Debian Bug report logs - #550625
libc6: Realloc sometimes fails to copy all memory correctly

version graph

Package: libc6; Maintainer for libc6 is GNU Libc Maintainers <debian-glibc@lists.debian.org>; Source for libc6 is src:eglibc.

Reported by: Sebastian Hahn <shahn@sebastianhahn.net>

Date: Sun, 11 Oct 2009 16:31:36 UTC

Severity: normal

Found in version glibc/2.7-18

Fixed in versions 2.9-1, glibc/2.7-18lenny1

Done: Aurelien Jarno <aurel32@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, GNU Libc Maintainers <debian-glibc@lists.debian.org>:
Bug#550625; Package libc6. (Sun, 11 Oct 2009 16:31:39 GMT) Full text and rfc822 format available.

Acknowledgement sent to Sebastian Hahn <shahn@sebastianhahn.net>:
New Bug report received and forwarded. Copy sent to GNU Libc Maintainers <debian-glibc@lists.debian.org>. (Sun, 11 Oct 2009 16:31:39 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Sebastian Hahn <shahn@sebastianhahn.net>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: libc6: Realloc sometimes fails to copy all memory correctly
Date: Sun, 11 Oct 2009 16:42:35 +0200
Package: libc6
Version: 2.7-18
Severity: normal

I've been trying to track down a bug that became apparent when using Tor. Sometimes,
realloc apparently failed to copy the last few bytes of a buffer over when it enlarged
said buffer.

I've done some digging, and came across a bugreport about the issue:
http://sources.redhat.com/bugzilla/show_bug.cgi?id=10018 

Also, I found a glibc bugreport with an attached patch to
fix the problem, but the patch was rejected by the glibc maintainer:
http://sources.redhat.com/bugzilla/show_bug.cgi?id=5743
a few months later though, the fix was applied:
http://repo.or.cz/w/glibc.git?a=commitdiff;h=486bdb886330a250af76cbb12af55d2c67ec0981

I checked Lenny's sources, and the offending line in malloc.c is the same as in
the bugreports above, Squeeze, due to updating to a newer version of libc,
doesn't have it.

I'm not sure why the test programs referenced don't trigger the bug on Lenny
for me, but when patching the Tor source to manually compare the last few bytes
of a buffer before it is realloc'ed to afterwards exhibits the issue.


-- System Information:
Debian Release: 5.0.3
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-1-686-bigmem (SMP w/2 CPU cores)
Locale: LANG=en_US.ISO-8859-15, LC_CTYPE=en_US.ISO-8859-15 (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

Versions of packages libc6 depends on:
ii  libgcc1                      1:4.3.2-1.1 GCC support library

libc6 recommends no packages.

Versions of packages libc6 suggests:
pn  glibc-doc                     <none>     (no description available)
ii  libc6-i686                    2.7-18     GNU C Library: Shared libraries [i
ii  locales                       2.7-18     GNU C Library: National Language (

-- debconf information excluded





Information forwarded to debian-bugs-dist@lists.debian.org, GNU Libc Maintainers <debian-glibc@lists.debian.org>:
Bug#550625; Package libc6. (Sun, 11 Oct 2009 17:06:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Peter Palfrader <weasel@debian.org>:
Extra info received and forwarded to list. Copy sent to GNU Libc Maintainers <debian-glibc@lists.debian.org>. (Sun, 11 Oct 2009 17:06:05 GMT) Full text and rfc822 format available.

Message #10 received at 550625@bugs.debian.org (full text, mbox):

From: Peter Palfrader <weasel@debian.org>
To: 550625@bugs.debian.org
Cc: Sebastian Hahn <shahn@sebastianhahn.net>
Subject: Re: libc6: Realloc sometimes fails to copy all memory correctly
Date: Sun, 11 Oct 2009 19:02:21 +0200
On Sun, 11 Oct 2009, Sebastian Hahn wrote:

> I'm not sure why the test programs referenced don't trigger the bug on Lenny
> for me, but when patching the Tor source to manually compare the last few bytes
> of a buffer before it is realloc'ed to afterwards exhibits the issue.

It triggers for me on an 8-way amd64 system.  Not always immediatly, but
still:

| weasel@thelma:~/glibc$ for i in `seq 1 20`; do time ./a.out; done
| a.out: corruption.c:17: MyThread: Assertion `array[i] == i % 256' failed.
| zsh: abort      ./a.out
| ./a.out  108.72s user 54.81s system 625% cpu 26.156 total

| a.out: corruption.c:17: MyThread: Assertion `array[i] == i % 256' failed.
| zsh: abort      ./a.out
| ./a.out  36.09s user 14.28s system 574% cpu 8.768 total

| a.out: corruption.c:17: MyThread: Assertion `array[i] == i % 256' failed.
| zsh: abort      ./a.out
| ./a.out  253.12s user 150.59s system 682% cpu 59.130 total

| a.out: corruption.c:17: MyThread: Assertion `array[i] == i % 256' failed.
| zsh: abort      ./a.out
| ./a.out  10.16s user 4.25s system 592% cpu 2.433 total

| a.out: corruption.c:17: MyThread: Assertion `array[i] == i % 256' failed.
| zsh: abort      ./a.out
| ./a.out  882.75s user 536.88s system 686% cpu 3:26.85 total

| a.out: corruption.c:17: MyThread: Assertion `array[i] == i % 256' failed.
| zsh: abort      ./a.out
| ./a.out  62.60s user 30.41s system 633% cpu 14.686 total

| a.out: corruption.c:17: MyThread: Assertion `array[i] == i % 256' failed.
| zsh: abort      ./a.out
| ./a.out  4.06s user 1.66s system 548% cpu 1.043 total

| a.out: corruption.c:17: MyThread: Assertion `array[i] == i % 256' failed.
| zsh: abort      ./a.out
| ./a.out  63.52s user 29.28s system 617% cpu 15.022 total

