tech-toolchain: Re: dynamic linker/loader problem

Subject: Re: dynamic linker/loader problem
To: Manuel Bouyer <bouyer@antioche.eu.org>
From: Rafal Boni <rafal@attbi.com>
List: tech-toolchain
Date: 03/27/2003 12:52:02
In message <20030326205004.GA690@antioche.eu.org>, you write: 

-> On Tue, Mar 25, 2003 at 08:09:16PM -0500, Rafal Boni wrote:
-> > PR's 19183, 18657, 20078 (should be closed as dup?) 
-> > Agreed that it should be fixed before release... I think the problem is
-> > slightly different than you describe it, but the end-result the same..
-> > Some child routines of tgetent (cgetstr, for example) allocate memory,
-> > which uses the libc malloc (even though bash/tcsh provide their own).
-> > So far, so good, but when the termcap code then *frees* that memory, 
-> > it does so using the bash/tcsh free(), which whiles and in some cases
-> > crashes the shell.
-> 
-> I tried to reproduce the problem with a simple test case, but failed.
-> Each time the local function is called, instead of the libc's one.
-> It seems to require some special conditions to happen ...

As Christos suggested, writing a simple program that uses termcap and
also implements it's own malloc/free (mmm, reimplementing malloc/free
with realloc... Almost worthy of libmem v2 8-) triggers the bug.

Attached is a simple program that does that, and indeed has the same
issue.

My output (on an O2 running 1.6P kernel and recent ld_elf.so) is as
follows:
    malloc from 0x30009c38, size 16
    malloc returning ptr 0x10012030
    free 0x10012040 from 0x3000a4c0

So indeed we're getting called to allocate one thing, and to free another.

--rafal

begin 644 ldtest.tgz
M'XL(``<Y@SX``^V4SV^;,!3'<XW_"BM3)1)19%(*AXQ*V:+EDJ93HYVV"1$P
MU"H89$Q5=>K_/AN'5*O4]+*DE_>Y&+_W>#\$WW<=W].,%71P1(A+B.]Y`T*(
M&UP2?1(R]<RIC9X_(('O$7]Z,?6TWU4F93MF4SUM(V.!\4#$65P<B%-A67:*
MAD[+]]N;95BDDC82H<6797B>H_7-]7P=NFBUF"\6X7DAJ2B3N%;W;ZOY<J-#
M-K=?-[O7G`27<5%4B9,@Y#">%&U*\>=MDSJUJ'*GO+]"'STE\!;]-SQFC7?U
M'[SH7\7N]!^`_D_`I[U@&YFRRKF[0B^FG?"U$3$N41DS;JD''(L\L7%R%XO)
M1%\>QN@/&NH[WK991L5/5WW@WS.$AC*GDG)I&;N-1X\ZZV@\0\\(]L*'TZ_N
M8]9X3_^^>['7?]#%*?U?NJ#_$W!0_\I4L.V_MI8S9>Y6PD/%T@DR?Y#5L"<:
M2:R/;AET3EQ+,4/#6JBED5DC$XHS497XK+:[8'SVU/[B(QM'T;9EA60\$E2V
M@D=QF@K:-!89VVBHP1JKY0W+.4VQRCDV]?2>495PB`4UW:Q_K%9V[WQ=W^1G
M/-?MJ4:Z\NI1AQJ?Z?O9C(@R0:FUGZ>;KL^H72I#/U*?Z>`TIHSILXLEL`P!
?`````````````````````````/@/_`6HK-Q<`"@``%*?
`
end

----
Rafal Boni                                                     rafal@attbi.com
  We are all worms.  But I do believe I am a glowworm.  -- Winston Churchill