[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug #41582] Double free in grub-probe when using LVM
|
From: |
Vladimir Smirnov |
|
Subject: |
[bug #41582] Double free in grub-probe when using LVM |
|
Date: |
Thu, 13 Feb 2014 19:33:43 +0000 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.70 Safari/537.36 |
URL:
<http://savannah.gnu.org/bugs/?41582>
Summary: Double free in grub-probe when using LVM
Project: GNU GRUB
Submitted by: civil
Submitted on: Thu 13 Feb 2014 07:33:42 PM GMT
Category: User Interface
Severity: Major
Priority: 5 - Normal
Item Group: Software Error
Status: None
Privacy: Public
Assigned to: None
Originator Name: Vladimir Smirnov
Originator Email: address@hidden
Open/Closed: Open
Discussion Lock: Any
Release:
Release: Git master
Reproducibility: Every Time
Planned Release: None
_______________________________________________________
Details:
I've upgraded grub from 1.99 to 2.0 (also tried 2.02 beta2 and git master),
and I've found a bug in grub-probe, when running it says:
*** glibc detected *** ./grub-probe: double free or corruption (fasttop):
0x0000000000838760 ***
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x7eb96)[0x7f0487d76b96]
./grub-probe[0x4a4ec6]
./grub-probe[0x4b651e]
./grub-probe[0x4b66a8]
./grub-probe[0x4b6693]
./grub-probe[0x4a444d]
./grub-probe[0x4a2bde]
./grub-probe[0x4a2d1a]
./grub-probe[0x4a2dc7]
./grub-probe[0x49bf3b]
./grub-probe[0x49c461]
./grub-probe[0x49bfa7]
./grub-probe[0x49bfcd]
./grub-probe[0x4035f9]
./grub-probe[0x404d25]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xed)[0x7f0487d1976d]
./grub-probe[0x402c99]
======= Memory map: ========
00400000-004fd000 r-xp 00000000 fc:01 1708269
/home/civil/grub/grub-2.02~beta2/grub-probe
006fd000-006fe000 r--p 000fd000 fc:01 1708269
/home/civil/grub/grub-2.02~beta2/grub-probe
006fe000-00706000 rw-p 000fe000 fc:01 1708269
/home/civil/grub/grub-2.02~beta2/grub-probe
00706000-00714000 rw-p 00000000 00:00 0
00833000-008ca000 rw-p 00000000 00:00 0
[heap]
7f0486dc0000-7f0486dd5000 r-xp 00000000 fc:01 5243270
/lib/x86_64-linux-gnu/libgcc_s.so.1
7f0486dd5000-7f0486fd4000 ---p 00015000 fc:01 5243270
/lib/x86_64-linux-gnu/libgcc_s.so.1
7f0486fd4000-7f0486fd5000 r--p 00014000 fc:01 5243270
/lib/x86_64-linux-gnu/libgcc_s.so.1
7f0486fd5000-7f0486fd6000 rw-p 00015000 fc:01 5243270
/lib/x86_64-linux-gnu/libgcc_s.so.1
7f0486fd8000-7f0487292000 r--p 00000000 fc:01 4194946
/usr/lib/locale/locale-archive
7f0487298000-7f04872b0000 r-xp 00000000 fc:01 5246750
/lib/x86_64-linux-gnu/libpthread-2.15.so
7f04872b0000-7f04874af000 ---p 00018000 fc:01 5246750
/lib/x86_64-linux-gnu/libpthread-2.15.so
7f04874af000-7f04874b0000 r--p 00017000 fc:01 5246750
/lib/x86_64-linux-gnu/libpthread-2.15.so
7f04874b0000-7f04874b1000 rw-p 00018000 fc:01 5246750
