On Wed, Oct 27, 2021 at 10:10:35PM +0200, Lennart Poettering wrote:
On Mi, 27.10.21 20:34, Richard W.M. Jones (rjones@redhat.com) wrote:
I have a habit of setting:
export GLIBC_TUNABLES=glibc.malloc.check=1:glibc.malloc.perturb=99
which causes glibc to do extra malloc integrity checks. In Rawhide at the moment I'm seeing memory corruption in calls like getpwnam and gethostbyname. Unfortunately I don't have a simple reproducer yet, but two example stack traces are below. I have the latest glibc and systemd.
Questions: Has anyone seen this before, and what component should I file the bug against?
Rich.
Core was generated by `tar -C /var/tmp/supermin36875b.tmpdir/base.d -xf -'. Program terminated with signal SIGSEGV, Segmentation fault. #0 malloc_check_get_size (mem=0x0) at /usr/src/debug/glibc-2.34.9000-15.fc36.x86_64/malloc/malloc-check.c:39 39 magic = (((uintptr_t) p >> 3) ^ ((uintptr_t) p >> 11)) & 0xFF; (gdb) bt #0 malloc_check_get_size (mem=0x0) at /usr/src/debug/glibc-2.34.9000-15.fc36.x86_64/malloc/malloc-check.c:39 #1 malloc_usable_size (mem=0x0) at malloc-debug.c:405 #2 0x00007f0eed847f1a in varlink_read (v=0x55c537e3e1c0) at ../src/shared/varlink.c:508
This is nss-systemd code, i.e. this is triggered by systemd code.
It seems those "extra malloc integrity checks" can't cope with malloc_usable_size(NULL) being called. According to the man page it's a supported call (and returns 0), but I figue the e. m. i. c. don't handle this.
Hence smells to me as if this was a bug in glibc, to handle the special case of NULL here.
Fair enough, thanks Lennart, Zbigniew. I have filed a bug against glibc:
https://sourceware.org/bugzilla/show_bug.cgi?id=28506
Rich.