[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Valgrind detects invalid read in bash. malloc assertion fails.
From: |
Grisha Levit |
Subject: |
Re: Valgrind detects invalid read in bash. malloc assertion fails. |
Date: |
Tue, 14 May 2019 02:16:58 -0400 |
Reproduces for me on Debian 9 with a fresh bash devel build (with or
without DEBUG and MALLOC DEBUG). Anything with a glob will do to reproduce:
$ valgrind ./bash -c ': *'
==15001== Memcheck, a memory error detector
==15001== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==15001== Using Valgrind-3.12.0.SVN and LibVEX; rerun with -h for copyright
info
==15001== Command: /home/grishalevit/bash/bash -c :\ *
==15001==
==15001== Invalid read of size 1
==15001== at 0x1E74A7: internal_free.isra.1 (malloc.c:921)
==15001== by 0x1B4F8A: glob_filename (glob.c:1427)
==15001== by 0x180E6D: shell_glob_filename (pathexp.c:442)
==15001== by 0x17BBFA: glob_expand_word_list (subst.c:11197)
==15001== by 0x17BBFA: expand_word_list_internal (subst.c:11634)
==15001== by 0x14F552: execute_simple_command (execute_cmd.c:4330)
==15001== by 0x1514FE: execute_command_internal (execute_cmd.c:844)
==15001== by 0x1A0DCA: parse_and_execute (evalstring.c:456)
==15001== by 0x135EA0: run_one_command (shell.c:1416)
==15001== by 0x1380FA: main (shell.c:735)
==15001== Address 0x53dd228 is 8 bytes before a block of size 8 alloc'd
==15001== at 0x4C2BBAF: malloc (vg_replace_malloc.c:299)
==15001== by 0x1B4EDD: glob_filename (glob.c:1079)
==15001== by 0x180E6D: shell_glob_filename (pathexp.c:442)
==15001== by 0x17BBFA: glob_expand_word_list (subst.c:11197)
==15001== by 0x17BBFA: expand_word_list_internal (subst.c:11634)
==15001== by 0x14F552: execute_simple_command (execute_cmd.c:4330)
==15001== by 0x1514FE: execute_command_internal (execute_cmd.c:844)
==15001== by 0x1A0DCA: parse_and_execute (evalstring.c:456)
==15001== by 0x135EA0: run_one_command (shell.c:1416)
==15001== by 0x1380FA: main (shell.c:735)
==15001==
==15001== Invalid read of size 1
==15001== at 0x1E74B8: internal_free.isra.1 (malloc.c:932)
==15001== by 0x1B4F8A: glob_filename (glob.c:1427)
==15001== by 0x180E6D: shell_glob_filename (pathexp.c:442)
==15001== by 0x17BBFA: glob_expand_word_list (subst.c:11197)
==15001== by 0x17BBFA: expand_word_list_internal (subst.c:11634)
==15001== by 0x14F552: execute_simple_command (execute_cmd.c:4330)
==15001== by 0x1514FE: execute_command_internal (execute_cmd.c:844)
==15001== by 0x1A0DCA: parse_and_execute (evalstring.c:456)
==15001== by 0x135EA0: run_one_command (shell.c:1416)
==15001== by 0x1380FA: main (shell.c:735)
==15001== Address 0x53dd228 is 8 bytes before a block of size 8 alloc'd
==15001== at 0x4C2BBAF: malloc (vg_replace_malloc.c:299)
==15001== by 0x1B4EDD: glob_filename (glob.c:1079)
==15001== by 0x180E6D: shell_glob_filename (pathexp.c:442)
==15001== by 0x17BBFA: glob_expand_word_list (subst.c:11197)
==15001== by 0x17BBFA: expand_word_list_internal (subst.c:11634)
==15001== by 0x14F552: execute_simple_command (execute_cmd.c:4330)
==15001== by 0x1514FE: execute_command_internal (execute_cmd.c:844)
==15001== by 0x1A0DCA: parse_and_execute (evalstring.c:456)
==15001== by 0x135EA0: run_one_command (shell.c:1416)
==15001== by 0x1380FA: main (shell.c:735)
==15001==
malloc: glob.c:1427: assertion botched
free: called with unallocated block argument
Aborting...==15001==
==15001== Process terminating with default action of signal 6 (SIGABRT)
==15001== at 0x506EFFF: raise (raise.c:51)
==15001== by 0x5070429: abort (abort.c:89)
==15001== by 0x15E1A6: programming_error (error.c:175)
==15001== by 0x1E74F4: internal_free.isra.1 (malloc.c:938)
==15001== by 0x1B4F8A: glob_filename (glob.c:1427)
==15001== by 0x180E6D: shell_glob_filename (pathexp.c:442)
==15001== by 0x17BBFA: glob_expand_word_list (subst.c:11197)
==15001== by 0x17BBFA: expand_word_list_internal (subst.c:11634)
==15001== by 0x14F552: execute_simple_command (execute_cmd.c:4330)
==15001== by 0x1514FE: execute_command_internal (execute_cmd.c:844)
==15001== by 0x1A0DCA: parse_and_execute (evalstring.c:456)
==15001== by 0x135EA0: run_one_command (shell.c:1416)
==15001== by 0x1380FA: main (shell.c:735)
==15001==
==15001== HEAP SUMMARY:
==15001== in use at exit: 8 bytes in 1 blocks
==15001== total heap usage: 84 allocs, 83 frees, 16,600 bytes allocated
==15001==
==15001== LEAK SUMMARY:
==15001== definitely lost: 0 bytes in 0 blocks
==15001== indirectly lost: 0 bytes in 0 blocks
==15001== possibly lost: 0 bytes in 0 blocks
==15001== still reachable: 8 bytes in 1 blocks
==15001== suppressed: 0 bytes in 0 blocks
==15001== Rerun with --leak-check=full to see details of leaked memory
==15001==
==15001== For counts of detected and suppressed errors, rerun with: -v
==15001== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 0 from 0)
Aborted