/lib/x86_64-linux-gnu/libpthread-2.15.so
7f04874b1000-7f04874b5000 rw-p 00000000 00:00 0
7f04874b8000-7f04874bf000 r-xp 00000000 fc:01 5246748
/lib/x86_64-linux-gnu/librt-2.15.so
7f04874bf000-7f04876be000 ---p 00007000 fc:01 5246748
/lib/x86_64-linux-gnu/librt-2.15.so
7f04876be000-7f04876bf000 r--p 00006000 fc:01 5246748
/lib/x86_64-linux-gnu/librt-2.15.so
7f04876bf000-7f04876c0000 rw-p 00007000 fc:01 5246748
/lib/x86_64-linux-gnu/librt-2.15.so
7f04876c0000-7f04876c2000 r-xp 00000000 fc:01 5246756
/lib/x86_64-linux-gnu/libdl-2.15.so
7f04876c2000-7f04878c2000 ---p 00002000 fc:01 5246756
/lib/x86_64-linux-gnu/libdl-2.15.so
7f04878c2000-7f04878c3000 r--p 00002000 fc:01 5246756
/lib/x86_64-linux-gnu/libdl-2.15.so
7f04878c3000-7f04878c4000 rw-p 00003000 fc:01 5246756
/lib/x86_64-linux-gnu/libdl-2.15.so
7f04878c8000-7f04878d4000 r-xp 00000000 fc:01 5243268
/lib/x86_64-linux-gnu/libudev.so.0.13.0
7f04878d4000-7f0487ad3000 ---p 0000c000 fc:01 5243268
/lib/x86_64-linux-gnu/libudev.so.0.13.0
7f0487ad3000-7f0487ad4000 r--p 0000b000 fc:01 5243268
/lib/x86_64-linux-gnu/libudev.so.0.13.0
7f0487ad4000-7f0487ad5000 rw-p 0000c000 fc:01 5243268
/lib/x86_64-linux-gnu/libudev.so.0.13.0
7f0487ad8000-7f0487af5000 r-xp 00000000 fc:01 5243247
/lib/x86_64-linux-gnu/libselinux.so.1
7f0487af5000-7f0487cf4000 ---p 0001d000 fc:01 5243247
/lib/x86_64-linux-gnu/libselinux.so.1
7f0487cf4000-7f0487cf5000 r--p 0001c000 fc:01 5243247
/lib/x86_64-linux-gnu/libselinux.so.1
7f0487cf5000-7f0487cf6000 rw-p 0001d000 fc:01 5243247
/lib/x86_64-linux-gnu/libselinux.so.1
7f0487cf6000-7f0487cf7000 rw-p 00000000 00:00 0
7f0487cf8000-7f0487ead000 r-xp 00000000 fc:01 5243207
/lib/x86_64-linux-gnu/libc-2.15.so
7f0487ead000-7f04880ad000 ---p 001b5000 fc:01 5243207
/lib/x86_64-linux-gnu/libc-2.15.so
7f04880ad000-7f04880b1000 r--p 001b5000 fc:01 5243207
/lib/x86_64-linux-gnu/libc-2.15.so
7f04880b1000-7f04880b3000 rw-p 001b9000 fc:01 5243207
/lib/x86_64-linux-gnu/libc-2.15.so
7f04880b3000-7f04880b8000 rw-p 00000000 00:00 0
7f04880b8000-7f04880d8000 r-xp 00000000 fc:01 5243041
/lib/libdevmapper.so.1.02.1
7f04880d8000-7f04882d8000 ---p 00020000 fc:01 5243041
/lib/libdevmapper.so.1.02.1
7f04882d8000-7f04882d9000 r--p 00020000 fc:01 5243041
/lib/libdevmapper.so.1.02.1
7f04882d9000-7f04882db000 rw-p 00021000 fc:01 5243041
/lib/libdevmapper.so.1.02.1
7f04882e0000-7f0488302000 r-xp 00000000 fc:01 5246753
/lib/x86_64-linux-gnu/ld-2.15.so
7f04884f5000-7f04884f8000 rw-p 00000000 00:00 0
7f0488500000-7f0488501000 rw-p 00000000 00:00 0
7f0488501000-7f0488502000 rw-p 00000000 00:00 0
7f0488502000-7f0488503000 r--p 00022000 fc:01 5246753
/lib/x86_64-linux-gnu/ld-2.15.so
7f0488503000-7f0488505000 rw-p 00023000 fc:01 5246753
/lib/x86_64-linux-gnu/ld-2.15.so
