Open drok opened 4 years ago
When running the unit test base.buffer.kitchen-sink.test with dmalloc 5.5.2 and cmocka 1.0.1, the following stack overflow happens when the test ends:
__kernel_vsyscall () at null: raise () at null: abort () at null: _dmalloc_die (silent_b=0) at /tmp/dmalloc/error.c:657 dmalloc_in (file=0xb7dc880e \"\\213\\215l\\373\\377\\377\\211\\f$\\350\\270b\\375\\377f\\203>\", line=0, check_heap_b=1) at /tmp/dmalloc/malloc.c:510 dmalloc_free (file=0xb7dc880e \"\\213\\215l\\373\\377\\377\\211\\f$\\350\\270b\\375\\377f\\203>\", line=0, pnt=0x0, func_id=17) at /tmp/dmalloc/malloc.c:965 free (pnt=0x0) at /tmp/dmalloc/malloc.c:1368 vfprintf () at null: vsnprintf () at null: loc_vsnprintf (buf=0xb7f9e140 \"debug-malloc library: halting program, fatal error\\r\\n\", buf_size=1024, format=0xb7f2b484 \"debug-malloc library: %s program, fatal error\\r\\n\", args=0xbfffcbb8 \"\\304\\263\\362\\267\") at /tmp/dmalloc/compat.c:143 loc_snprintf (buf=0xb7f9e140 \"debug-malloc library: halting program, fatal error\\r\\n\", buf_size=1024, format=0xb7f2b484 \"debug-malloc library: %s program, fatal error\\r\\n\") at /tmp/dmalloc/compat.c:171 _dmalloc_die (silent_b=0) at /tmp/dmalloc/error.c:635 dmalloc_in (file=0xb7dc880e \"\\213\\215l\\373\\377\\377\\211\\f$\\350\\270b\\375\\377f\\203>\", line=0, check_heap_b=1) at /tmp/dmalloc/malloc.c:510 dmalloc_free (file=0xb7dc880e \"\\213\\215l\\373\\377\\377\\211\\f$\\350\\270b\\375\\377f\\203>\", line=0, pnt=0x0, func_id=17) at /tmp/dmalloc/malloc.c:965 free (pnt=0x0) at /tmp/dmalloc/malloc.c:1368 vfprintf () at null: vsnprintf () at null: loc_vsnprintf (buf=0xb7f9e140 \"debug-malloc library: halting program, fatal error\\r\\n\", buf_size=1024, format=0xb7f2b484 \"debug-malloc library: %s program, fatal error\\r\\n\", args=0xbfffd3c8 \"\\304\\263\\362\\267\") at /tmp/dmalloc/compat.c:143 loc_snprintf (buf=0xb7f9e140 \"debug-malloc library: halting program, fatal error\\r\\n\", buf_size=1024, format=0xb7f2b484 \"debug-malloc library: %s program, fatal error\\r\\n\") at /tmp/dmalloc/compat.c:171 _dmalloc_die (silent_b=0) at /tmp/dmalloc/error.c:635 dmalloc_in (file=0xb7dc880e \"\\213\\215l\\373\\377\\377\\211\\f$\\350\\270b\\375\\377f\\203>\", line=0, check_heap_b=1) at /tmp/dmalloc/malloc.c:510 dmalloc_free (file=0xb7dc880e \"\\213\\215l\\373\\377\\377\\211\\f$\\350\\270b\\375\\377f\\203>\", line=0, pnt=0x0, func_id=17) at /tmp/dmalloc/malloc.c:965 free (pnt=0x0) at /tmp/dmalloc/malloc.c:1368 vfprintf () at null: vsnprintf () at null: loc_vsnprintf (buf=0xb7f9e140 \"debug-malloc library: halting program, fatal error\\r\\n\", buf_size=1024, format=0xb7f2b484 \"debug-malloc library: %s program, fatal error\\r\\n\", args=0xbfffdbd8 \"\\304\\263\\362\\267\") at /tmp/dmalloc/compat.c:143 loc_snprintf (buf=0xb7f9e140 \"debug-malloc library: halting program, fatal error\\r\\n\", buf_size=1024, format=0xb7f2b484 \"debug-malloc library: %s program, fatal error\\r\\n\") at /tmp/dmalloc/compat.c:171 _dmalloc_die (silent_b=0) at /tmp/dmalloc/error.c:635 dmalloc_in (file=0xb7dc880e \"\\213\\215l\\373\\377\\377\\211\\f$\\350\\270b\\375\\377f\\203>\", line=0, check_heap_b=1) at /tmp/dmalloc/malloc.c:510 dmalloc_free (file=0xb7dc880e \"\\213\\215l\\373\\377\\377\\211\\f$\\350\\270b\\375\\377f\\203>\", line=0, pnt=0x0, func_id=17) at /tmp/dmalloc/malloc.c:965 free (pnt=0x0) at /tmp/dmalloc/malloc.c:1368 vfprintf () at null: vsnprintf () at null: loc_vsnprintf (buf=0xb7f9e140 \"debug-malloc library: halting program, fatal error\\r\\n\", buf_size=1024, format=0xb7f2b484 \"debug-malloc library: %s program, fatal error\\r\\n\", args=0xbfffe3e8 \"\\304\\263\\362\\267mx\\376\\267\\304\\357\\377\\267D\\351\\377\\277\") at /tmp/dmalloc/compat.c:143 loc_snprintf (buf=0xb7f9e140 \"debug-malloc library: halting program, fatal error\\r\\n\", buf_size=1024, format=0xb7f2b484 \"debug-malloc library: %s program, fatal error\\r\\n\") at /tmp/dmalloc/compat.c:171 _dmalloc_die (silent_b=0) at /tmp/dmalloc/error.c:635 dmalloc_in (file=0xb7dc880e \"\\213\\215l\\373\\377\\377\\211\\f$\\350\\270b\\375\\377f\\203>\", line=0, check_heap_b=1) at /tmp/dmalloc/malloc.c:510 dmalloc_free (file=0xb7dc880e \"\\213\\215l\\373\\377\\377\\211\\f$\\350\\270b\\375\\377f\\203>\", line=0, pnt=0x0, func_id=17) at /tmp/dmalloc/malloc.c:965 free (pnt=0x0) at /tmp/dmalloc/malloc.c:1368 vfprintf () at null: vsnprintf () at null: loc_vsnprintf (buf=0xbfffed00 \"ra=0xb7dc880e\", buf_size=164, format=0xb7f2ac28 \"ra=%#lx\", args=0xbfffebf8 \"\\016\\210\\334\\267\") at /tmp/dmalloc/compat.c:143 loc_snprintf (buf=0xbfffed00 \"ra=0xb7dc880e\", buf_size=164, format=0xb7f2ac28 \"ra=%#lx\") at /tmp/dmalloc/compat.c:171 _dmalloc_chunk_desc_pnt (buf=0xbfffed00 \"ra=0xb7dc880e\", buf_size=164, file=0xb7dc880e \"\\213\\215l\\373\\377\\377\\211\\f$\\350\\270b\\375\\377f\\203>\", line=0) at /tmp/dmalloc/chunk.c:1935 _dmalloc_chunk_free (file=0xb7dc880e \"\\213\\215l\\373\\377\\377\\211\\f$\\350\\270b\\375\\377f\\203>\", line=0, user_pnt=0x0, func_id=17) at /tmp/dmalloc/chunk.c:2550 dmalloc_free (file=0xb7dc880e \"\\213\\215l\\373\\377\\377\\211\\f$\\350\\270b\\375\\377f\\203>\", line=0, pnt=0x0, func_id=17) at /tmp/dmalloc/malloc.c:974 free (pnt=0x0) at /tmp/dmalloc/malloc.c:1368 vfprintf () at null: __vsnprintf_chk () at null: vprint_message () at null: print_message () at null: _cmocka_run_group_tests () at null: main (argc=2, argv=0xbffffb54) at u:\proj/openvpn/tests/unit/buffer/test.c:421
In order to get _dmalloc_die to stop looping, I instrumented it to detect loops and abort after the 4th loop:
diff --git a/error.c b/error.c index 86a3fbe..c87e5b6 100644 --- a/error.c +++ b/error.c @@ -619,7 +619,10 @@ void _dmalloc_die(const int silent_b) { char *stop_str; int len; - + static loop_detect = 0; + if (++loop_detect > 4) + abort(); + if (! silent_b) { if (BIT_IS_SET(_dmalloc_flags, DEBUG_ERROR_ABORT)) { stop_str = "dumping";
The host OS is CentOS6 32 bit with the following libc* :
vzdummy-glibc-2.12-1.7.el6.noarch libcmocka-devel-1.0.1-1.el6.i686 glibc-2.12-1.209.el6_9.2.i686 glibc-common-2.12-1.209.el6_9.2.i686 libcmocka-1.0.1-1.el6.i686 libcgroup-0.40.rc1-24.el6_9.i686 glibc-devel-2.12-1.209.el6_9.2.i686
Reported to upstream dmalloc project as j256/dmalloc#4
This has been hopefully fixed with a impl of snprintf: https://github.com/j256/dmalloc/commit/313cd9581cf8a1c3cac76354662bf2eaa529ced1
When running the unit test base.buffer.kitchen-sink.test with dmalloc 5.5.2 and cmocka 1.0.1, the following stack overflow happens when the test ends:
In order to get _dmalloc_die to stop looping, I instrumented it to detect loops and abort after the 4th loop:
The host OS is CentOS6 32 bit with the following libc* :