Date: Thu, 1 Feb 2007 12:29:18 -0700 From: "Coleman Kane" <zombyfork@gmail.com> To: "John Baldwin" <jhb@freebsd.org> Cc: cvs-src@freebsd.org, src-committers@freebsd.org, Jason Evans <jasone@freebsd.org>, cvs-all@freebsd.org Subject: Re: cvs commit: src/lib/libc/stdlib malloc.c Message-ID: <346a80220702011129s7b1d976l523655cae9b7f903@mail.gmail.com> In-Reply-To: <200702011121.10651.jhb@freebsd.org> References: <200701312254.l0VMsKZ6050188@repoman.freebsd.org> <346a80220701311514j6aa9e3eavc5a4de2bffc039d7@mail.gmail.com> <45C1316C.8010500@FreeBSD.org> <200702011121.10651.jhb@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2/1/07, John Baldwin <jhb@freebsd.org> wrote:
>
> On Wednesday 31 January 2007 19:16, Jason Evans wrote:
> > Coleman Kane wrote:
> > > Modified files:
> > > lib/libc/stdlib malloc.c
> > > Log:
> > > Fix a utrace(2)-related bug in calloc(3).
> > >
> > > Integrate various pedantic cleanups.
> > >
> > > Submitted by: Andrew Doran <ad@netbsd.org <mailto:
> ad@netbsd.org>>
> > >
> > > Revision Changes Path
> > > 1.139 +56 -44 src/lib/libc/stdlib/malloc.c
> > > _______________________________________________
> > >
> > > Does this fix the following error I get in GDB alot:
> > > Assertion failed: (mapelm.free == false), function arena_salloc, file
> > > /usr/src/lib/libc/stdlib/malloc.c, line 2355.
> >
> > That assertion failure is likely due to an application bug, specifically
> > a double free.
>
> Yes. I fixed at least one double free in gdb a while back and sent the
> patch
> to obrien@ and marcel@ but never heard back.
>
> Here's the original message I sent:
>
> <quote type="email" subject="gdb bug">
> Tracked down and fixed a bug in ports/gdb6 at work that we've been running
> into. It appears to apply to src/contrib/gdb as well. I assume you all
> are
> more familiar with gdb internals than I am, but there appears to be this
> target stack of "driver backends" (more or less). And at the top there is
> a
> dummy ¤t_target which is _not_ included in the global target_structs
> list (presumably on purpose). There is this function that realloc()'s a
> target's to_sections pointer and then goes through and updates all the
> other
> targets that are using the same pointer. The problem is that since
> current_target isn't in the global list, ¤t_target won't get updated
> if
> it's using the same value that is being realloc'd (the test case at work
> involved debugging apache, which makes heavy use of dlopen() and
> dlclose()).
> The patch below fixes the problem, and I thought I'd let you 2 see it to
> see
> if you wanted to do anything with it:
>
> --- gdb/target.c.orig Mon Aug 2 17:57:26 2004
> +++ gdb/target.c Mon Oct 30 15:07:51 2006
> @@ -1415,6 +1415,13 @@
> (*t)->to_sections_end = target->to_sections_end;
> }
> }
> +
> + /* JHB: Need to update current_target too. */
> + if (current_target.to_sections == old_value)
> + {
> + current_target.to_sections = target->to_sections;
> + current_target.to_sections_end = target->to_sections_end;
> + }
> }
>
> </quote>
>
> --
> John Baldwin
> _______________________________________________
> cvs-src@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/cvs-src
> To unsubscribe, send any mail to "cvs-src-unsubscribe@freebsd.org"
>
Thanks, this patch definitely fixes this crasher in my case... however I
have not researched the internals of GDB much to claim that this patch
doesn't have any nasty side-effects... for my other projects GDB seems to
work fine still. I'll defer to the more knowledgeable to determine if its a
safe change.
This was a pretty reliable GDB crash bug for me and this patch solved it,
thanks all.
--
Coleman Kane
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?346a80220702011129s7b1d976l523655cae9b7f903>