Bug#423409: double free() with grub-probe

Robert Millan rmh at aybabtu.com
Wed May 16 20:01:01 UTC 2007


Hi there,

We got this bug report from Debian BTS.  It seems to be related to LVM.

The argc address in last line looks very suspicious; stack corruption?

More details (with full log) available at http://bugs.debian.org/423409

On Wed, May 16, 2007 at 07:18:19PM +0200, Florian Kriener wrote:
> (gdb) set args ext2_mod-fs_ext2.d
> (gdb) run
> 
> Starting program: /home/leflo/src/grub2-1.95+20070515/grub-probe 
> ext2_mod-fs_ext2.d
> *** glibc detected *** /home/leflo/src/grub2-1.95+20070515/grub-probe: double 
> free or corruption (!prev): 0x08067188 ***
> ======= Backtrace: =========
> /lib/i686/cmov/libc.so.6[0xb7e3aeed]
> /lib/i686/cmov/libc.so.6(cfree+0x90)[0xb7e3e530]
> /home/leflo/src/grub2-1.95+20070515/grub-probe[0x804bc8f]
> /home/leflo/src/grub2-1.95+20070515/grub-probe[0x8059368]
> /home/leflo/src/grub2-1.95+20070515/grub-probe[0x804b47e]
> /home/leflo/src/grub2-1.95+20070515/grub-probe[0x804fa4c]
> /home/leflo/src/grub2-1.95+20070515/grub-probe[0x804f5ef]
> /home/leflo/src/grub2-1.95+20070515/grub-probe[0x804b5ff]
> /home/leflo/src/grub2-1.95+20070515/grub-probe[0x8049720]
> /home/leflo/src/grub2-1.95+20070515/grub-probe[0x804b704]
> /home/leflo/src/grub2-1.95+20070515/grub-probe[0x804b3f4]
> /home/leflo/src/grub2-1.95+20070515/grub-probe[0x8058e92]
> /home/leflo/src/grub2-1.95+20070515/grub-probe[0x8058eb2]
> /home/leflo/src/grub2-1.95+20070515/grub-probe[0x80491aa]
> /lib/i686/cmov/libc.so.6(__libc_start_main+0xdc)[0xb7de8ebc]
> /home/leflo/src/grub2-1.95+20070515/grub-probe[0x8048eb1]
> ======= Memory map: ========
> 08048000-0805c000 r-xp 00000000 fe:01 
> 177294     /home/leflo/src/grub2-1.95+20070515/grub-probe
> 0805c000-0805d000 rwxp 00014000 fe:01 
> 177294     /home/leflo/src/grub2-1.95+20070515/grub-probe
> 0805d000-08085000 rwxp 0805d000 00:00 0          [heap]
> b7c00000-b7c21000 rwxp b7c00000 00:00 0
> b7c21000-b7d00000 ---p b7c21000 00:00 0
> b7d96000-b7da1000 r-xp 00000000 08:01 172230     /lib/libgcc_s.so.1
> b7da1000-b7da2000 rwxp 0000a000 08:01 172230     /lib/libgcc_s.so.1
> b7da2000-b7dd3000 rwxp b7da2000 00:00 0
> b7dd3000-b7f10000 r-xp 00000000 08:01 204158     /lib/i686/cmov/libc-2.5.so
> b7f10000-b7f11000 r-xp 0013d000 08:01 204158     /lib/i686/cmov/libc-2.5.so
> b7f11000-b7f13000 rwxp 0013e000 08:01 204158     /lib/i686/cmov/libc-2.5.so
> b7f13000-b7f17000 rwxp b7f13000 00:00 0
> b7f33000-b7f34000 rwxp b7f33000 00:00 0
> b7f34000-b7f4f000 r-xp 00000000 08:01 172367     /lib/ld-2.5.so
> b7f4f000-b7f51000 rwxp 0001b000 08:01 172367     /lib/ld-2.5.so
> bfd01000-bfd17000 rwxp bfd01000 00:00 0          [stack]
> ffffe000-fffff000 r-xp 00000000 00:00 0          [vdso]
> 
> Program received signal SIGABRT, Aborted.
> 0xffffe410 in __kernel_vsyscall ()
> (gdb) bt
> #0  0xffffe410 in __kernel_vsyscall ()
> #1  0xb7dfcd60 in raise () from /lib/i686/cmov/libc.so.6
> #2  0xb7dfe5b1 in abort () from /lib/i686/cmov/libc.so.6
> #3  0xb7e3308b in __libc_message () from /lib/i686/cmov/libc.so.6
> #4  0xb7e3aeed in _int_free () from /lib/i686/cmov/libc.so.6
> #5  0xb7e3e530 in free () from /lib/i686/cmov/libc.so.6
> #6  0x0804bc8f in grub_disk_read (disk=0x8064078, sector=4000189, offset=0, 
> size=194560, buf=0xb7da2008 "")
>     at kern/disk.c:480
> #7  0x08059368 in grub_lvm_scan_device (name=0x8064068 "hd0,2") at 
> disk/lvm.c:262
> #8  0x0804b47e in iterate_partition (disk=0x8064008, partition=0xbfd138a4) at 
> kern/device.c:133
> #9  0x0804fa4c in pc_partition_map_iterate (disk=0x8064008, hook=0xbfd139ae) 
> at partmap/pc.c:154
> #10 0x0804f5ef in grub_partition_iterate (disk=0x8064008, hook=0xbfd139ae) at 
> kern/partition.c:127
> #11 0x0804b5ff in iterate_disk (disk_name=0xbfd13952 "hd0") at 
> kern/device.c:102
> #12 0x08049720 in grub_util_biosdisk_iterate (hook=0xbfd139a4) at 
> util/i386/pc/biosdisk.c:133
> #13 0x0804b704 in grub_disk_dev_iterate (hook=0xbfd139a4) at kern/disk.c:203
> #14 0x0804b3f4 in grub_device_iterate (hook=0x8059220 <grub_lvm_scan_device>) 
> at kern/device.c:139
> #15 0x08058e92 in grub_mod_init (mod=0x0) at disk/lvm.c:489
> #16 0x08058eb2 in grub_lvm_init () at disk/lvm.c:487
> #17 0x080491aa in main (argc=Cannot access memory at address 0x3bd8
> ) at util/i386/pc/grub-probe.c:273
> 
> --snapp--
> 
> Doesn't matter at all what I set args to. Even good old asdf throws this 
> error. Plus it does not matter if run as root or not.
> 
> BTW: Thats about everything I can do debugging c apps. So if you need more 
> please tell me how to do it.

-- 
Robert Millan

My spam trap is honeypot at aybabtu.com.  Note: this address is only intended
for spam harvesters.  Writing to it will get you added to my black list.




More information about the Pkg-grub-devel mailing list