| a.out: corruption.c:17: MyThread: Assertion `array[i] == i % 256' failed.
| zsh: abort      ./a.out
| ./a.out  129.03s user 76.84s system 647% cpu 31.795 total

| a.out: corruption.c:17: MyThread: Assertion `array[i] == i % 256' failed.
| zsh: abort      ./a.out
| ./a.out  4.94s user 2.62s system 605% cpu 1.248 total

| a.out: corruption.c:17: MyThread: Assertion `array[i] == i % 256' failed.
| zsh: abort      ./a.out
| ./a.out  144.48s user 76.03s system 651% cpu 33.822 total

| a.out: corruption.c:17: MyThread: Assertion `array[i] == i % 256' failed.
| zsh: abort      ./a.out
| ./a.out  1668.76s user 911.53s system 696% cpu 6:10.36 total

| a.out: corruption.c:17: MyThread: Assertion `array[i] == i % 256' failed.
| zsh: abort      ./a.out
| ./a.out  250.74s user 159.60s system 673% cpu 1:00.97 total

...

-- 
                           |  .''`.  ** Debian GNU/Linux **
      Peter Palfrader      | : :' :      The  universal
 http://www.palfrader.org/ | `. `'      Operating System
                           |   `-    http://www.debian.org/




Information forwarded to debian-bugs-dist@lists.debian.org, GNU Libc Maintainers <debian-glibc@lists.debian.org>:
Bug#550625; Package libc6. (Sun, 11 Oct 2009 18:30:08 GMT) Full text and rfc822 format available.

Acknowledgement sent to Peter Palfrader <weasel@debian.org>:
Extra info received and forwarded to list. Copy sent to GNU Libc Maintainers <debian-glibc@lists.debian.org>. (Sun, 11 Oct 2009 18:30:08 GMT) Full text and rfc822 format available.

Message #15 received at 550625@bugs.debian.org (full text, mbox):

From: Peter Palfrader <weasel@debian.org>
To: 550625@bugs.debian.org
Cc: Sebastian Hahn <shahn@sebastianhahn.net>
Subject: Re: Bug#550625: libc6: Realloc sometimes fails to copy all memory correctly
Date: Sun, 11 Oct 2009 20:28:26 +0200
On Sun, 11 Oct 2009, Peter Palfrader wrote:

> On Sun, 11 Oct 2009, Sebastian Hahn wrote:
> 
> > I'm not sure why the test programs referenced don't trigger the bug on Lenny
> > for me, but when patching the Tor source to manually compare the last few bytes
> > of a buffer before it is realloc'ed to afterwards exhibits the issue.
> 
> It triggers for me on an 8-way amd64 system.  Not always immediatly, but
> still:
> 
> | weasel@thelma:~/glibc$ for i in `seq 1 20`; do time ./a.out; done
> | a.out: corruption.c:17: MyThread: Assertion `array[i] == i % 256' failed.
> | zsh: abort      ./a.out
> | ./a.out  108.72s user 54.81s system 625% cpu 26.156 total

So, I rebuilt glibc on that box with the linked patch and that
corruption.c test seems to no longer fail assertions.


diff -u glibc-2.7/debian/changelog glibc-2.7/debian/changelog
--- glibc-2.7/debian/changelog
+++ glibc-2.7/debian/changelog
@@ -1,3 +1,10 @@
+glibc (2.7-18aaa.weasel.2) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * Add 486bdb886330a250af76cbb12af55d2c67ec0981.
+
+ -- Peter Palfrader <weasel@came.sbg.ac.at>  Sun, 11 Oct 2009 19:50:05 +0200
+
 glibc (2.7-18) unstable; urgency=low
 
   * patches/localedata/mt_MT_euro.diff, patches/localedata/el_CY_euro.diff:
diff -u glibc-2.7/debian/patches/series glibc-2.7/debian/patches/series
--- glibc-2.7/debian/patches/series
+++ glibc-2.7/debian/patches/series
@@ -233,0 +234,2 @@
+
+any/486bdb886330a250af76cbb12af55d2c67ec0981.diff -p1
only in patch2:
unchanged:
--- glibc-2.7.orig/debian/patches/any/486bdb886330a250af76cbb12af55d2c67ec0981.diff
+++ glibc-2.7/debian/patches/any/486bdb886330a250af76cbb12af55d2c67ec0981.diff
@@ -0,0 +1,22 @@
+2008-11-02  Ulrich Drepper  <drepper@redhat.com>
+
+	* malloc/malloc.c (public_rEALLOc): When new arena is used, copy
+	really all bytes.  Patch by Denys Vlasenko <dvlasenk@redhat.com>.
+
+http://repo.or.cz/w/glibc.git?a=commitdiff_plain;h=486bdb886330a250af76cbb12af55d2c67ec0981
+
+Only the malloc/mallo.c hunk - the sunrpc/rpc_main.c is already included.
+
+diff --git a/malloc/malloc.c b/malloc/malloc.c
+index feca2cb..d6102a4 100644
+--- a/malloc/malloc.c
++++ b/malloc/malloc.c
+@@ -3717,7 +3717,7 @@ public_rEALLOc(Void_t* oldmem, size_t bytes)
+       newp = public_mALLOc(bytes);
+       if (newp != NULL)
+ 	{
+-	  MALLOC_COPY (newp, oldmem, oldsize - 2 * SIZE_SZ);
++	  MALLOC_COPY (newp, oldmem, oldsize - SIZE_SZ);
+ #if THREAD_STATS
+ 	  if(!mutex_trylock(&ar_ptr->mutex))
+ 	    ++(ar_ptr->stat_lock_direct);


[the interdiff also lists a couple of debian/control.in/* files]
-- 
                           |  .''`.  ** Debian GNU/Linux **
      Peter Palfrader      | : :' :      The  universal
 http://www.palfrader.org/ | `. `'      Operating System
                           |   `-    http://www.debian.org/




Information forwarded to debian-bugs-dist@lists.debian.org, GNU Libc Maintainers <debian-glibc@lists.debian.org>:
Bug#550625; Package libc6. (Sun, 11 Oct 2009 23:12:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Michael Banck <mbanck@debian.org>:
Extra info received and forwarded to list. Copy sent to GNU Libc Maintainers <debian-glibc@lists.debian.org>. (Sun, 11 Oct 2009 23:12:05 GMT) Full text and rfc822 format available.

