... because it calls malloc itself. It does this because it wants to preserve
the abort message in __abort_msg, which is noble enough, but deadlocking instead
of aborting is certainly not the intended result.
Created attachment 4923 [details]
Allocate with sbrk instead. This will leak if we call __libc_message() to
abort more than once, but there's not a lot to be done about that.
A few thoughts on this:
* Potentially add another argument to _libc_fatal which says whether or not we can use malloc?
* Will calling sbrk confuse malloc if the program happens to catch SIGABRT?
* Use alloca instead of malloc if the buffer is "small"? Actually, how about always using alloca, and truncating the message to say 1024 characters?
* Why are there duplicate copies of libc_fatal.c in the tree?
I checked in a patch.