This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug libc/14895] New: corruption in popen pclose


http://sourceware.org/bugzilla/show_bug.cgi?id=14895

             Bug #: 14895
           Summary: corruption in popen pclose
           Product: glibc
           Version: 2.14
            Status: NEW
          Severity: normal
          Priority: P2
         Component: libc
        AssignedTo: unassigned@sourceware.org
        ReportedBy: ajeet.yadav.77@gmail.com
                CC: drepper.fsp@gmail.com
    Classification: Unclassified


Linux version 3.0.33 (Cortex A15)
Below program crashes with 2.14.1 glibc but runs fine with 2.11.1 glibc.

#include <pthread.h>
#include <stdio.h>
#include <stdlib.h>
#include <signal.h>
#include <string.h>
#include <errno.h>

#define MAX_LINE_SIZE 80

#define MAX_THREAD 20
#define MAX_POPEN 10
#define MALLOC_SIZE 16

void* pipe_thread(void *arg)
{
    int i;
    char *p = NULL;
    FILE *fp[MAX_POPEN];
    char shellCommand[MAX_LINE_SIZE];

    memset(shellCommand, 0x00, MAX_LINE_SIZE);
    sprintf(shellCommand, "mount");
    signal(SIGPIPE, SIG_IGN);

    while (1) {
        for (i = 0; i < MAX_POPEN; ++i) {
            fp[i] = popen(shellCommand, "r");
        }

        if (p) {
            free(p);
        }

        for (i = 0; i < MAX_POPEN; ++i) {
            if (fp[i])
                pclose(fp[i]);
        }

        p = malloc(MALLOC_SIZE);
        if (p)
            memset(p, 0, MALLOC_SIZE);
    }
    return NULL;
} 

int main(int argc, char *argv[])
{
    int i;
    pthread_t tid;

    for (i = 0; i < MAX_THREAD; ++i) {
        pthread_create(&tid, NULL, &pipe_thread, (void*)NULL);
    }
    sleep(60);
}

gdb logs:
(gdb) bt
#0  0x4014f998 in _IO_new_fclose (fp=0x1) at iofclose.c:74
#1  0x4015b59c in fwide (fp=0xb8, mode=<optimized out>) at fwide.c:47
#2  0x00008a6c in ?? ()
Cannot access memory at address 0x8
#3  0x00008a6c in ?? ()
Cannot access memory at address 0x8
Backtrace stopped: previous frame identical to this frame (corrupt stack?)

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]