7f0488505000-7f0488508000 rw-p 00000000 00:00 0
7fff794f0000-7fff79517000 rw-p 00000000 00:00 0
[stack]
7fff795e0000-7fff795e2000 r-xp 00000000 00:00 0
[vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0
[vsyscall]
*** glibc detected *** ./grub-probe: double free or corruption (fasttop):
0x0000000000838760 ***
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x7eb96)[0x7f0487d76b96]
./grub-probe[0x4a4ec6]
./grub-probe[0x4b651e]
./grub-probe[0x4b66a8]
./grub-probe[0x4b6693]
./grub-probe[0x4a444d]
./grub-probe[0x4a2bde]
./grub-probe[0x4a2d1a]
./grub-probe[0x4a2dc7]
./grub-probe[0x49bf3b]
./grub-probe[0x49c461]
./grub-probe[0x49c013]
./grub-probe[0x4035f9]
./grub-probe[0x404d25]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xed)[0x7f0487d1976d]
./grub-probe[0x402c99]
======= Memory map: ========
00400000-004fd000 r-xp 00000000 fc:01 1708269
/home/civil/grub/grub-2.02~beta2/grub-probe
006fd000-006fe000 r--p 000fd000 fc:01 1708269
/home/civil/grub/grub-2.02~beta2/grub-probe
006fe000-00706000 rw-p 000fe000 fc:01 1708269
/home/civil/grub/grub-2.02~beta2/grub-probe
00706000-00714000 rw-p 00000000 00:00 0
00833000-008ca000 rw-p 00000000 00:00 0
[heap]
7f0486dc0000-7f0486dd5000 r-xp 00000000 fc:01 5243270
/lib/x86_64-linux-gnu/libgcc_s.so.1
7f0486dd5000-7f0486fd4000 ---p 00015000 fc:01 5243270
/lib/x86_64-linux-gnu/libgcc_s.so.1
7f0486fd4000-7f0486fd5000 r--p 00014000 fc:01 5243270
/lib/x86_64-linux-gnu/libgcc_s.so.1
7f0486fd5000-7f0486fd6000 rw-p 00015000 fc:01 5243270
/lib/x86_64-linux-gnu/libgcc_s.so.1
7f0486fd8000-7f0487292000 r--p 00000000 fc:01 4194946
/usr/lib/locale/locale-archive
7f0487298000-7f04872b0000 r-xp 00000000 fc:01 5246750
/lib/x86_64-linux-gnu/libpthread-2.15.so
7f04872b0000-7f04874af000 ---p 00018000 fc:01 5246750
/lib/x86_64-linux-gnu/libpthread-2.15.so
7f04874af000-7f04874b0000 r--p 00017000 fc:01 5246750
/lib/x86_64-linux-gnu/libpthread-2.15.so
7f04874b0000-7f04874b1000 rw-p 00018000 fc:01 5246750
/lib/x86_64-linux-gnu/libpthread-2.15.so
7f04874b1000-7f04874b5000 rw-p 00000000 00:00 0
7f04874b8000-7f04874bf000 r-xp 00000000 fc:01 5246748
/lib/x86_64-linux-gnu/librt-2.15.so
7f04874bf000-7f04876be000 ---p 00007000 fc:01 5246748
/lib/x86_64-linux-gnu/librt-2.15.so
7f04876be000-7f04876bf000 r--p 00006000 fc:01 5246748
/lib/x86_64-linux-gnu/librt-2.15.so
7f04876bf000-7f04876c0000 rw-p 00007000 fc:01 5246748
/lib/x86_64-linux-gnu/librt-2.15.so
7f04876c0000-7f04876c2000 r-xp 00000000 fc:01 5246756
/lib/x86_64-linux-gnu/libdl-2.15.so
7f04876c2000-7f04878c2000 ---p 00002000 fc:01 5246756
/lib/x86_64-linux-gnu/libdl-2.15.so
7f04878c2000-7f04878c3000 r--p 00002000 fc:01 5246756
/lib/x86_64-linux-gnu/libdl-2.15.so
7f04878c3000-7f04878c4000 rw-p 00003000 fc:01 5246756
/lib/x86_64-linux-gnu/libdl-2.15.so
