Tue Feb 14 19:38:40 UTC 2012


--- Comment #26 from Franz A. <james at wolke7.net> 2012-02-14 19:38:39 UTC ---
I have an idea how to make the program fail closer to the point, where the real
problem is: I replaced every "free(ptr)" with free, followed by ptr=NULL. Just
in case an already freed memory block is used again. And this time I get:

busybox[1]: segfault at 6e6f6944 ip 080705ad sp bfc34930 error 4 
busybox[1]: segfault at 6e6f6940 ip 08069485 sp bfc34318 error 4 
Kernel panic - not syncing: Attempted to kill init!

To me the gdb output looks promising:
(gdb) disas 0x08069485
Dump of assembler code for function _IO_new_file_attach:
   0x08069440 <+0>:    sub    $0x24,%esp
   0x08069443 <+3>:    mov    %ebx,0x14(%esp)
   0x08069447 <+7>:    mov    0x28(%esp),%ebx
   0x0806944b <+11>:    mov    %esi,0x18(%esp)
   0x0806944f <+15>:    mov    %edi,0x1c(%esp)
   0x08069453 <+19>:    mov    %ebp,0x20(%esp)
   0x08069457 <+23>:    cmpl   $0xffffffff,0x38(%ebx)
   0x0806945b <+27>:    jne    0x80694e8 <_IO_new_file_attach+168>
   0x08069461 <+33>:    mov    0x2c(%esp),%eax
   0x08069465 <+37>:    mov    $0xffffffcc,%esi
   0x0806946b <+43>:    mov    %gs:0x0,%edi
   0x08069472 <+50>:    movl   $0xffffffff,0x4c(%ebx)
   0x08069479 <+57>:    mov    %eax,0x38(%ebx)
   0x0806947c <+60>:    mov    (%ebx),%eax
   0x0806947e <+62>:    movl   $0xffffffff,0x50(%ebx)
   0x08069485 <+69>:    mov    (%edi,%esi,1),%ebp
   0x08069488 <+72>:    and    $0xfffffff3,%eax

(gdb) disas 0x080705ad
Dump of assembler code for function malloc:
   0x08070580 <+0>:    sub    $0x14,%esp
   0x08070583 <+3>:    mov    0x82748d4,%eax
   0x08070588 <+8>:    test   %eax,%eax
   0x0807058a <+10>:    mov    %ebx,0x8(%esp)
   0x0807058e <+14>:    mov    0x18(%esp),%ebx
   0x08070592 <+18>:    mov    %esi,0xc(%esp)
   0x08070596 <+22>:    mov    %edi,0x10(%esp)
   0x0807059a <+26>:    jne    0x8070716 <malloc+406>
   0x080705a0 <+32>:    mov    $0xffffffd0,%edx
   0x080705a6 <+38>:    mov    %gs:0x0,%ecx
   0x080705ad <+45>:    mov    (%ecx,%edx,1),%ecx

You can download this busybox from 

