Re: [LTP] clone07 bug and patch

[Guo Hongruan]

attachment is the patch file

On Mon, 13 Apr 2009 22:38:00 +0800, Subrata Modak <subr...@linux.vnet.ibm.com> wrote:

On Mon, 2009-04-13 at 09:22 +0800, Guo Hongruan wrote:

How to reproduce this bug:

./clone07 -i 19

I can produce this.

Before Patching:

$ ./clone07 -i 19
*** glibc detected *** ./testcases/bin/clone07: double free or
corruption (top): 0x08dda008 ***
======= Backtrace: =========
/lib/libc.so.6[0xb3db16]
/lib/libc.so.6(cfree+0x90)[0xb41030]
./testcases/bin/clone07[0x8048e7c]
/lib/libc.so.6(__libc_start_main+0xdc)[0xaeadec]
./testcases/bin/clone07[0x8048b61]
======= Memory map: ========
00ab7000-00ad1000 r-xp 00000000 08:02 19085105   /lib/ld-2.5.so
00ad1000-00ad2000 r-xp 00019000 08:02 19085105   /lib/ld-2.5.so
00ad2000-00ad3000 rwxp 0001a000 08:02 19085105   /lib/ld-2.5.so
00ad5000-00c12000 r-xp 00000000 08:02 19085112   /lib/libc-2.5.so
00c12000-00c14000 r-xp 0013d000 08:02 19085112   /lib/libc-2.5.so
00c14000-00c15000 rwxp 0013f000 08:02 19085112   /lib/libc-2.5.so
00c15000-00c18000 rwxp 00c15000 00:00 0
00c6b000-00c6c000 r-xp 00c6b000 00:00 0          [vdso]
061d0000-061db000 r-xp 00000000 08:02
19085120   /lib/libgcc_s-4.1.2-20080102.so.1
061db000-061dc000 rwxp 0000a000 08:02
19085120   /lib/libgcc_s-4.1.2-20080102.so.1
08048000-0804c000 r-xp 00000000 08:02

0804c000-0804d000 rwxp 00004000 08:02

0804d000-08051000 rwxp 0804d000 00:00 0
08dda000-08dfb000 rwxp 08dda000 00:00 0
b7e00000-b7e21000 rwxp b7e00000 00:00 0
b7e21000-b7f00000 --xp b7e21000 00:00 0
b7f5a000-b7f5c000 rwxp b7f5a000 00:00 0
bfab7000-bfacc000 rwxp bfab7000 00:00 0          [stack]
Aborted
$ echo $?
134

Post Patching:

$ ./clone07 -i 19
clone07     1  PASS  :  Use of return() in child did not cause SIGSEGV

Index: clone07.c

2262291 /home/subratamodak/OFFICE_WORKS/LTP_PROJECT_CODE/LTP_TARS/MARCH_2009_RELEASE/ltp-full-20090331/testcases/bin/clone07 2262291 /home/subratamodak/OFFICE_WORKS/LTP_PROJECT_CODE/LTP_TARS/MARCH_2009_RELEASE/ltp-full-20090331/testcases/bin/clone07

===================================================================
--- clone07.c   (revision 301)
+++ clone07.c   (working copy)
@@ -114,17 +114,17 @@
         /* perform global setup for test */
         setup();

-       /* Allocate stack for child */
-       if((child_stack = (void *) malloc(CHILD_STACK_SIZE)) == NULL) {
-               tst_brkm(TBROK, cleanup, "Cannot allocate stack for
child");
-       }
-
         /* check looping state if -i option given */
         for (lc=0; TEST_LOOPING(lc); lc++) {

                 /* reset Tst_count in case we are looping. */
                 Tst_count=0;

+               /* Allocate stack for child */
+               if((child_stack = (void *) malloc(CHILD_STACK_SIZE)) ==
NULL) {
+                       tst_brkm(TBROK, cleanup, "Cannot allocate stack
for child");
+               }
+
                 /*
                  * Call clone(2)
                  */

Thanks for the patch.

Regards--
Subrata

--
Guo Hongruan, Embedded Linux Consultant
Mobile: +86-0-13484056007
Skype: camelguo
http://www.gulessoft.com

clone07-malloc.diff
Description: Binary data

------------------------------------------------------------------------------
This SF.net email is sponsored by:
High Quality Requirements in a Collaborative Environment.
Download a free trial of Rational Requirements Composer Now!
http://p.sf.net/sfu/www-ibm-com
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list