[Bug 1518462] [NEW] assert in malloc.h at realloc
Serge Hallyn
1518462 at bugs.launchpad.net
Fri Nov 20 21:17:40 UTC 2015
Public bug reported:
Take the 0.12.0ubuntu2 lxcfs source, build it on i386, run it (say lxcfs
/var/lib/lxcfs), then run the tests/test_proc script (cd tests; sudo
./test_proc). The assertion
assert ((old_top == initial_top (av) && old_size == 0) ||
((unsigned long) (old_size) >= MINSIZE &&
prev_inuse (old_top) &&
((unsigned long) old_end & pagemask) == 0));
is triggered. A rebuild with some printfs shows that:
old_top 3063975608 inittop 3063939136 old_size 24
minsize 16
previnuse yes
old_end 3063975632 pagemask 4095 mask 3792
Just catting the proc/meminfo file triggers:
[New Thread 0xb73ffb40 (LWP 14303)]
*** Error in `/home/ubuntu/orig/lxcfs-0.12/lxcfs': realloc(): invalid next size: 0xb7420978 ***
The lxcfs code which is triggering this is:
static void append_line(char **contents, char *line, size_t *len)
{
size_t newlen = *len + strlen(line);
if (!*contents) {
do {
*contents = malloc(*len + 1);
} while (!*contents);
} else {
char *tmp;
do {
tmp = realloc(*contents, newlen + 1);
} while (!tmp);
*contents = tmp;
}
strcpy(*contents + *len, line);
*len = newlen;
}
gdb shows reasonable values for *len, newlen, and *contents and line.
I'm working around it by increasing the size by which we realloc, which
seems to work fine, although it seems like that cannot be the root cause
since a simple reproducer doesn't work to reproduce this.
** Affects: glibc (Ubuntu)
Importance: Undecided
Status: New
** Affects: lxcfs (Ubuntu)
Importance: High
Status: In Progress
** Also affects: lxcfs (Ubuntu)
Importance: Undecided
Status: New
** Changed in: lxcfs (Ubuntu)
Importance: Undecided => High
** Changed in: lxcfs (Ubuntu)
Status: New => In Progress
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to glibc in Ubuntu.
https://bugs.launchpad.net/bugs/1518462
Title:
assert in malloc.h at realloc
Status in glibc package in Ubuntu:
New
Status in lxcfs package in Ubuntu:
In Progress
Bug description:
Take the 0.12.0ubuntu2 lxcfs source, build it on i386, run it (say
lxcfs /var/lib/lxcfs), then run the tests/test_proc script (cd tests;
sudo ./test_proc). The assertion
assert ((old_top == initial_top (av) && old_size == 0) ||
((unsigned long) (old_size) >= MINSIZE &&
prev_inuse (old_top) &&
((unsigned long) old_end & pagemask) == 0));
is triggered. A rebuild with some printfs shows that:
old_top 3063975608 inittop 3063939136 old_size 24
minsize 16
previnuse yes
old_end 3063975632 pagemask 4095 mask 3792
Just catting the proc/meminfo file triggers:
[New Thread 0xb73ffb40 (LWP 14303)]
*** Error in `/home/ubuntu/orig/lxcfs-0.12/lxcfs': realloc(): invalid next size: 0xb7420978 ***
The lxcfs code which is triggering this is:
static void append_line(char **contents, char *line, size_t *len)
{
size_t newlen = *len + strlen(line);
if (!*contents) {
do {
*contents = malloc(*len + 1);
} while (!*contents);
} else {
char *tmp;
do {
tmp = realloc(*contents, newlen + 1);
} while (!tmp);
*contents = tmp;
}
strcpy(*contents + *len, line);
*len = newlen;
}
gdb shows reasonable values for *len, newlen, and *contents and line.
I'm working around it by increasing the size by which we realloc,
which seems to work fine, although it seems like that cannot be the
root cause since a simple reproducer doesn't work to reproduce this.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1518462/+subscriptions
More information about the foundations-bugs
mailing list