From owner-freebsd-current@FreeBSD.ORG Fri Apr 20 09:50:21 2007 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 2E3CD16A400 for ; Fri, 20 Apr 2007 09:50:21 +0000 (UTC) (envelope-from peterjeremy@optushome.com.au) Received: from turion.vk2pj.dyndns.org (c220-239-3-125.belrs4.nsw.optusnet.com.au [220.239.3.125]) by mx1.freebsd.org (Postfix) with ESMTP id ADE4D13C43E for ; Fri, 20 Apr 2007 09:50:20 +0000 (UTC) (envelope-from peterjeremy@optushome.com.au) Received: from turion.vk2pj.dyndns.org (localhost.vk2pj.dyndns.org [127.0.0.1]) by turion.vk2pj.dyndns.org (8.13.8/8.13.8) with ESMTP id l3K9o1b8006327; Fri, 20 Apr 2007 19:50:01 +1000 (EST) (envelope-from peter@turion.vk2pj.dyndns.org) Received: (from peter@localhost) by turion.vk2pj.dyndns.org (8.13.8/8.13.8/Submit) id l3K9o1kW006326; Fri, 20 Apr 2007 19:50:01 +1000 (EST) (envelope-from peter) Date: Fri, 20 Apr 2007 19:50:01 +1000 From: Peter Jeremy To: Anton Yuzhaninov Message-ID: <20070420095001.GB5257@turion.vk2pj.dyndns.org> References: <313993633.20070419232238@citrin.ru> <4627DD1B.2080806@freebsd.org> <144280354.20070420023353@citrin.ru> <20070419223903.GA87190@xor.obsecurity.org> <334983330.20070420032226@citrin.ru> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="oC1+HKm2/end4ao3" Content-Disposition: inline In-Reply-To: <334983330.20070420032226@citrin.ru> X-PGP-Key: http://members.optusnet.com.au/peterjeremy/pubkey.asc User-Agent: Mutt/1.5.14 (2007-02-12) Cc: freebsd-current@freebsd.org Subject: Re: clamd memory corruption (may be jemalloc related) X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Apr 2007 09:50:21 -0000 --oC1+HKm2/end4ao3 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2007-Apr-20 03:22:26 +0400, Anton Yuzhaninov wrote: >Clamav code quality is low, and probably it has bugs :( >But not obvious how to find this bugs. This smells like memory is being allocated in one thread and then being referenced in another thread before it is initialised. My initial suggestion is to put wrappers around malloc(3) family calls (or the program's own internal wrapper functions) that dump __FILE__, __LINE__ and pthread_self(), together with size and address information. The core dump will let you identify the thread that has detected the problem as well as the offending block of memory. The malloc debug output will let you detect where that block of memory is being allocated. It's then just a simple matter of working out the path from the latter to the former :-). Of course, since this appears to be a race condition between threads, it's quite likely it will be a heisenbug. --=20 Peter Jeremy --oC1+HKm2/end4ao3 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQFGKIzJ/opHv/APuIcRArTLAKC+KL4EFUfudRxVDX+4vxsNxQebZwCgqe2j gALvToMT2h9FdWObrw6Hvj4= =iI2w -----END PGP SIGNATURE----- --oC1+HKm2/end4ao3--