bug-guix
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#26976: On Hydra, offload crashes while trying to build linux-libre s

From: Ludovic Courtès
Subject: bug#26976: On Hydra, offload crashes while trying to build linux-libre source
Date: Fri, 19 May 2017 00:00:24 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux) 
Hi Mark,

(Cc: Artyom.  Artyom, this is about what looks like a bug in Guile-SSH
when used with Guile 2.2; see <https://bugs.gnu.org/26976>.)

Mark H Weaver <address@hidden> skribis:

> *** Error in 
> `/gnu/store/5zx29y44nrqj0s8h3jlvlj82k8hj4dxs-guile-2.2.2/bin/guile': 
> realloc(): invalid next size: 0x00000000024617d0 ***
> ======= Backtrace: =========
> /gnu/store/rmjlycdgiq8pfy5hfi42qhw3k7p6kdav-glibc-2.25/lib/libc.so.6(+0x70fd5)[0x7f77e8343fd5]
> /gnu/store/rmjlycdgiq8pfy5hfi42qhw3k7p6kdav-glibc-2.25/lib/libc.so.6(+0x773a6)[0x7f77e834a3a6]
> /gnu/store/rmjlycdgiq8pfy5hfi42qhw3k7p6kdav-glibc-2.25/lib/libc.so.6(+0x7a3a9)[0x7f77e834d3a9]
> /gnu/store/rmjlycdgiq8pfy5hfi42qhw3k7p6kdav-glibc-2.25/lib/libc.so.6(realloc+0x156)[0x7f77e834e6e6]
> /gnu/store/vlc43y485v80sgq7iw60hzy4pw5r52d2-libssh-0.7.4/lib/libssh.so.4(+0xdc6b)[0x7f77e2e24c6b]
> /gnu/store/vlc43y485v80sgq7iw60hzy4pw5r52d2-libssh-0.7.4/lib/libssh.so.4(+0xddce)[0x7f77e2e24dce]
> /gnu/store/vlc43y485v80sgq7iw60hzy4pw5r52d2-libssh-0.7.4/lib/libssh.so.4(+0xe50a)[0x7f77e2e2550a]
> /gnu/store/vlc43y485v80sgq7iw60hzy4pw5r52d2-libssh-0.7.4/lib/libssh.so.4(+0xe7b2)[0x7f77e2e257b2]
> /gnu/store/vlc43y485v80sgq7iw60hzy4pw5r52d2-libssh-0.7.4/lib/libssh.so.4(ssh_channel_close+0x47)[0x7f77e2e27f87]
> /gnu/store/avy681pwf979kbwiv9k75c5h7jdink2c-guile2.2-ssh-0.11.0/lib/libguile-ssh.so.11(+0xa597)[0x7f77e3290597]
> /gnu/store/5zx29y44nrqj0s8h3jlvlj82k8hj4dxs-guile-2.2.2/lib/libguile-2.2.so.1(+0x83785)[0x7f77e9f00785]

This looks like a double-free and ‘ssh_channel_close’ has only one call
site, which is ‘ptob_close’, the ‘close’ function for the channel port
type in Guile-SSH.

I’m quite confident that the attached patch fixes the problem.  However,
I haven’t found a scenario in Guile 2.2 where the ‘close’ method could
be called more than once, and I cannot reproduce the bug on my machine.
Thoughts?

I suggest applying it to the ‘guile-ssh’ package in Guix.

Thanks,
Ludo’.


diff --git a/libguile-ssh/channel-type.c b/libguile-ssh/channel-type.c
index 3dd641f..0839854 100644
--- a/libguile-ssh/channel-type.c
+++ b/libguile-ssh/channel-type.c
@@ -229,10 +229,11 @@ ptob_close (SCM channel)
       ssh_channel_free (ch->ssh_channel);
     }
 
+  SCM_SETSTREAM (channel, NULL);
+
 #if USING_GUILE_BEFORE_2_2
   scm_gc_free (pt->write_buf, pt->write_buf_size, "port write buffer");
   scm_gc_free (pt->read_buf,  pt->read_buf_size, "port read buffer");
-  SCM_SETSTREAM (channel, NULL);
 
   return 0;
 #endif
diff --git a/libguile-ssh/sftp-file-type.c b/libguile-ssh/sftp-file-type.c
index 8879924..f87cf03 100644
--- a/libguile-ssh/sftp-file-type.c
+++ b/libguile-ssh/sftp-file-type.c
@@ -224,10 +224,11 @@ ptob_close (SCM sftp_file)
       sftp_close (fd->file);
     }
 
+  SCM_SETSTREAM (sftp_file, NULL);
+
 #if USING_GUILE_BEFORE_2_2
   scm_gc_free (pt->write_buf, pt->write_buf_size, "port write buffer");
   scm_gc_free (pt->read_buf,  pt->read_buf_size, "port read buffer");
-  SCM_SETSTREAM (sftp_file, NULL);
 
   return 1;
 #endif
reply via email to
[Prev in Thread] Current Thread [Next in Thread]