Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 25 Mar 2019 19:23:26 +0000
From:      bugzilla-noreply@freebsd.org
To:        pkg@FreeBSD.org
Subject:   [Bug 235604] ports-mgmt/pkg: bus error / segmentation fault (core dumped)
Message-ID:  <bug-235604-32340-SzPlqMeLg6@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-235604-32340@https.bugs.freebsd.org/bugzilla/>
References:  <bug-235604-32340@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D235604

--- Comment #3 from Oliver Fromme <olli@FreeBSD.org> ---
Ok, I got a few minutes and rebuilt the whole thing with jemalloc debugging=
 and
malloc option "junk:true".

The crash (SIGBUS) happens in work/pkg-1.10.5/external/libucl/src/ucl_hash.c
Line 229, in function ucl_hash_destroy():

225            for (k =3D kh_begin (h); k !=3D kh_end (h); ++k) {
226                    if (kh_exist (h, k)) {
227                            cur =3D (kh_value (h, k)).obj;
228                            while (cur !=3D NULL) {
229                ---->               tmp =3D cur->next;
230                                    func (__DECONST (ucl_object_t *, cur=
));
231                                    cur =3D tmp;
232                            }
233                    }
234            }

(lldb) print cur
(const ucl_object_t *) $0 =3D 0x5a5a5a5a5a5a5a5a

Obviously it is dereferencing uninitialized memory (0x5a is the value used =
by
jemalloc for junk-filling when debugging is enabled).

Next I tried building with malloc-option "junk:false,zero:true".
Result:  No crash.

However, some time later I tried installing libxml2, and pkg(8) crashes aga=
in
at exactly the same location, even with malloc option "zero:true". Now we h=
ave:

(lldb) print cur
(const ucl_object_t *) $0 =3D 0x6c6d7862696c3a74

That looks suspiciously like ASCII characters.  In fact, those bytes repres=
ent
the characters "lmxbil:t", which is "t:libxml" reversed. Obviously somehow =
the
pointer got overwritten with parts of a string.

At this point I could really need some help from someone who is a little mo=
re
familiar with the source code.  This is taking way too much time for me.

This problem is preventing me from putting this machine into production. Be=
ing
able to properly install and update packages is crucial. If I can't get this
fixed, I'll have to try to install DragonFly or NetBSD.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-235604-32340-SzPlqMeLg6>