The attached program (corruption.c) exposes a memory corruption issue with
malloc running on multithread.
The corruption has been reproduced on several computers running various Linux
distributions, and with glibc ranging from 2.5 to 2.9. It has not been
reproduced on glibc 2.3
The corruption has been reproduced on 2,4 and 8 cores machines. It has not been
reproduced on monocore machines. It has only been reproduced on x86_64, not on x86
The attached program basically does:
* malloc a buffer of size X
* fill it with a memory pattern
* realloc it to size 2X
* check that the pattern is still ok on [0:X[
On the attached program, depending on X, the last Y bytes are corrupted, with Y
ranging from 0 to 8. Several runs of a few seconds might be required to expose
the bug.
Here is the complete matrix of reproduction cases.
Distro Cpu Cores Libc GCC Kernel Vulnerable
Debian Etch x86-64 8 2.3 4.1.2 2.6.27 No
Debian Lenny ?? 2 2.7 4.3.2 ? No
RH5 x86-64 4 2.5 4.1.2 2.6.18 Yes
Gentoo x86-64 4 2.8 4.1.2 2.6.27 Yes
CentOS 5.2 x86-64 4 2.5 4.1.2 2.6.18 Yes
Debian Sid x86 1 2.9 4.3.3 2.6.26 No
RH4 x86-64 2 2.3 3.4 2.6.9 No
Gentoo x86-64 4 2.6.1 4.1.2 2.6.25 Yes
Gentoo x86-64 2 2.5 4.1.1 2.6.20 Yes
Gentoo x86-64 8 2.6.1 4.1.1 2.6.28 Yes
Debian Sid x86 2 2.9 4.3.3 2.6.26 No
Debian Testing x86-64 2 2.7 4.1.2 2.6.26 Yes
This might be related to BUG 6952
(if it's related, then it probably produces an easier reproduction case)
--
Summary: malloc thread-safety issues
Product: glibc
Version: 2.8
Status: NEW
Severity: normal
Priority: P2
Component: libc
AssignedTo: drepper at redhat dot com
ReportedBy: clement dot stenac at exalead dot com
CC: glibc-bugs at sources dot redhat dot com
http://sourceware.org/bugzilla/show_bug.cgi?id=10018------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