7f04878c8000-7f04878d4000 r-xp 00000000 fc:01 5243268
/lib/x86_64-linux-gnu/libudev.so.0.13.0
7f04878d4000-7f0487ad3000 ---p 0000c000 fc:01 5243268
/lib/x86_64-linux-gnu/libudev.so.0.13.0
7f0487ad3000-7f0487ad4000 r--p 0000b000 fc:01 5243268
/lib/x86_64-linux-gnu/libudev.so.0.13.0
7f0487ad4000-7f0487ad5000 rw-p 0000c000 fc:01 5243268
/lib/x86_64-linux-gnu/libudev.so.0.13.0
7f0487ad8000-7f0487af5000 r-xp 00000000 fc:01 5243247
/lib/x86_64-linux-gnu/libselinux.so.1
7f0487af5000-7f0487cf4000 ---p 0001d000 fc:01 5243247
/lib/x86_64-linux-gnu/libselinux.so.1
7f0487cf4000-7f0487cf5000 r--p 0001c000 fc:01 5243247
/lib/x86_64-linux-gnu/libselinux.so.1
7f0487cf5000-7f0487cf6000 rw-p 0001d000 fc:01 5243247
/lib/x86_64-linux-gnu/libselinux.so.1
7f0487cf6000-7f0487cf7000 rw-p 00000000 00:00 0
7f0487cf8000-7f0487ead000 r-xp 00000000 fc:01 5243207
/lib/x86_64-linux-gnu/libc-2.15.so
7f0487ead000-7f04880ad000 ---p 001b5000 fc:01 5243207
/lib/x86_64-linux-gnu/libc-2.15.so
7f04880ad000-7f04880b1000 r--p 001b5000 fc:01 5243207
/lib/x86_64-linux-gnu/libc-2.15.so
7f04880b1000-7f04880b3000 rw-p 001b9000 fc:01 5243207
/lib/x86_64-linux-gnu/libc-2.15.so
7f04880b3000-7f04880b8000 rw-p 00000000 00:00 0
7f04880b8000-7f04880d8000 r-xp 00000000 fc:01 5243041
/lib/libdevmapper.so.1.02.1
7f04880d8000-7f04882d8000 ---p 00020000 fc:01 5243041
/lib/libdevmapper.so.1.02.1
7f04882d8000-7f04882d9000 r--p 00020000 fc:01 5243041
/lib/libdevmapper.so.1.02.1
7f04882d9000-7f04882db000 rw-p 00021000 fc:01 5243041
/lib/libdevmapper.so.1.02.1
7f04882e0000-7f0488302000 r-xp 00000000 fc:01 5246753
/lib/x86_64-linux-gnu/ld-2.15.so
7f04884f5000-7f04884f8000 rw-p 00000000 00:00 0
7f0488500000-7f0488501000 rw-p 00000000 00:00 0
7f0488501000-7f0488502000 rw-p 00000000 00:00 0
7f0488502000-7f0488503000 r--p 00022000 fc:01 5246753
/lib/x86_64-linux-gnu/ld-2.15.so
7f0488503000-7f0488505000 rw-p 00023000 fc:01 5246753
/lib/x86_64-linux-gnu/ld-2.15.so
7f0488505000-7f0488508000 rw-p 00000000 00:00 0
7fff794f0000-7fff79517000 rw-p 00000000 00:00 0
[stack]
7fff795e0000-7fff795e2000 r-xp 00000000 00:00 0
[vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0
[vsyscall]
ext2
*** glibc detected *** ./grub-probe: double free or corruption (fasttop):
0x0000000000838760 ***
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x7eb96)[0x7f0487d76b96]
./grub-probe[0x4a4ec6]
./grub-probe[0x4b651e]
./grub-probe[0x4b66a8]
./grub-probe[0x4b6693]
./grub-probe[0x408f76]
./grub-probe[0x404d91]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xed)[0x7f0487d1976d]
./grub-probe[0x402c99]
======= Memory map: ========
00400000-004fd000 r-xp 00000000 fc:01 1708269
/home/civil/grub/grub-2.02~beta2/grub-probe
006fd000-006fe000 r--p 000fd000 fc:01 1708269
