This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
glibc detected *** grep: free(): invalid next size (fast): fixed in glibc-2.4.90-36
- From: Chandru <chandru at in dot ibm dot com>
- To: libc-alpha at sources dot redhat dot com
- Date: Thu, 12 Oct 2006 21:02:21 +0530
- Subject: glibc detected *** grep: free(): invalid next size (fast): fixed in glibc-2.4.90-36
Hi All,
I had a problem of " grep -i < greater than or equal to 8 byte string
> < a specific file on my system>" used to throw the following
error on my system with glibc-2.4.90-22.
*** glibc detected *** grep: free(): invalid next size (fast):
0x000000008001bc10 ***
======= Backtrace: =========
/lib64/libc.so.6[0x4d73c728bc]
/lib64/libc.so.6(cfree+0x8e)[0x4d73c768a6]
/lib64/libc.so.6[0x4d73cbad3c]
/lib64/libc.so.6[0x4d73cbd646]
....
....
But with 'glibc-2.4.90-36' , this problem is no more seen. So
writing to see if anyone has knowledge of which patch probably could
have fixed this problem. While debugging 'grep' with debug glibc-
2.4.90-22 , I was able to get to the following debug level
The code in re_search_internal() in regexec.c is trying to free mctx.input when
a match is not found in a given line.
re_search_internal()
{
...
...
free_return:
re_free (mctx.state_log);
if (dfa->nbackref)
match_ctx_free (&mctx);
re_string_destruct (&mctx.input); <<<<------
return err;
}
Further when trying to free this chunk of memory , the following condition is
turning out to be true which generally is going as 'false' for other
non-matching lines
/*
If eligible, place chunk on a fastbin so it can be found
and used quickly in malloc.
*/
.....
.....
if (__builtin_expect (chunk_at_offset (p, size)->size <= 2 * SIZE_SZ, 0)
|| __builtin_expect (chunksize (chunk_at_offset (p, size))
>= av->system_mem, 0))
{
errstr = "free(): invalid next size (fast)";
goto errout;
}
.....
So it will be great to know what changes could have fixed this problem (
grep has same version between glibc2.4.90-22 and glibc-2.4.90-36 ).
Thanks,
Chandru