Package: glibc Version: 2.3.2-2
(Sorry - the above mini-header was for the Debian bug tracking system).
To the glibc maintainers, et al:
I tried to access gnats at http://www-gnats.gnu.org:8080/cgi-bin/wwwgnats.pl but there was no response, so I am emailing this bug report.
We have a chrooted build environment which we have been using over the last couple of years that is based on the RedHat 5.2 distribution. This shipped with glibc-2.0.7-29 and gcc-2.7.2.3-14. Programs we have built in this environment have successfully run on virtually every Gnu/Linux distribution we have ever come across. Unfortunately, glibc 2.3.2 has broken binary compatibility with these programs. I include below the source of a program which when compiled in this build environment, dumps core when dynamically linked against glibc 2.3.2. I have experienced this on Debian SID and Mandrake 9.2 beta2, both of which include versions of glibc 2.3.2. Let me also mention that all PRIOR versions of glibc have worked just fine, so something must have gotten broken in 2.3.2.
Here's the program: --------------------------------------------------- #include <stdio.h>
main()
{
FILE *fp; fp = fopen("/etc/group", "r");
if (fp == NULL) {
printf("Couldn't open /etc/group\n");
exit(1);
}
fseek(fp, 0L, 2);
printf("Apparently no coredump\n");
exit(0);
}---------------------------------------------------
Note that /etc/group is just a random file that one expects to be around and readable. The fseek() is what dumps core.
I spent a little time debugging this using the debian glibc 2.3.2 sources. The problem is that the fopen() that gets used is the one in libio/oldiofopen.c. This file defines _IO_USE_OLD_IO_FILE so that the malloc() that is done in _IO_old_fopen() is for an _IO_FILE structure that does not include the _IO_FILE_complete elements, most specifically the _mode field. However, the fseek() that gets used ultimately gets into _IO_seekoff_unlocked() in ioseekoff.c. In this case the _IO_fwide() tests access the _mode field which actually is an offset associated with a lock structure, and, well, let's just say it doesn't go well. _IO_have_wbackup() dereferences the _wide_data field which is NULL and *pow* coredump.
I am not sure how all this is supposed to be handled, but I figure with this much information, the glibc experts will know.
If it is inconvenient to dig up an old glibc to compile a test
program with, you can download one from
ftp://ftp.netraverse.com/pub/glibc-bug
I would have provided one as an attachment, but I suspect attachments
are stripped from list email.Oh... one other thing: We have decided to update our build environment to work around the problem. However, I wanted to pass this on because I am sure there are other binaries hanging around out there that people have not recompiled in a long time.
Thanks,
Richard <rwb>
-- Richard W. Bass Systems Software Architect NeTraverse, Inc.
