[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug #22045] 1.11.22 - Possible double free in login.c
From: |
Yuri Pankov |
Subject: |
[bug #22045] 1.11.22 - Possible double free in login.c |
Date: |
Fri, 18 Jan 2008 12:33:07 +0000 |
User-agent: |
Mozilla/5.0 (X11; U; FreeBSD amd64; en-US; rv:1.8.1.11) Gecko/20080117 Firefox/2.0.0.11 |
URL:
<http://savannah.nongnu.org/bugs/?22045>
Summary: 1.11.22 - Possible double free in login.c
Project: Concurrent Versions System
Submitted by: crsd
Submitted on: Friday 01/18/2008 at 12:33
Category: Bug Report
Severity: 3 - Normal
Item Group: None
Status: None
Privacy: Public
Assigned to: None
Open/Closed: Open
Discussion Lock: Any
Release:
Fixed Release: None
Fixed Feature Release: None
_______________________________________________________
Details:
`cvs login`:
login() -> connect_to_pserver() -> auth_server():
password = get_cvs_password ();
(get_cvs_password returns cvs_password from login.c if it's set)
...
free(password);
and, after that, in login(), cvs_password is free()'d again.
backtrace (FreeBSD):
(gdb) run login
Starting program: /usr/bin/cvs login
Logging in to :pserver:anoncvs@anoncvs.tw.freebsd.org:2401/home/ncvs
CVS password:
Assertion failed: ((run->regs_mask[elm] & (1U << bit)) == 0), function
arena_run_reg_dalloc, file /usr/src/lib/libc/stdlib/malloc.c, line 2197.
Program received signal SIGABRT, Aborted.
0x00000008013f53cc in kill () at kill.S:2
2 RSYSCALL(kill)
Current language: auto; currently asm
(gdb) bt full
#0 0x00000008013f53cc in kill () at kill.S:2
No locals.
#1 0x00000008013f423b in abort () at /usr/src/lib/libc/stdlib/abort.c:65
act = {__sigaction_u = {__sa_handler = 0x90, __sa_sigaction = 0x90},
sa_flags = 8, sa_mask = {__bits = {4294967263,
4294967295, 4294967295, 4294967295}}}
#2 0x00000008013dd225 in __assert (func=0x5b19 <Error reading address
0x5b19: Bad address>,
file=0x6 <Error reading address 0x6: Bad address>, line=0,
failedexpr=0x0) at /usr/src/lib/libc/gen/assert.c:54
No locals.
#3 0x0000000801383bf3 in arena_dalloc_small (arena=0x589e70, chunk=Variable
"chunk" is not available.
) at /usr/src/lib/libc/stdlib/malloc.c:2197
run = (arena_run_t *) 0x601000
bin = (arena_bin_t *) 0x589fe8
size = 16
__func__ = "arena_dalloc_small"
#4 0x0000000801383ea6 in idalloc (ptr=0x6012a0) at
/usr/src/lib/libc/stdlib/malloc.c:3097
chunk = (arena_chunk_t *) 0x600000
__func__ = "idalloc"
#5 0x0000000801384177 in free (ptr=0x6012a0) at
/usr/src/lib/libc/stdlib/malloc.c:4571
__func__ = "free"
#6 0x0000000000429be7 in login (argc=Variable "argc" is not available.
) at /usr/src/gnu/usr.bin/cvs/cvs/../../../../contrib/cvs/src/login.c:576
typed_password = 0x601290 'Z' <repeats 64 times>
cvsroot_canonical = 0x613300
":pserver:anoncvs@anoncvs.tw.freebsd.org:2401/home/ncvs"
#7 0x000000000042c578 in main (argc=1, argv=0x7fffffffe668)
at /usr/src/gnu/usr.bin/cvs/cvs/../../../../contrib/cvs/src/main.c:1010
n = (Node *) 0x6131c0
CVSroot_parsed = Variable "CVSroot_parsed" is not available.
_______________________________________________________
Reply to this item at:
<http://savannah.nongnu.org/bugs/?22045>
_______________________________________________
Message sent via/by Savannah
http://savannah.nongnu.org/
- [bug #22045] 1.11.22 - Possible double free in login.c,
Yuri Pankov <=