[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
double free or corruption in base Rev. 39909 2016-06-22 16:14:05
|
From: |
Pirmin Braun |
|
Subject: |
double free or corruption in base Rev. 39909 2016-06-22 16:14:05 |
|
Date: |
Thu, 23 Jun 2016 15:43:34 +0200 |
Hi, I've isolated a strange crash, see attached test program. It's perfectly
reproducable.
When calling mysql_real_query(...) with a certain sql string this will happen:
*** Error in
`/usr/GNUstep/Local/Projects/Test_MariaDB_ObjC/obj/Test_MariaDB_ObjC': double
free or corruption (!prev): 0x00000000007d82d0 ***
Program received signal SIGABRT, Aborted.
0x00007ffff66ba107 in __GI_raise (address@hidden) at
../nptl/sysdeps/unix/sysv/linux/raise.c:56
56 ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0 0x00007ffff66ba107 in __GI_raise (address@hidden) at
../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1 0x00007ffff66bb4e8 in __GI_abort () at abort.c:89
#2 0x00007ffff66f8204 in __libc_message (address@hidden, address@hidden "***
Error in `%s': %s: 0x%s ***\n")
at ../sysdeps/posix/libc_fatal.c:175
#3 0x00007ffff66fd9de in malloc_printerr (action=1, str=0x7ffff67eb0e8 "double
free or corruption (!prev)", ptr=<optimized out>) at malloc.c:4996
#4 0x00007ffff66fe6e6 in _int_free (av=<optimized out>, p=<optimized out>,
have_lock=0) at malloc.c:3840
#5 0x00007ffff73a5026 in ?? () from /usr/lib/x86_64-linux-gnu/libmariadb.so.2
#6 0x00007ffff73a2f1d in ?? () from /usr/lib/x86_64-linux-gnu/libmariadb.so.2
#7 0x00007ffff739b194 in ?? () from /usr/lib/x86_64-linux-gnu/libmariadb.so.2
#8 0x00007ffff739b62e in ?? () from /usr/lib/x86_64-linux-gnu/libmariadb.so.2
#9 0x00007ffff739c8bc in ?? () from /usr/lib/x86_64-linux-gnu/libmariadb.so.2
#10 0x00007ffff739cb97 in mysql_real_query () from
/usr/lib/x86_64-linux-gnu/libmariadb.so.2
#11 0x0000000000400bac in executeSQL (sql=0x602460 <_OBJC_INSTANCE_5>,
sock=0x64c780) at Test_MariaDB_ObjC_main.m:49
#12 0x0000000000400d06 in main (argc=1, argv=0x7fffffffe068) at
Test_MariaDB_ObjC_main.m:86
I've debugged the -[NSString dataUsingEncoding:...] method but found nothing
suspicious.
I think, it's not a MariaDB problem since I've implemented the same with plain
C where it doesn't crash. The funny thing is, it depends on the sql string.
Length doesn't matter. But the order of the fields does. And the table alias
does. And when leaving out the "swift" field, it won't crash. I've included a
slightly modified sql string which won't crash.
that's my test-environment:
debian_version 8.2
mysql Ver 15.1 Distrib 10.0.20-MariaDB, for debian-linux-gnu (x86_64) using
readline 5.2
base http://svn.gna.org/svn/gnustep/libs/base/trunk Rev. 39909 2016-06-22
16:14:05
Btw, on debian 6.0.7 with 32 bit and Rev. 23034 it doesn't crash.
To try yourself, extract the zip into
/usr/GNUstep/Local/Projects/Test_MariaDB_ObjC. Then create a database
intars_000141 with the dump.
cd /usr/GNUstep/Local/Projects/Test_MariaDB_ObjC
make
gdb obj/Test_MariaDB_ObjC
r
--
Pirmin Braun - IntarS Unternehmenssoftware GmbH - Creidlitzer Straße 106, 96450
Coburg
+49 2642 40526292 +49 174 9747584 - skype:pirminb www.intars.de address@hidden
Geschäftsführer: Pirmin Braun, Ralf Engelhardt Registergericht: Amtsgericht
Coburg HRB3136
GNUstep_crash.zip
Description: Zip archive
- double free or corruption in base Rev. 39909 2016-06-22 16:14:05,
Pirmin Braun <=