Message #20 received at 550625@bugs.debian.org (full text, mbox):

From: Michael Banck <mbanck@debian.org>
To: Peter Palfrader <weasel@debian.org>, 550625@bugs.debian.org
Subject: Re: Bug#550625: libc6: Realloc sometimes fails to copy all memory correctly
Date: Mon, 12 Oct 2009 00:45:42 +0200
On Sun, Oct 11, 2009 at 08:28:26PM +0200, Peter Palfrader wrote:
> +Only the malloc/mallo.c hunk - the sunrpc/rpc_main.c is already included.

I guess that one was just a Uli fumble, he accidently committed it
along.


Michael




Information forwarded to debian-bugs-dist@lists.debian.org, GNU Libc Maintainers <debian-glibc@lists.debian.org>:
Bug#550625; Package libc6. (Mon, 12 Oct 2009 05:36:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Aurelien Jarno <aurelien@aurel32.net>:
Extra info received and forwarded to list. Copy sent to GNU Libc Maintainers <debian-glibc@lists.debian.org>. (Mon, 12 Oct 2009 05:36:02 GMT) Full text and rfc822 format available.

Message #25 received at 550625@bugs.debian.org (full text, mbox):

From: Aurelien Jarno <aurelien@aurel32.net>
To: Michael Banck <mbanck@debian.org>, 550625@bugs.debian.org
Cc: Peter Palfrader <weasel@debian.org>
Subject: Re: Bug#550625: libc6: Realloc sometimes fails to copy all memory correctly
Date: Mon, 12 Oct 2009 07:31:40 +0200
On Mon, Oct 12, 2009 at 12:45:42AM +0200, Michael Banck wrote:
> On Sun, Oct 11, 2009 at 08:28:26PM +0200, Peter Palfrader wrote:
> > +Only the malloc/mallo.c hunk - the sunrpc/rpc_main.c is already included.
> 
> I guess that one was just a Uli fumble, he accidently committed it
> along.
> 

It is most probably the CVS to GIT conversion that has aggregated a lot
of commits.

-- 
Aurelien Jarno	                        GPG: 1024D/F1BCDB73
aurelien@aurel32.net                 http://www.aurel32.net




Information forwarded to debian-bugs-dist@lists.debian.org, GNU Libc Maintainers <debian-glibc@lists.debian.org>:
Bug#550625; Package libc6. (Mon, 12 Oct 2009 09:42:13 GMT) Full text and rfc822 format available.

Acknowledgement sent to Aurelien Jarno <aurelien@aurel32.net>:
Extra info received and forwarded to list. Copy sent to GNU Libc Maintainers <debian-glibc@lists.debian.org>. (Mon, 12 Oct 2009 09:42:13 GMT) Full text and rfc822 format available.

Message #30 received at 550625@bugs.debian.org (full text, mbox):

From: Aurelien Jarno <aurelien@aurel32.net>
To: debian-release@lists.debian.org
Cc: 550625@bugs.debian.org
Subject: [Stable] Bug#550625: libc6: Realloc sometimes fails to copy all memory correctly
Date: Mon, 12 Oct 2009 11:10:50 +0200
Hi stable release managers,

Would it be possible to do a stable upload to fix this problem (see
below)?

Cheers,
Aurelien

On Sun, Oct 11, 2009 at 04:42:35PM +0200, Sebastian Hahn wrote:
> Package: libc6
> Version: 2.7-18
> Severity: normal
> 
> I've been trying to track down a bug that became apparent when using Tor. Sometimes,
> realloc apparently failed to copy the last few bytes of a buffer over when it enlarged
> said buffer.
> 
> I've done some digging, and came across a bugreport about the issue:
> http://sources.redhat.com/bugzilla/show_bug.cgi?id=10018 
> 
> Also, I found a glibc bugreport with an attached patch to
> fix the problem, but the patch was rejected by the glibc maintainer:
> http://sources.redhat.com/bugzilla/show_bug.cgi?id=5743
> a few months later though, the fix was applied:
> http://repo.or.cz/w/glibc.git?a=commitdiff;h=486bdb886330a250af76cbb12af55d2c67ec0981
> 
> I checked Lenny's sources, and the offending line in malloc.c is the same as in
> the bugreports above, Squeeze, due to updating to a newer version of libc,
> doesn't have it.
> 
> I'm not sure why the test programs referenced don't trigger the bug on Lenny
> for me, but when patching the Tor source to manually compare the last few bytes
> of a buffer before it is realloc'ed to afterwards exhibits the issue.
> 
> 
> -- System Information:
> Debian Release: 5.0.3
>   APT prefers stable
>   APT policy: (500, 'stable')
> Architecture: i386 (i686)
> 
> Kernel: Linux 2.6.26-1-686-bigmem (SMP w/2 CPU cores)
> Locale: LANG=en_US.ISO-8859-15, LC_CTYPE=en_US.ISO-8859-15 (charmap=ISO-8859-15)
> Shell: /bin/sh linked to /bin/bash
> 
> Versions of packages libc6 depends on:
> ii  libgcc1                      1:4.3.2-1.1 GCC support library
> 
> libc6 recommends no packages.
> 
> Versions of packages libc6 suggests:
> pn  glibc-doc                     <none>     (no description available)
> ii  libc6-i686                    2.7-18     GNU C Library: Shared libraries [i
> ii  locales                       2.7-18     GNU C Library: National Language (
> 
> -- debconf information excluded
> 
> 
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-glibc-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> 
> 

-- 
Aurelien Jarno	                        GPG: 1024D/F1BCDB73
aurelien@aurel32.net                 http://www.aurel32.net




Information forwarded to debian-bugs-dist@lists.debian.org, GNU Libc Maintainers <debian-glibc@lists.debian.org>:
Bug#550625; Package libc6. (Fri, 16 Oct 2009 14:06:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Adam D. Barratt" <adam@adam-barratt.org.uk>:
Extra info received and forwarded to list. Copy sent to GNU Libc Maintainers <debian-glibc@lists.debian.org>. (Fri, 16 Oct 2009 14:06:02 GMT) Full text and rfc822 format available.

