[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug #22045] 1.11.22 - Possible double free in login.c

From: Yuri Pankov
Subject: [bug #22045] 1.11.22 - Possible double free in login.c
Date: Fri, 18 Jan 2008 12:33:07 +0000
User-agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US; rv: Gecko/20080117 Firefox/


                 Summary: 1.11.22 - Possible double free in login.c
                 Project: Concurrent Versions System
            Submitted by: crsd
            Submitted on: Friday 01/18/2008 at 12:33
                Category: Bug Report
                Severity: 3 - Normal
              Item Group: None
                  Status: None
                 Privacy: Public
             Assigned to: None
             Open/Closed: Open
         Discussion Lock: Any
           Fixed Release: None
   Fixed Feature Release: None



`cvs login`:

login() -> connect_to_pserver() -> auth_server():
password = get_cvs_password ();
(get_cvs_password returns cvs_password from login.c if it's set)

and, after that, in login(), cvs_password is free()'d again.

backtrace (FreeBSD):

(gdb) run login
Starting program: /usr/bin/cvs login
Logging in to :pserver:anoncvs@anoncvs.tw.freebsd.org:2401/home/ncvs
CVS password: 
Assertion failed: ((run->regs_mask[elm] & (1U << bit)) == 0), function
arena_run_reg_dalloc, file /usr/src/lib/libc/stdlib/malloc.c, line 2197.

Program received signal SIGABRT, Aborted.
0x00000008013f53cc in kill () at kill.S:2
2       RSYSCALL(kill)
Current language:  auto; currently asm
(gdb) bt full
#0  0x00000008013f53cc in kill () at kill.S:2
No locals.
#1  0x00000008013f423b in abort () at /usr/src/lib/libc/stdlib/abort.c:65
        act = {__sigaction_u = {__sa_handler = 0x90, __sa_sigaction = 0x90},
sa_flags = 8, sa_mask = {__bits = {4294967263, 
      4294967295, 4294967295, 4294967295}}}
#2  0x00000008013dd225 in __assert (func=0x5b19 <Error reading address
0x5b19: Bad address>, 
    file=0x6 <Error reading address 0x6: Bad address>, line=0,
failedexpr=0x0) at /usr/src/lib/libc/gen/assert.c:54
No locals.
#3  0x0000000801383bf3 in arena_dalloc_small (arena=0x589e70, chunk=Variable
"chunk" is not available.
) at /usr/src/lib/libc/stdlib/malloc.c:2197
        run = (arena_run_t *) 0x601000
        bin = (arena_bin_t *) 0x589fe8
        size = 16
        __func__ = "arena_dalloc_small"
#4  0x0000000801383ea6 in idalloc (ptr=0x6012a0) at
        chunk = (arena_chunk_t *) 0x600000
        __func__ = "idalloc"
#5  0x0000000801384177 in free (ptr=0x6012a0) at
        __func__ = "free"
#6  0x0000000000429be7 in login (argc=Variable "argc" is not available.
) at /usr/src/gnu/usr.bin/cvs/cvs/../../../../contrib/cvs/src/login.c:576
        typed_password = 0x601290 'Z' <repeats 64 times>
        cvsroot_canonical = 0x613300
#7  0x000000000042c578 in main (argc=1, argv=0x7fffffffe668)
    at /usr/src/gnu/usr.bin/cvs/cvs/../../../../contrib/cvs/src/main.c:1010
        n = (Node *) 0x6131c0
        CVSroot_parsed = Variable "CVSroot_parsed" is not available.


Reply to this item at:


  Message sent via/by Savannah

reply via email to

[Prev in Thread] Current Thread [Next in Thread]