From owner-freebsd-hackers@FreeBSD.ORG Wed Jun 4 19:54:09 2008 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 63F341065670 for ; Wed, 4 Jun 2008 19:54:09 +0000 (UTC) (envelope-from ed@hoeg.nl) Received: from palm.hoeg.nl (mx0.hoeg.nl [IPv6:2001:610:652::211]) by mx1.freebsd.org (Postfix) with ESMTP id 0D2FB8FC0C for ; Wed, 4 Jun 2008 19:54:09 +0000 (UTC) (envelope-from ed@hoeg.nl) Received: by palm.hoeg.nl (Postfix, from userid 1000) id 8C4801CCCA; Wed, 4 Jun 2008 21:53:57 +0200 (CEST) Date: Wed, 4 Jun 2008 21:53:57 +0200 From: Ed Schouten To: Peter Jeremy Message-ID: <20080604195357.GD1176@hoeg.nl> References: <4845AC84.6040407@telenix.org> <4846A77B.9060603@telenix.org> <4846B40A.4010309@telenix.org> <20080604191137.GC1028@server.vk2pj.dyndns.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="veXX9dWIonWZEC6h" Content-Disposition: inline In-Reply-To: <20080604191137.GC1028@server.vk2pj.dyndns.org> User-Agent: Mutt/1.5.18 (2008-05-17) Cc: FreeBSD Hackers , Chuck Robey Subject: Re: git problems X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Jun 2008 19:54:09 -0000 --veXX9dWIonWZEC6h Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable * Peter Jeremy wrote: > On 2008-Jun-04 11:26:02 -0400, Chuck Robey wrote: > >#3 0x08066467 in unlock_pack () at builtin-fetch.c:56 > >#4 0x2848b5f3 in __cxa_finalize () from /lib/libc.so.7 > >#5 0x2843b1aa in exit () from /lib/libc.so.7 > >#6 0x0804b0e3 in handle_internal_command (argc=3D2, argv=3D0xffffffff) = at git.c:379 > >#7 0x0804b7ed in main (argc=3D2, argv=3DCannot access memory at address= 0x12) at git.c:414 >=20 > __cxa_finalise() is part of the atexit() processing - the source comments > imply it handles shared object destructors. >=20 > >379 exit(run_command(p, argc, argv)); > >380 } > > > >First I want to comment on that weird line 379, because while it > >might work, it sure seems to me to be a very strange and wasteful way > >to do a fork. >=20 > There's no fork involved. It's just shorthand for: > return_code =3D run_command(p, argc, argv); > exit(return_code); > By the time exit() is invoked, run_command() has completed. >=20 > > Second, the second argument to handle_internal_command seems to > >have been a argv=3D0xffffffff, which is very obviously a bad string > >pointer >=20 > Note that argv in main is also corrupt. I suspect gdb is confused by > the level of optimisation being done by gcc. >=20 > In a later posting, you indicate that there's a double-free bug. > Possibly unlock_pack() is being registered as a destructor (or > similar) _and_ is being explicitly called. Without studying the > code, the solution is probably to either skip the explicit cleanup > (leaving just the destructor processing) and/or flag freed data (ie > NULL pointers after freeing them). I just solved this on my systems by removing the call to free(). I know, it's awful, but it was good enough for me to live with on short term. --=20 Ed Schouten WWW: http://80386.nl/ --veXX9dWIonWZEC6h Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (FreeBSD) iEYEARECAAYFAkhG8tUACgkQ52SDGA2eCwWWqwCfWyeNg9NWoU7PZGJ9w4//aU5v 5NAAn0O4MRYjFZFv3lY5dvF2OmKMXC6v =7ivG -----END PGP SIGNATURE----- --veXX9dWIonWZEC6h--