BusyBox Bug and Patch Tracking
BusyBox
Main | My View | View Issues | Change Log | Docs
  

Viewing Issue Simple Details Jump to Notes ] View Advanced ] Issue History ] Print ]
ID Category Severity Reproducibility Date Submitted Last Update
0001120 [BusyBox] Other crash always 12-16-06 14:40 12-16-06 16:33
Reporter cziom View Status public  
Assigned To BusyBox
Priority normal Resolution fixed  
Status closed   Product Version 1.2.x
Summary 0001120: patch crashes on BusyBox 1.2.2 patching glibc-2.4
Description Executing busybox 'patch' applet encounters a double free error and crashes.

On a LinuxFromScratch pure64 build on an AMD Opteron system, kernel 2.6.19, patching glibc-2.4 with the glibc-2.4-localedef_segfault-1.patch using the gnu patch utility produces the following correct results:

patching file locale/programs/3level.h
Hunk 0000001 succeeded at 311 with fuzz 2 (offset 107 lines).

However, when using the BusyBox patch applet, the following occurs:

patching file locale/programs/3level.h
patch: Hunk 0000001 FAILED at 204.
patch: 1 out of 1 hunk FAILED
*** glibc detected *** patch: double free or corruption (!prev): 0x00000000005cf280 ***
======= Backtrace: =========
/tools/lib/libc.so.6[0x2af46ff640ad]
/tools/lib/libc.so.6(__libc_free+0x6c)[0x2af46ff656ac]
patch[0x46854f]
patch[0x478bae]
patch[0x478c13]
/tools/lib/libc.so.6(__libc_start_main+0xf4)[0x2af46ff18094]
patch[0x407569]
======= Memory map: ========
00400000-004b9000 r-xp 00000000 08:01 8699915 /usr/bin/patch
005b9000-005bc000 rw-p 000b9000 08:01 8699915 /usr/bin/patch
005bc000-005f0000 rw-p 005bc000 00:00 0 [heap]
2af46fb2b000-2af46fb45000 r-xp 00000000 08:01 6456809 /tools/lib/ld-2.4.so
2af46fb45000-2af46fb46000 rw-p 2af46fb45000 00:00 0
2af46fc44000-2af46fc45000 r--p 00019000 08:01 6456809 /tools/lib/ld-2.4.so
2af46fc45000-2af46fc46000 rw-p 0001a000 08:01 6456809 /tools/lib/ld-2.4.so
2af46fc46000-2af46fc4b000 r-xp 00000000 08:01 6456720 /tools/lib/libcrypt-2.4.so
2af46fc4b000-2af46fd4a000 ---p 00005000 08:01 6456720 /tools/lib/libcrypt-2.4.so
2af46fd4a000-2af46fd4b000 r--p 00004000 08:01 6456720 /tools/lib/libcrypt-2.4.so
2af46fd4b000-2af46fd4c000 rw-p 00005000 08:01 6456720 /tools/lib/libcrypt-2.4.so
2af46fd4c000-2af46fd7b000 rw-p 2af46fd4c000 00:00 0
2af46fd7b000-2af46fdfa000 r-xp 00000000 08:01 6456556 /tools/lib/libm-2.4.so
2af46fdfa000-2af46fef9000 ---p 0007f000 08:01 6456556 /tools/lib/libm-2.4.so
2af46fef9000-2af46fefa000 r--p 0007e000 08:01 6456556 /tools/lib/libm-2.4.so
2af46fefa000-2af46fefb000 rw-p 0007f000 08:01 6456556 /tools/lib/libm-2.4.so
2af46fefb000-2af47001a000 r-xp 00000000 08:01 6456035 /tools/lib/libc-2.4.so
2af47001a000-2af47011a000 ---p 0011f000 08:01 6456035 /tools/lib/libc-2.4.so
2af47011a000-2af47011e000 r--p 0011f000 08:01 6456035 /tools/lib/libc-2.4.so
2af47011e000-2af47011f000 rw-p 00123000 08:01 6456035 /tools/lib/libc-2.4.so
2af47011f000-2af470128000 rw-p 2af47011f000 00:00 0
2af470200000-2af470221000 rw-p 2af470200000 00:00 0
2af470221000-2af470300000 ---p 2af470221000 00:00 0
2af470300000-2af47030d000 r-xp 00000000 08:01 6456846 /tools/lib/libgcc_s.so.1
2af47030d000-2af47040c000 ---p 0000d000 08:01 6456846 /tools/lib/libgcc_s.so.1
2af47040c000-2af47040d000 rw-p 0000c000 08:01 6456846 /tools/lib/libgcc_s.so.1
7fff3af69000-7fff3af7f000 rw-p 7fff3af69000 00:00 0 [stack]
ffffffffff600000-ffffffffffe00000 ---p 00000000 00:00 0 [vdso]
Aborted

