develooper Front page | perl.perl5.porters | Postings from July 2007

[perl #43701] Threads failed: glibc detected: double free or corruption (!prev)

Thread Next
From:
Steve Peters via RT
Date:
July 25, 2007 07:51
Subject:
[perl #43701] Threads failed: glibc detected: double free or corruption (!prev)
Message ID:
rt-3.6.HEAD-23341-1185375056-182.43701-15-0@perl.org
On Mon Jul 09 18:31:32 2007, entropie <!-- x --> at gmx.li wrote:
> This is a bug report for perl from entropie <!-- x --> at gmx.li,
> generated with the help of perlbug 1.35 running under perl v5.8.8.
> 
> 
> -----------------------------------------------------------------
> I tracked a problem with an open directory handle and threads down to
> these few lines of code. Each line is neccessary to trigger the abort.
> I think this is critical, because a double free could potentially lead
> to code injection and trivial code just does not run.
> I could verify this bug on a Ubuntu 7.04 running on Core 2 Duo, too.
> This machine runs on single processor Pentium M.
> Feel free to mail me if you need more data.
> 
> perl -MThread -e '
> 	opendir(DIR,".") || die $!;
> 	$t=new Thread sub {};
> 	$t->join;'
> *** glibc detected *** perl: double free or corruption (!prev):
> 0x081f7458 ***
> ======= Backtrace: =========
> /lib/i686/cmov/libc.so.6[0xb7e83eed]
> /lib/i686/cmov/libc.so.6(cfree+0x90)[0xb7e87530]
> /lib/i686/cmov/libc.so.6(closedir+0x28)[0xb7ea80d8]
> perl(Perl_sv_clear+0x763)[0x80ca313]
> perl(Perl_sv_free+0x75)[0x80ca415]
> perl(Perl_gp_free+0x9a)[0x806a05a]
> perl(Perl_sv_clear+0x51d)[0x80ca0cd]
> perl(Perl_sv_free+0x75)[0x80ca415]
> perl[0x80c50f7]
> perl(Perl_sv_clean_objs+0x41)[0x80c5171]
> perl(perl_destruct+0x108b)[0x806844b]
> perl(main+0xc3)[0x805ff83]
> /lib/i686/cmov/libc.so.6(__libc_start_main+0xdc)[0xb7e31ebc]
> perl[0x805fe31]
> ======= Memory map: ========
> 08048000-08148000 r-xp 00000000 03:02 478370     /usr/bin/perl
> 08148000-0814c000 rw-p 000ff000 03:02 478370     /usr/bin/perl
> 0814c000-0827e000 rw-p 0814c000 00:00 0          [heap]
> b7200000-b7221000 rw-p b7200000 00:00 0
> b7221000-b7300000 ---p b7221000 00:00 0
> b73a3000-b73a4000 ---p b73a3000 00:00 0
> b73a4000-b7ba4000 rw-p b73a4000 00:00 0
> b7bba000-b7bc4000 r-xp 00000000 03:02 245906     /lib/libgcc_s.so.1
> b7bc4000-b7bc5000 rw-p 00009000 03:02 245906     /lib/libgcc_s.so.1
> b7bc5000-b7bcb000 r-xp 00000000 03:02 592829
> /usr/lib/perl/5.8.8/auto/threads/threads.so
> b7bcb000-b7bcc000 rw-p 00005000 03:02 592829
> /usr/lib/perl/5.8.8/auto/threads/threads.so
> b7bcc000-b7bed000 rw-p b7bcc000 00:00 0
> b7bed000-b7ded000 r--p 00000000 03:02 490671
> /usr/lib/locale/locale-archive
> b7ded000-b7dee000 rw-p b7ded000 00:00 0
> b7dee000-b7df3000 r-xp 00000000 03:02 246077
> /lib/i686/cmov/libcrypt-2.5.so
> b7df3000-b7df5000 rw-p 00004000 03:02 246077
> /lib/i686/cmov/libcrypt-2.5.so
> b7df5000-b7e1c000 rw-p b7df5000 00:00 0
> b7e1c000-b7f59000 r-xp 00000000 03:02 246057    
/lib/i686/cmov/libc-2.5.so
> b7f59000-b7f5a000 r--p 0013d000 03:02 246057    
/lib/i686/cmov/libc-2.5.so
> b7f5a000-b7f5c000 rw-p 0013e000 03:02 246057    
/lib/i686/cmov/libc-2.5.so
> b7f5c000-b7f5f000 rw-p b7f5c000 00:00 0
> b7f5f000-b7f72000 r-xp 00000000 03:02 247821
> /lib/i686/cmov/libpthread-2.5.so
> b7f72000-b7f74000 rw-p 00013000 03:02 247821
> /lib/i686/cmov/libpthread-2.5.so
> b7f74000-b7f77000 rw-p b7f74000 00:00 0
> b7f77000-b7f9c000 r-xp 00000000 03:02 246049    
/lib/i686/cmov/libm-2.5.so
> b7f9c000-b7f9e000 rw-p 00024000 03:02 246049    
/lib/i686/cmov/libm-2.5.so
> b7f9e000-b7fa0000 r-xp 00000000 03:02 246055    
/lib/i686/cmov/libdl-2.5.so
> b7fa0000-b7fa2000 rw-p 00001000 03:02 246055    
/lib/i686/cmov/libdl-2.5.so
> b7fae000-b7fb0000 rw-p b7fae000 00:00 0
> b7fb0000-b7fb1000 r-xp b7fb0000 00:00 0          [vdso]
> b7fb1000-b7fcc000 r-xp 00000000 03:02 247840     /lib/ld-2.5.so
> b7fcc000-b7fce000 rw-p 0001b000 03:02 247840     /lib/ld-2.5.so
> bff8e000-bffa3000 rw-p bff8e000 00:00 0          [stack]
> Abgebrochen
> 

I was not able to reproduce this with a recent bleadperl.  Of course,
with thread-related bugs, who knows if this is really fixed. 
Interestingly, with my 5.8.8 I got...

[steve@kirk perl-current]$ perl  -MThread -e '
opendir(DIR,".") || die $!;
$t=new Thread sub {};
$t->join;'
Undefined subroutine &threads::new called at -e line 3.



Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About