Bug 18948 - Use after Free in _initialize_python
Summary: Use after Free in _initialize_python
Status: RESOLVED DUPLICATE of bug 20037
Alias: None
Product: gdb
Classification: Unclassified
Component: gdb (show other bugs)
Version: 7.9
: P2 normal
Target Milestone: ---
Assignee: Not yet assigned to anyone
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-09-10 14:20 UTC by Anton Rechkov
Modified: 2016-05-24 15:44 UTC (History)
1 user (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Anton Rechkov 2015-09-10 14:20:34 UTC
➜  Bin git:(master) ✗ LD_PRELOAD=/usr/lib64/libasan.so.2.0.0 gdb ./blabla_compiled_with_san_analyzer
=================================================================
==12238==ERROR: AddressSanitizer: heap-use-after-free on address 0x610000007e40 at pc 0x7f3d6758b6b5 bp 0x7ffd35343ad0 sp 0x7ffd35343278
READ of size 2 at 0x610000007e40 thread T0
    #0 0x7f3d6758b6b4  (/usr/lib64/libasan.so.2.0.0+0x516b4)
    #1 0x567f92 in _initialize_python (/usr/bin/gdb+0x567f92)
    #2 0x747748 in initialize_all_files (/usr/bin/gdb+0x747748)
    #3 0x70c8e8 in gdb_init (/usr/bin/gdb+0x70c8e8)
    #4 0x63d33b  (/usr/bin/gdb+0x63d33b)
    #5 0x6399f4 in catch_errors (/usr/bin/gdb+0x6399f4)
    #6 0x63e41a in gdb_main (/usr/bin/gdb+0x63e41a)
    #7 0x466b34 in main (/usr/bin/gdb+0x466b34)
    #8 0x7f3d647306ff in __libc_start_main (/lib64/libc.so.6+0x206ff)
    #9 0x466b78 in _start (/usr/bin/gdb+0x466b78)

0x610000007e40 is located 0 bytes inside of 181-byte region [0x610000007e40,0x610000007ef5)
freed by thread T0 here:
    #0 0x7f3d675d270a in __interceptor_free (/usr/lib64/libasan.so.2.0.0+0x9870a)
    #1 0x7f3d6473ab95 in setlocale (/lib64/libc.so.6+0x2ab95)

previously allocated by thread T0 here:
    #0 0x7f3d675d2a0a in malloc (/usr/lib64/libasan.so.2.0.0+0x98a0a)
    #1 0x7f3d6473a24d in new_composite_name (/lib64/libc.so.6+0x2a24d)

SUMMARY: AddressSanitizer: heap-use-after-free ??:0 ??
Shadow bytes around the buggy address:
  0x0c207fff8f70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05
  0x0c207fff8f80: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
  0x0c207fff8f90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06
  0x0c207fff8fa0: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
  0x0c207fff8fb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05
=>0x0c207fff8fc0: fa fa fa fa fa fa fa fa[fd]fd fd fd fd fd fd fd
  0x0c207fff8fd0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa
  0x0c207fff8fe0: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
  0x0c207fff8ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c207fff9000: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c207fff9010: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
==12238==ABORTING
Comment 1 Tom Tromey 2016-05-24 15:44:05 UTC
I think this is a dup of 20037.

*** This bug has been marked as a duplicate of bug 20037 ***