:22:11 UTC 2008
Hello list,
I'm getting coredumps in bb-1.12.0 in obj_create_alloced_section at
xrealloc_vector at an insmod call.
It looks like xrealloc_vector() is assuming that the memory of
f->sections is quantisized
in steps as stated in the 2nd parameter of xrealloc_vector().
In insmod it seems that the inital malloc of f->sections is not.
static struct obj_section *obj_create_alloced_section_first(struct
obj_file *f,...)
...
f->sections = xrealloc(f->sections, (newidx + 1) * sizeof(sec));
At the 1st call of xrealloc_vector() no xrealloc is done. Then the 2nd
call is causing a memory error/coredump. (*** glibc detected ***
realloc(): invalid next size: 0x10068710Aborted (core dumped))
When I remove "if (!(idx & (mask - 1))) in xrealloc_vector_helper() so
that xrealloc is called each time things are running.
I hope I analyzed well enough.
Any suggestions are welcome.
Best regards
Harald
More information about the busybox
mailing list