[Bug 7712] segfault in malloc()

bugzilla at busybox.net bugzilla at busybox.net
Thu Dec 18 08:34:11 UTC 2014


https://bugs.busybox.net/show_bug.cgi?id=7712

Andrew <nitr0 at seti.kr.ua> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Severity|minor                       |major

--- Comment #1 from Andrew <nitr0 at seti.kr.ua> 2014-12-18 08:34:10 UTC ---
Here is 2 backtraces:

#0  0xa77932ec in malloc (bytes=184) at
libc/stdlib/malloc-standard/malloc.c:944
#1  0x080777f8 in bird_xmalloc (size=184) at xmalloc.c:29
#2  0x0807724f in mb_alloc (p=0x94597f8, size=168) at resource.c:339
#3  0x08058f75 in bgp_new_bucket (hash=20169, new=0xafdec0a0, p=0x9446680) at
../../../proto/bgp/attrs.c:734
#4  bgp_get_bucket (p=p at entry=0x9446680, n=n at entry=0x951a6a0,
attrs=attrs at entry=0x94b4870, originate=0) at ../../../proto/bgp/attrs.c:861
#5  0x08059b0f in bgp_rt_notify (P=0x9446680, tbl=0x9443a58, n=0x951a6a0,
new=0x94524c4, old=0x0, attrs=0x94b4870) at ../../../proto/bgp/attrs.c:939
#6  0x0804a55f in do_rt_notify (ah=ah at entry=0x9570738, net=net at entry=0x951a6a0,
new=new at entry=0x94524c4, old=0x0, tmpa=0x0, refeed=0) at
../../nest/rt-table.c:346
#7  0x0804ab63 in rt_notify_basic (ah=ah at entry=0x9570738,
net=net at entry=0x951a6a0, new=new at entry=0x94524c4, old=0x0, tmpa=0x0, refeed=0)
at ../../nest/rt-table.c:393
#8  0x0804ac86 in rte_announce (tab=tab at entry=0x9443a58, type=type at entry=1,
net=net at entry=0x951a6a0, new=0x94524c4, old=0x0, before_old=0x0, tmpa=0x0)
    at ../../nest/rt-table.c:580
#9  0x0804b0cc in rte_recalculate (ah=ah at entry=0x9548118,
net=net at entry=0x951a6a0, new=0x94524c4, tmpa=0x0, src=0x944e7f4) at
../../nest/rt-table.c:886
#10 0x0804b664 in rte_update2 (ah=0x9548118, net=0x951a6a0, new=0x94524c4,
src=0x944e7f4) at ../../nest/rt-table.c:1053
#11 0x0805c024 in bgp_rte_withdraw (src=<optimized out>, last_id=<optimized
out>, path_id=<optimized out>, pxlen=<optimized out>, prefix=<optimized out>, 
    p=<optimized out>) at ../../../proto/bgp/packets.c:1024
#12 bgp_do_rx_update (attr_len=<optimized out>, attrs=<optimized out>,
nlri_len=24, 
    nlri=0x94d82a5
"\024\260l`\030\301]\021\023\260l`\030\301]\020\030\301]\022\026\301]\020",
'\377' <repeats 16 times>, withdrawn_len=<optimized out>, 
    withdrawn=<optimized out>, conn=0x9447d7c) at
../../../proto/bgp/packets.c:1130
#13 bgp_rx_update (len=<optimized out>, pkt=<optimized out>, conn=0x9447d7c) at
../../../proto/bgp/packets.c:1303
#14 bgp_rx_packet (len=<optimized out>, pkt=<optimized out>, conn=0x9447d7c) at
../../../proto/bgp/packets.c:1524
#15 bgp_rx (sk=0x94c12d8, size=1448) at ../../../proto/bgp/packets.c:1569
#16 0x08071f65 in sk_read (s=0x94c12d8) at io.c:1734
#17 0x08072694 in io_loop () at io.c:1975
#18 0x08049dee in main (argc=2, argv=0xafdec794) at main.c:825


(gdb) bt
#0  0xa77aa817 in malloc (bytes=184) at
libc/stdlib/malloc-standard/malloc.c:1153
#1  0x080777f8 in bird_xmalloc ()
#2  0x0807724f in mb_alloc ()
#3  0x08058f75 in bgp_get_bucket ()
#4  0x08059b0f in bgp_rt_notify ()
#5  0x0804a55f in do_rt_notify ()
#6  0x0804ab63 in rt_notify_basic ()
#7  0x0804ac86 in rte_announce ()
#8  0x0804b0cc in rte_recalculate ()
#9  0x0804b664 in rte_update2 ()
#10 0x0805c024 in bgp_rx ()
#11 0x08071f65 in sk_read ()
#12 0x08072694 in io_loop ()
#13 0x08049dee in main ()

Coredump from first trac is in attach.

Bird compiled with glibc doesn't crash.

-- 
Configure bugmail: https://bugs.busybox.net/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


More information about the uClibc-cvs mailing list