Message #35 received at 550625@bugs.debian.org (full text, mbox):

From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
To: Aurelien Jarno <aurelien@aurel32.net>
Cc: debian-release@lists.debian.org, 550625@bugs.debian.org
Subject: Re: [Stable] Bug#550625: libc6: Realloc sometimes fails to copy all memory correctly
Date: Fri, 16 Oct 2009 15:02:42 +0100
Hi,

On Mon, 2009-10-12 at 11:10 +0200, Aurelien Jarno wrote: 
> Would it be possible to do a stable upload to fix this problem (see
> below)?

>From the bug log I'd say this should indeed be fixed in stable.  Please
could you supply the proposed debdiff for confirmation?

Thanks,

Adam




Information forwarded to debian-bugs-dist@lists.debian.org, GNU Libc Maintainers <debian-glibc@lists.debian.org>:
Bug#550625; Package libc6. (Fri, 16 Oct 2009 14:30:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Aurelien Jarno <aurelien@aurel32.net>:
Extra info received and forwarded to list. Copy sent to GNU Libc Maintainers <debian-glibc@lists.debian.org>. (Fri, 16 Oct 2009 14:30:03 GMT) Full text and rfc822 format available.

Message #40 received at 550625@bugs.debian.org (full text, mbox):

From: Aurelien Jarno <aurelien@aurel32.net>
To: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Cc: debian-release@lists.debian.org, 550625@bugs.debian.org
Subject: Re: [Stable] Bug#550625: libc6: Realloc sometimes fails to copy all memory correctly
Date: Fri, 16 Oct 2009 16:19:36 +0200
Adam D. Barratt a écrit :
> Hi,
> 
> On Mon, 2009-10-12 at 11:10 +0200, Aurelien Jarno wrote: 
>> Would it be possible to do a stable upload to fix this problem (see
>> below)?
> 
>>From the bug log I'd say this should indeed be fixed in stable.  Please
> could you supply the proposed debdiff for confirmation?

We plan to use the one from Peter Palfrader, see:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550625#15

-- 
Aurelien Jarno                          GPG: 1024D/F1BCDB73
aurelien@aurel32.net                 http://www.aurel32.net




Information forwarded to debian-bugs-dist@lists.debian.org, GNU Libc Maintainers <debian-glibc@lists.debian.org>:
Bug#550625; Package libc6. (Fri, 16 Oct 2009 15:18:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Adam D. Barratt" <adam@adam-barratt.org.uk>:
Extra info received and forwarded to list. Copy sent to GNU Libc Maintainers <debian-glibc@lists.debian.org>. (Fri, 16 Oct 2009 15:18:06 GMT) Full text and rfc822 format available.

Message #45 received at 550625@bugs.debian.org (full text, mbox):

From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
To: Aurelien Jarno <aurelien@aurel32.net>
Cc: debian-release@lists.debian.org, 550625@bugs.debian.org
Subject: Re: [Stable] Bug#550625: libc6: Realloc sometimes fails to copy all memory correctly
Date: Fri, 16 Oct 2009 16:10:01 +0100
On Fri, 2009-10-16 at 16:19 +0200, Aurelien Jarno wrote:
> Adam D. Barratt a écrit :
> > Hi,
> > 
> > On Mon, 2009-10-12 at 11:10 +0200, Aurelien Jarno wrote: 
> >> Would it be possible to do a stable upload to fix this problem (see
> >> below)?
> > 
> >>From the bug log I'd say this should indeed be fixed in stable.  Please
> > could you supply the proposed debdiff for confirmation?
> 
> We plan to use the one from Peter Palfrader, see:
> 
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550625#15

Please go ahead.

Regards,

Adam




Reply sent to Aurelien Jarno <aurelien@aurel32.net>:
You have taken responsibility. (Sun, 18 Oct 2009 15:12:10 GMT) Full text and rfc822 format available.

Notification sent to Sebastian Hahn <shahn@sebastianhahn.net>:
Bug acknowledged by developer. (Sun, 18 Oct 2009 15:12:10 GMT) Full text and rfc822 format available.

Message #50 received at 550625-done@bugs.debian.org (full text, mbox):

From: Aurelien Jarno <aurelien@aurel32.net>
To: 550625-done@bugs.debian.org
Subject: Re: libc6: Realloc sometimes fails to copy all memory correctly
Date: Sun, 18 Oct 2009 16:58:31 +0200
Version: 2.9-1

On Sun, Oct 11, 2009 at 04:42:35PM +0200, Sebastian Hahn wrote:
> Package: libc6
> Version: 2.7-18
> Severity: normal
> 
> I've been trying to track down a bug that became apparent when using Tor. Sometimes,
> realloc apparently failed to copy the last few bytes of a buffer over when it enlarged
> said buffer.
> 
> I've done some digging, and came across a bugreport about the issue:
> http://sources.redhat.com/bugzilla/show_bug.cgi?id=10018 
> 
> Also, I found a glibc bugreport with an attached patch to
> fix the problem, but the patch was rejected by the glibc maintainer:
> http://sources.redhat.com/bugzilla/show_bug.cgi?id=5743
> a few months later though, the fix was applied:
> http://repo.or.cz/w/glibc.git?a=commitdiff;h=486bdb886330a250af76cbb12af55d2c67ec0981
> 
> I checked Lenny's sources, and the offending line in malloc.c is the same as in
> the bugreports above, Squeeze, due to updating to a newer version of libc,
> doesn't have it.
> 

Marking the bug as fixed in version 2.9-1. A new version will be
uploaded to lenny with this fix.