BusyBox patch does not specify if it supports fuzz=2. It should not crash in any case. I have not attempted to replicate this error on a standard 32 bit system. It is unknown whether similar behavior will occur in other environments.
Additional Information BusyBox was compiled on a Pure64 LinuxFromScratch system using gcc-4.1.1 and linked against glibc-2.4

the glibc-2.4-localedef_segfault-1.patch file is available from: http://patches.cross-lfs.org/1.0.0/glibc-2.4-localedef_segfault-1.patch [^]

the tarball used to apply the patch is the standard glibc-2.4 code available from: http://ftp.gnu.org/gnu/glibc/glibc-2.4.tar.bz2 [^]

Both the patch file and the 3level.h file from glibc2.4 are included below.
Attached Files  bbox_patch_crash.tar.bz2 [^] (3,444 bytes) 12-16-06 14:40
 bbox_patch-p3_crash.tar.bz2 [^] (3,296 bytes) 12-16-06 16:01

- Relationships

- Notes
(0001870)
vda
12-16-06 15:54

 Attachment bbox_patch_crash.tar.bz2 seems corrupted:

/usr/bin/bzip2 -t bbox_patch_crash.tar.bz2
bzip2: bbox_patch_crash.tar.bz2: data integrity (CRC) error in data
...

# /usr/bin/bzip2 --help
bzip2, a block-sorting file compressor. Version 1.0.2, 30-Dec-2001.
...
 
(0001871)
vda
12-16-06 16:02

 Corrected archive is uploaded
 
(0001872)
vda
12-16-06 16:31

 Fix:

                                                        bb_error_msg("hunk #%d FAILED at %d", hunk_count, hunk_offset_start);
                                                        hunk_error++;
                                                        free(patch_line);
+ patch_line = NULL;
                                                        break;
                                                }
                                                free(src_line);

It doesn't crash anymore.
However bbox patch is still failing to apply the patch, while
patch 2.5.4 succeeds:
patching file 3level.h
Hunk 0000001 succeeded at 202 (offset -2 lines).
 
(0001873)
vda
12-16-06 16:33

 Fixed in rev 16978
 

- Issue History
Date Modified Username Field Change
12-16-06 14:40 cziom New Issue
12-16-06 14:40 cziom Status new => assigned
12-16-06 14:40 cziom Assigned To  => BusyBox
12-16-06 14:40 cziom File Added: bbox_patch_crash.tar.bz2
12-16-06 15:54 vda Note Added: 0001870
12-16-06 16:01 vda File Added: bbox_patch-p3_crash.tar.bz2
12-16-06 16:02 vda Note Added: 0001871
12-16-06 16:31 vda Note Added: 0001872
12-16-06 16:33 vda Status assigned => closed
12-16-06 16:33 vda Note Added: 0001873
12-16-06 16:33 vda Resolution open => fixed

Copyright © 2000 - 2006 Mantis Group
Powered by Mantis Bugtracker