From: ludo@gnu.org (Ludovic Courtès)
To: Mark H Weaver <mhw@netris.org>
Cc: Artyom Poptsov <poptsov.artyom@gmail.com>, 26976@debbugs.gnu.org
Subject: bug#26976: On Hydra, offload crashes while trying to build linux-libre source
Date: Fri, 19 May 2017 00:00:24 +0200 [thread overview]
Message-ID: <87h90h966f.fsf@gnu.org> (raw)
In-Reply-To: <87h90japz0.fsf@netris.org> (Mark H. Weaver's message of "Wed, 17 May 2017 21:55:15 -0400")
[-- Attachment #1: Type: text/plain, Size: 2007 bytes --]
Hi Mark,
(Cc: Artyom. Artyom, this is about what looks like a bug in Guile-SSH
when used with Guile 2.2; see <https://bugs.gnu.org/26976>.)
Mark H Weaver <mhw@netris.org> skribis:
> *** Error in `/gnu/store/5zx29y44nrqj0s8h3jlvlj82k8hj4dxs-guile-2.2.2/bin/guile': realloc(): invalid next size: 0x00000000024617d0 ***
> ======= Backtrace: =========
> /gnu/store/rmjlycdgiq8pfy5hfi42qhw3k7p6kdav-glibc-2.25/lib/libc.so.6(+0x70fd5)[0x7f77e8343fd5]
> /gnu/store/rmjlycdgiq8pfy5hfi42qhw3k7p6kdav-glibc-2.25/lib/libc.so.6(+0x773a6)[0x7f77e834a3a6]
> /gnu/store/rmjlycdgiq8pfy5hfi42qhw3k7p6kdav-glibc-2.25/lib/libc.so.6(+0x7a3a9)[0x7f77e834d3a9]
> /gnu/store/rmjlycdgiq8pfy5hfi42qhw3k7p6kdav-glibc-2.25/lib/libc.so.6(realloc+0x156)[0x7f77e834e6e6]
> /gnu/store/vlc43y485v80sgq7iw60hzy4pw5r52d2-libssh-0.7.4/lib/libssh.so.4(+0xdc6b)[0x7f77e2e24c6b]
> /gnu/store/vlc43y485v80sgq7iw60hzy4pw5r52d2-libssh-0.7.4/lib/libssh.so.4(+0xddce)[0x7f77e2e24dce]
> /gnu/store/vlc43y485v80sgq7iw60hzy4pw5r52d2-libssh-0.7.4/lib/libssh.so.4(+0xe50a)[0x7f77e2e2550a]
> /gnu/store/vlc43y485v80sgq7iw60hzy4pw5r52d2-libssh-0.7.4/lib/libssh.so.4(+0xe7b2)[0x7f77e2e257b2]
> /gnu/store/vlc43y485v80sgq7iw60hzy4pw5r52d2-libssh-0.7.4/lib/libssh.so.4(ssh_channel_close+0x47)[0x7f77e2e27f87]
> /gnu/store/avy681pwf979kbwiv9k75c5h7jdink2c-guile2.2-ssh-0.11.0/lib/libguile-ssh.so.11(+0xa597)[0x7f77e3290597]
> /gnu/store/5zx29y44nrqj0s8h3jlvlj82k8hj4dxs-guile-2.2.2/lib/libguile-2.2.so.1(+0x83785)[0x7f77e9f00785]
This looks like a double-free and ‘ssh_channel_close’ has only one call
site, which is ‘ptob_close’, the ‘close’ function for the channel port
type in Guile-SSH.
I’m quite confident that the attached patch fixes the problem. However,
I haven’t found a scenario in Guile 2.2 where the ‘close’ method could
be called more than once, and I cannot reproduce the bug on my machine.
Thoughts?
I suggest applying it to the ‘guile-ssh’ package in Guix.
Thanks,
Ludo’.
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: Type: text/x-patch, Size: 1067 bytes --]
diff --git a/libguile-ssh/channel-type.c b/libguile-ssh/channel-type.c
index 3dd641f..0839854 100644
--- a/libguile-ssh/channel-type.c
+++ b/libguile-ssh/channel-type.c
@@ -229,10 +229,11 @@ ptob_close (SCM channel)
ssh_channel_free (ch->ssh_channel);
}
+ SCM_SETSTREAM (channel, NULL);
+
#if USING_GUILE_BEFORE_2_2
scm_gc_free (pt->write_buf, pt->write_buf_size, "port write buffer");
scm_gc_free (pt->read_buf, pt->read_buf_size, "port read buffer");
- SCM_SETSTREAM (channel, NULL);
return 0;
#endif
diff --git a/libguile-ssh/sftp-file-type.c b/libguile-ssh/sftp-file-type.c
index 8879924..f87cf03 100644
--- a/libguile-ssh/sftp-file-type.c
+++ b/libguile-ssh/sftp-file-type.c
@@ -224,10 +224,11 @@ ptob_close (SCM sftp_file)
sftp_close (fd->file);
}
+ SCM_SETSTREAM (sftp_file, NULL);
+
#if USING_GUILE_BEFORE_2_2
scm_gc_free (pt->write_buf, pt->write_buf_size, "port write buffer");
scm_gc_free (pt->read_buf, pt->read_buf_size, "port read buffer");
- SCM_SETSTREAM (sftp_file, NULL);
return 1;
#endif
next prev parent reply other threads:[~2017-05-18 22:01 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-18 1:55 bug#26976: On Hydra, offload crashes while trying to build linux-libre source Mark H Weaver
2017-05-18 2:02 ` Mark H Weaver
2017-05-18 22:00 ` Ludovic Courtès [this message]
2017-05-19 3:20 ` Artyom Poptsov
2017-05-19 12:44 ` Ludovic Courtès
2017-05-19 22:36 ` Ludovic Courtès
2017-05-20 21:59 ` Ludovic Courtès
2017-06-05 21:33 ` Ludovic Courtès
2017-06-13 21:32 ` Ludovic Courtès
2017-06-14 20:10 ` Ludovic Courtès
2017-07-27 10:14 ` Ludovic Courtès
2017-05-20 16:59 ` Mark H Weaver
2017-05-20 18:02 ` Ludovic Courtès
2017-05-20 22:21 ` Ludovic Courtès
2017-06-14 6:58 ` Mark H Weaver
2017-06-14 7:15 ` Mark H Weaver
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87h90h966f.fsf@gnu.org \
--to=ludo@gnu.org \
--cc=26976@debbugs.gnu.org \
--cc=mhw@netris.org \
--cc=poptsov.artyom@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).