-- 
Aurelien Jarno                          GPG: 1024D/F1BCDB73
aurelien@aurel32.net                 http://www.aurel32.net




Added tag(s) pending. Request was from Aurelien Jarno <aurel32@alioth.debian.org> to control@bugs.debian.org. (Sun, 18 Oct 2009 15:18:10 GMT) Full text and rfc822 format available.

Reply sent to Aurelien Jarno <aurel32@debian.org>:
You have taken responsibility. (Mon, 19 Oct 2009 02:09:11 GMT) Full text and rfc822 format available.

Notification sent to Sebastian Hahn <shahn@sebastianhahn.net>:
Bug acknowledged by developer. (Mon, 19 Oct 2009 02:09:11 GMT) Full text and rfc822 format available.

Message #57 received at 550625-close@bugs.debian.org (full text, mbox):

From: Aurelien Jarno <aurel32@debian.org>
To: 550625-close@bugs.debian.org
Subject: Bug#550625: fixed in glibc 2.7-18lenny1
Date: Mon, 19 Oct 2009 01:58:03 +0000
Source: glibc
Source-Version: 2.7-18lenny1

We believe that the bug you reported is fixed in the latest version of
glibc, which is due to be installed in the Debian FTP archive:

glibc-doc_2.7-18lenny1_all.deb
  to pool/main/g/glibc/glibc-doc_2.7-18lenny1_all.deb
glibc-source_2.7-18lenny1_all.deb
  to pool/main/g/glibc/glibc-source_2.7-18lenny1_all.deb
glibc_2.7-18lenny1.diff.gz
  to pool/main/g/glibc/glibc_2.7-18lenny1.diff.gz
glibc_2.7-18lenny1.dsc
  to pool/main/g/glibc/glibc_2.7-18lenny1.dsc
libc6-dbg_2.7-18lenny1_amd64.deb
  to pool/main/g/glibc/libc6-dbg_2.7-18lenny1_amd64.deb
libc6-dev-i386_2.7-18lenny1_amd64.deb
  to pool/main/g/glibc/libc6-dev-i386_2.7-18lenny1_amd64.deb
libc6-dev_2.7-18lenny1_amd64.deb
  to pool/main/g/glibc/libc6-dev_2.7-18lenny1_amd64.deb
libc6-i386_2.7-18lenny1_amd64.deb
  to pool/main/g/glibc/libc6-i386_2.7-18lenny1_amd64.deb
libc6-pic_2.7-18lenny1_amd64.deb
  to pool/main/g/glibc/libc6-pic_2.7-18lenny1_amd64.deb
libc6-prof_2.7-18lenny1_amd64.deb
  to pool/main/g/glibc/libc6-prof_2.7-18lenny1_amd64.deb
libc6-udeb_2.7-18lenny1_amd64.udeb
  to pool/main/g/glibc/libc6-udeb_2.7-18lenny1_amd64.udeb
libc6_2.7-18lenny1_amd64.deb
  to pool/main/g/glibc/libc6_2.7-18lenny1_amd64.deb
libnss-dns-udeb_2.7-18lenny1_amd64.udeb
  to pool/main/g/glibc/libnss-dns-udeb_2.7-18lenny1_amd64.udeb
libnss-files-udeb_2.7-18lenny1_amd64.udeb
  to pool/main/g/glibc/libnss-files-udeb_2.7-18lenny1_amd64.udeb
locales-all_2.7-18lenny1_amd64.deb
  to pool/main/g/glibc/locales-all_2.7-18lenny1_amd64.deb
locales_2.7-18lenny1_all.deb
  to pool/main/g/glibc/locales_2.7-18lenny1_all.deb
nscd_2.7-18lenny1_amd64.deb
  to pool/main/g/glibc/nscd_2.7-18lenny1_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 550625@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Aurelien Jarno <aurel32@debian.org> (supplier of updated glibc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 18 Oct 2009 16:58:40 +0200
Source: glibc
Binary: glibc-doc glibc-source locales locales-all nscd libc6 libc6-dev libc6-dbg libc6-prof libc6-pic libc6-udeb libc6.1 libc6.1-dev libc6.1-dbg libc6.1-prof libc6.1-pic libc6.1-udeb libc0.3 libc0.3-dev libc0.3-dbg libc0.3-prof libc0.3-pic libc0.3-udeb libc0.1 libc0.1-dev libc0.1-dbg libc0.1-prof libc0.1-pic libc0.1-udeb libc6-i386 libc6-dev-i386 libc6-sparc64 libc6-dev-sparc64 libc6-s390x libc6-dev-s390x libc6-amd64 libc6-dev-amd64 libc6-powerpc libc6-dev-powerpc libc6-ppc64 libc6-dev-ppc64 libc6-mipsn32 libc6-dev-mipsn32 libc6-mips64 libc6-dev-mips64 libc0.1-i386 libc0.1-dev-i386 libc6-sparcv9b libc6-i686 libc6-xen libc0.1-i686 libc6.1-alphaev67 libnss-dns-udeb libnss-files-udeb
Architecture: source all amd64
Version: 2.7-18lenny1
Distribution: stable
Urgency: low
Maintainer: Aurelien Jarno <aurel32@debian.org>
Changed-By: Aurelien Jarno <aurel32@debian.org>
Description: 
 glibc-doc  - GNU C Library: Documentation
 glibc-source - GNU C Library: sources
 libc0.1    - GNU C Library: Shared libraries
 libc0.1-dbg - GNU C Library: Libraries with debugging symbols
 libc0.1-dev - GNU C Library: Development Libraries and Header Files
 libc0.1-dev-i386 - GNU C Library: 32bit development libraries for AMD64
 libc0.1-i386 - GNU C Library: 32bit shared libraries for AMD64
 libc0.1-i686 - GNU C Library: Shared libraries [i686 optimized]
 libc0.1-pic - GNU C Library: PIC archive library
 libc0.1-prof - GNU C Library: Profiling Libraries
 libc0.1-udeb - GNU C Library: Shared libraries - udeb (udeb)
 libc0.3    - GNU C Library: Shared libraries
 libc0.3-dbg - GNU C Library: Libraries with debugging symbols
 libc0.3-dev - GNU C Library: Development Libraries and Header Files
 libc0.3-pic - GNU C Library: PIC archive library
 libc0.3-prof - GNU C Library: Profiling Libraries
 libc0.3-udeb - GNU C Library: Shared libraries - udeb (udeb)
 libc6      - GNU C Library: Shared libraries
 libc6-amd64 - GNU C Library: 64bit Shared libraries for AMD64
 libc6-dbg  - GNU C Library: Libraries with debugging symbols
 libc6-dev  - GNU C Library: Development Libraries and Header Files
 libc6-dev-amd64 - GNU C Library: 64bit Development Libraries for AMD64
 libc6-dev-i386 - GNU C Library: 32bit development libraries for AMD64
 libc6-dev-mips64 - GNU C Library: 64bit Development Libraries for MIPS64
 libc6-dev-mipsn32 - GNU C Library: n32 Development Libraries for MIPS64
 libc6-dev-powerpc - GNU C Library: 32bit powerpc development libraries for ppc64
 libc6-dev-ppc64 - GNU C Library: 64bit Development Libraries for PowerPC64
 libc6-dev-s390x - GNU C Library: 64bit Development Libraries for IBM zSeries
 libc6-dev-sparc64 - GNU C Library: 64bit Development Libraries for UltraSPARC
 libc6-i386 - GNU C Library: 32bit shared libraries for AMD64
 libc6-i686 - GNU C Library: Shared libraries [i686 optimized]
 libc6-mips64 - GNU C Library: 64bit Shared libraries for MIPS64
 libc6-mipsn32 - GNU C Library: n32 Shared libraries for MIPS64
 libc6-pic  - GNU C Library: PIC archive library
 libc6-powerpc - GNU C Library: 32bit powerpc shared libraries for ppc64
 libc6-ppc64 - GNU C Library: 64bit Shared libraries for PowerPC64
 libc6-prof - GNU C Library: Profiling Libraries
 libc6-s390x - GNU C Library: 64bit Shared libraries for IBM zSeries
 libc6-sparc64 - GNU C Library: 64bit Shared libraries for UltraSPARC
 libc6-sparcv9b - GNU C Library: Shared libraries [v9b optimized]
 libc6-udeb - GNU C Library: Shared libraries - udeb (udeb)
 libc6-xen  - GNU C Library: Shared libraries [Xen version]
 libc6.1    - GNU C Library: Shared libraries
 libc6.1-alphaev67 - GNU C Library: Shared libraries (EV67 optimized)
 libc6.1-dbg - GNU C Library: Libraries with debugging symbols
 libc6.1-dev - GNU C Library: Development Libraries and Header Files
 libc6.1-pic - GNU C Library: PIC archive library
 libc6.1-prof - GNU C Library: Profiling Libraries
 libc6.1-udeb - GNU C Library: Shared libraries - udeb (udeb)
 libnss-dns-udeb - GNU C Library: NSS helper for DNS - udeb (udeb)
 libnss-files-udeb - GNU C Library: NSS helper for files - udeb (udeb)
 locales    - GNU C Library: National Language (locale) data [support]
 locales-all - GNU C Library: Precompiled locale data
 nscd       - GNU C Library: Name Service Cache Daemon
Closes: 550625
Changes: 
 glibc (2.7-18lenny1) stable; urgency=low
 .
   * patches/any/cvs-realloc.diff: fix bug in realloc() when enlarging a
     memory allocation.  Closes: bug#550625.
Checksums-Sha1: 
 35b8b9202c9db29b2488d80d742bdca25fc99281 2564 glibc_2.7-18lenny1.dsc
 a96a239067a90ee67ada339d98462bbb040c1449 744234 glibc_2.7-18lenny1.diff.gz
 9afc44f09b79db898f6239194b5f7516606a50e6 1628876 glibc-doc_2.7-18lenny1_all.deb
 b2df0f168503ceef3d235cf899c99b43e3de43cf 16002880 glibc-source_2.7-18lenny1_all.deb
 48ef9d459ab267141e714ee40797715f3112f515 4489578 locales_2.7-18lenny1_all.deb
 5933f5b58185a0e50cdae0c8dd4b23f00a7c5c72 4951028 libc6_2.7-18lenny1_amd64.deb
 2219e1641f7a8928ae9e39961b32435e2e209ec1 2500140 libc6-dev_2.7-18lenny1_amd64.deb
 b99e98854093f848a46b8cc29b109b2bbd87d176 1930422 libc6-prof_2.7-18lenny1_amd64.deb
 f4d8163900d4abce7e4d353dd9d25443672686e4 1466410 libc6-pic_2.7-18lenny1_amd64.deb
 aed83f6c27deef950d8ac08e126ce40f84feb31e 2802484 locales-all_2.7-18lenny1_amd64.deb
 09c4bfd8633dce5b74caca854bdf86b10b81c98f 3776080 libc6-i386_2.7-18lenny1_amd64.deb
 c5378c5fc00065b642b7da88ead9a45f4bff2834 1459272 libc6-dev-i386_2.7-18lenny1_amd64.deb
 e153b397ac4318e6a5bd95a73aa2b3ed4c61c07f 175080 nscd_2.7-18lenny1_amd64.deb
 6608a0e95794638efd8ba67bbf362df802ff8668 5325184 libc6-dbg_2.7-18lenny1_amd64.deb
 4e5484e34a494eefe14e000cac0674c5534a170d 1107422 libc6-udeb_2.7-18lenny1_amd64.udeb
 296d715d0e634904d551129b0354b3255e9c70b0 9426 libnss-dns-udeb_2.7-18lenny1_amd64.udeb
 376d9dbf7ac3a6bf99cf5c1c3d9f15fefccd2a9b 18314 libnss-files-udeb_2.7-18lenny1_amd64.udeb
Checksums-Sha256: 
 d1ecde375ab768133f022382719d8026f3c8b5aff5245257099bc8ddfeefa2f6 2564 glibc_2.7-18lenny1.dsc
 721cc2e486c7b3176f20bda37783d1f95dea8c56f4cdc966934e799e7ca860ea 744234 glibc_2.7-18lenny1.diff.gz
 31a52d01ef8a9c6afe8e0479891f1938594be60dc28f842879e124a413a082ab 1628876 glibc-doc_2.7-18lenny1_all.deb
 2dff32adf0f3ea61906bf36dbae36d0f7d9d221c0e784c64f64ece29c96dccef 16002880 glibc-source_2.7-18lenny1_all.deb
 2bede1973a8c7f7a98f911ecc9f5063d6b56515c2fd09f6f0962d1b482bf5916 4489578 locales_2.7-18lenny1_all.deb
 c0444fa084639a4e48f9d65e4fc60baf83b4b90df9dd46dd6f0b56f0508bf535 4951028 libc6_2.7-18lenny1_amd64.deb
 3ac3273d32c8e302bbd977ae6764fa1aa04f7b8068b8c9113cb5414cb3623971 2500140 libc6-dev_2.7-18lenny1_amd64.deb
 7ee91a4fccfb1f82a20bc47daf8e273df406fc1c29ebe9c1df342c25bf17b20a 1930422 libc6-prof_2.7-18lenny1_amd64.deb
 4603aa3c127bff6c998d57a365d9700695d9235d2c005cd5a5e7702a41a0b748 1466410 libc6-pic_2.7-18lenny1_amd64.deb
 352c3249c97f5fee7290f81cb7b96b15590ae608814b41c7bfeb341234a55bd0 2802484 locales-all_2.7-18lenny1_amd64.deb
 73682a1ec6a28518c6da21719d77e367bb66b80403fe9f06672da61cbd3feb4e 3776080 libc6-i386_2.7-18lenny1_amd64.deb
 b1bd285ebca1920d1b08e366a7f07ce969bece198dda78dab2e48fecc80c7f57 1459272 libc6-dev-i386_2.7-18lenny1_amd64.deb
 52353b3b5c9b79ce889917b6fd21b168d7b600e99fbc89640cd682d715db30fc 175080 nscd_2.7-18lenny1_amd64.deb
 c1c24d8b454193f3ada641f13f23017b11081d059002b739f4bf47912915cdc3 5325184 libc6-dbg_2.7-18lenny1_amd64.deb
 0d2a41921a775a5cb8ebfb8249c60c209b1619801d606d892d3f67135131a7d8 1107422 libc6-udeb_2.7-18lenny1_amd64.udeb
 4af6370bb06f42fc8cdbb87a1b5cc8b0537d627ef7ff935ce271f5379cb1535f 9426 libnss-dns-udeb_2.7-18lenny1_amd64.udeb
 be882573b1838cd3a5b022ae87899b62a92a11f7cd2e7cb4bce573b14318a99b 18314 libnss-files-udeb_2.7-18lenny1_amd64.udeb
Files: 
 08ef79a5b0849797cc8784a3efae7498 2564 libs required glibc_2.7-18lenny1.dsc
 e9db81fb8470b2bf805f0ccae98592ba 744234 libs required glibc_2.7-18lenny1.diff.gz
 8bde5cd0b14a4b465257e2c656f48dde 1628876 doc optional glibc-doc_2.7-18lenny1_all.deb
 a7a82135cf07ca3e12081ed60e47fee5 16002880 devel optional glibc-source_2.7-18lenny1_all.deb
 abd9db8ef1af5445583ca2edd9f19970 4489578 libs standard locales_2.7-18lenny1_all.deb
 2b8d52389c50bc5c6d3b218e176d92b1 4951028 libs required libc6_2.7-18lenny1_amd64.deb
 e5e18ff367523e9f073b73c4d1ba0dbb 2500140 libdevel optional libc6-dev_2.7-18lenny1_amd64.deb
 48098bd9b1afa46d250f3abd31866f2a 1930422 libdevel extra libc6-prof_2.7-18lenny1_amd64.deb
 f3bb39ebf9ca059b491361729fb6286d 1466410 libdevel optional libc6-pic_2.7-18lenny1_amd64.deb
 46dfd5a1887cb159b3947e35d311e3d0 2802484 libs extra locales-all_2.7-18lenny1_amd64.deb
 035752ff0f2e6b76884033189297d589 3776080 libs optional libc6-i386_2.7-18lenny1_amd64.deb
 a436a0a2c086801af2700dd18c2da54b 1459272 libdevel optional libc6-dev-i386_2.7-18lenny1_amd64.deb
 23224fc23c1c566b18d633eb3d749c80 175080 admin optional nscd_2.7-18lenny1_amd64.deb
 954704ea3204caaee274206a7b7a1f1c 5325184 libdevel extra libc6-dbg_2.7-18lenny1_amd64.deb
 14dbd1f14099fb14dcf1b2f17b98fbb3 1107422 debian-installer extra libc6-udeb_2.7-18lenny1_amd64.udeb
 3e7a504ef3d73710dbfe6e30999a1667 9426 debian-installer extra libnss-dns-udeb_2.7-18lenny1_amd64.udeb
 bbff553ab4c95fb2b44810cad9688bd2 18314 debian-installer extra libnss-files-udeb_2.7-18lenny1_amd64.udeb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFK20SEw3ao2vG823MRAmdVAKCDtDUFCnP99hNJZreOHKNiv+CUwgCeP6Fg
b6RJoRblGOrAtUbMI2jXPsQ=
=anuk
-----END PGP SIGNATURE-----





Information forwarded to debian-bugs-dist@lists.debian.org, GNU Libc Maintainers <debian-glibc@lists.debian.org>:
Bug#550625; Package libc6. (Mon, 09 Nov 2009 10:27:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Roberto Martelloni <roberto.martelloni@digint.it>:
Extra info received and forwarded to list. Copy sent to GNU Libc Maintainers <debian-glibc@lists.debian.org>. (Mon, 09 Nov 2009 10:27:05 GMT) Full text and rfc822 format available.

Message #62 received at 550625@bugs.debian.org (full text, mbox):

From: Roberto Martelloni <roberto.martelloni@digint.it>
To: 550625@bugs.debian.org
Subject: libc6 2.7-18 realloc bug is NOT fixed
Date: Mon, 09 Nov 2009 11:17:05 +0100
hey, this bug is not fixed 

> L2:~> dpkg -l | grep libc6
> ii  libc6                                2.7-18                     GNU C Library: Shared libraries
> ii  libc6-dev                            2.7-18                     GNU C Library: Development Libraries and Header Files
> ii  libc6-dev-i386                       2.7-18                     GNU C Library: 32bit development libraries for AMD64
> ii  libc6-i386                           2.7-18                     GNU C Library: 32bit shared libraries for AMD64

Linux L2 2.6.31.pfring #1 SMP Wed Sep 16 09:52:13 CEST 2009 x86_64 GNU/Linux
also with the default stable kernel 
Linux L1 2.6.26-2-amd64 #1 SMP Thu Nov 5 02:23:12 UTC 2009 x86_64 GNU/Linux

i have made this two test and the two test fails 

i get this two post for reference :
http://sources.redhat.com/bugzilla/show_bug.cgi?id=10018
https://bugzilla.redhat.com/show_bug.cgi?id=470831

can you reopen the bugs ?
avaiable for any question, also in msn or skype
msn: boos@core-dumped.info
skype: rmartelloni

------------------------------------------------------------------------

#include <pthread.h>
#include <stdio.h>
#include <stdlib.h>
#include <assert.h>

void* MyThread(void* arg) {

  while (1) {
    unsigned char* array = (unsigned char*)malloc(10000024);
    unsigned long i;
    for (i = 0; i < 10000024; i++) {
      array[i] = i % 256;
    }

    array = (unsigned char*)realloc(array, 20000048);
    for (i = 0; i < 10000024; i++) {
      assert(array[i] == i % 256);
    }
    free(array);
  }
  return NULL;
}

int main() {

  unsigned int i;
  pthread_t thread;
  for (i = 0; i < 8; ++i) {
    pthread_create(&thread, NULL, MyThread, NULL);
  }
  pthread_join(thread, NULL);

  return 0;
}

#include <stdio.h>
#include <string.h>
#include <stdlib.h>
int
main(int argc, char **argv)
{
  char buf[200];
  char *fmt = argv[1];
  if (argc < 2)
    abort ();
  int n = snprintf (buf, sizeof buf, fmt, 1);
  return 0;
}

and all fails





Information forwarded to debian-bugs-dist@lists.debian.org, GNU Libc Maintainers <debian-glibc@lists.debian.org>:
Bug#550625; Package libc6. (Mon, 09 Nov 2009 11:42:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Aurelien Jarno <aurelien@aurel32.net>:
Extra info received and forwarded to list. Copy sent to GNU Libc Maintainers <debian-glibc@lists.debian.org>. (Mon, 09 Nov 2009 11:42:03 GMT) Full text and rfc822 format available.

Message #67 received at 550625@bugs.debian.org (full text, mbox):

From: Aurelien Jarno <aurelien@aurel32.net>
To: Roberto Martelloni <roberto.martelloni@digint.it>, 550625@bugs.debian.org
Subject: Re: Bug#550625: libc6 2.7-18 realloc bug is NOT fixed
Date: Mon, 9 Nov 2009 11:54:49 +0100
On Mon, Nov 09, 2009 at 11:17:05AM +0100, Roberto Martelloni wrote:
> hey, this bug is not fixed 

It is.

> > L2:~> dpkg -l | grep libc6
> > ii  libc6                                2.7-18                     GNU C Library: Shared libraries
> > ii  libc6-dev                            2.7-18                     GNU C Library: Development Libraries and Header Files
> > ii  libc6-dev-i386                       2.7-18                     GNU C Library: 32bit development libraries for AMD64
> > ii  libc6-i386                           2.7-18                     GNU C Library: 32bit shared libraries for AMD64
> 
> Linux L2 2.6.31.pfring #1 SMP Wed Sep 16 09:52:13 CEST 2009 x86_64 GNU/Linux
> also with the default stable kernel 
> Linux L1 2.6.26-2-amd64 #1 SMP Thu Nov 5 02:23:12 UTC 2009 x86_64 GNU/Linux
> 
> i have made this two test and the two test fails 
> 
> i get this two post for reference :
> http://sources.redhat.com/bugzilla/show_bug.cgi?id=10018
> https://bugzilla.redhat.com/show_bug.cgi?id=470831
> 
> can you reopen the bugs ?

No, as it is fixed in 2.7-18lenny1, not 2.7-18.

-- 
Aurelien Jarno	                        GPG: 1024D/F1BCDB73
aurelien@aurel32.net                 http://www.aurel32.net




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 08 Dec 2009 07:28:27 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Apr 20 21:04:31 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.