/home/civil/grub/grub-2.02~beta2/grub-probe
006fe000-00706000 rw-p 000fe000 fc:01 1708269
/home/civil/grub/grub-2.02~beta2/grub-probe
00706000-00714000 rw-p 00000000 00:00 0
00833000-009d2000 rw-p 00000000 00:00 0
[heap]
7f0486dc0000-7f0486dd5000 r-xp 00000000 fc:01 5243270
/lib/x86_64-linux-gnu/libgcc_s.so.1
7f0486dd5000-7f0486fd4000 ---p 00015000 fc:01 5243270
/lib/x86_64-linux-gnu/libgcc_s.so.1
7f0486fd4000-7f0486fd5000 r--p 00014000 fc:01 5243270
/lib/x86_64-linux-gnu/libgcc_s.so.1
7f0486fd5000-7f0486fd6000 rw-p 00015000 fc:01 5243270
/lib/x86_64-linux-gnu/libgcc_s.so.1
7f0486fd8000-7f0487292000 r--p 00000000 fc:01 4194946
/usr/lib/locale/locale-archive
7f0487298000-7f04872b0000 r-xp 00000000 fc:01 5246750
/lib/x86_64-linux-gnu/libpthread-2.15.so
7f04872b0000-7f04874af000 ---p 00018000 fc:01 5246750
/lib/x86_64-linux-gnu/libpthread-2.15.so
7f04874af000-7f04874b0000 r--p 00017000 fc:01 5246750
/lib/x86_64-linux-gnu/libpthread-2.15.so
7f04874b0000-7f04874b1000 rw-p 00018000 fc:01 5246750
/lib/x86_64-linux-gnu/libpthread-2.15.so
7f04874b1000-7f04874b5000 rw-p 00000000 00:00 0
7f04874b8000-7f04874bf000 r-xp 00000000 fc:01 5246748
/lib/x86_64-linux-gnu/librt-2.15.so
7f04874bf000-7f04876be000 ---p 00007000 fc:01 5246748
/lib/x86_64-linux-gnu/librt-2.15.so
7f04876be000-7f04876bf000 r--p 00006000 fc:01 5246748
/lib/x86_64-linux-gnu/librt-2.15.so
7f04876bf000-7f04876c0000 rw-p 00007000 fc:01 5246748
/lib/x86_64-linux-gnu/librt-2.15.so
7f04876c0000-7f04876c2000 r-xp 00000000 fc:01 5246756
/lib/x86_64-linux-gnu/libdl-2.15.so
7f04876c2000-7f04878c2000 ---p 00002000 fc:01 5246756
/lib/x86_64-linux-gnu/libdl-2.15.so
7f04878c2000-7f04878c3000 r--p 00002000 fc:01 5246756
/lib/x86_64-linux-gnu/libdl-2.15.so
7f04878c3000-7f04878c4000 rw-p 00003000 fc:01 5246756
/lib/x86_64-linux-gnu/libdl-2.15.so
7f04878c8000-7f04878d4000 r-xp 00000000 fc:01 5243268
/lib/x86_64-linux-gnu/libudev.so.0.13.0
7f04878d4000-7f0487ad3000 ---p 0000c000 fc:01 5243268
/lib/x86_64-linux-gnu/libudev.so.0.13.0
7f0487ad3000-7f0487ad4000 r--p 0000b000 fc:01 5243268
/lib/x86_64-linux-gnu/libudev.so.0.13.0
7f0487ad4000-7f0487ad5000 rw-p 0000c000 fc:01 5243268
/lib/x86_64-linux-gnu/libudev.so.0.13.0
7f0487ad8000-7f0487af5000 r-xp 00000000 fc:01 5243247
/lib/x86_64-linux-gnu/libselinux.so.1
7f0487af5000-7f0487cf4000 ---p 0001d000 fc:01 5243247
/lib/x86_64-linux-gnu/libselinux.so.1
7f0487cf4000-7f0487cf5000 r--p 0001c000 fc:01 5243247
/lib/x86_64-linux-gnu/libselinux.so.1
7f0487cf5000-7f0487cf6000 rw-p 0001d000 fc:01 5243247
/lib/x86_64-linux-gnu/libselinux.so.1
7f0487cf6000-7f0487cf7000 rw-p 00000000 00:00 0
7f0487cf8000-7f0487ead000 r-xp 00000000 fc:01 5243207
/lib/x86_64-linux-gnu/libc-2.15.so
7f0487ead000-7f04880ad000 ---p 001b5000 fc:01 5243207
/lib/x86_64-linux-gnu/libc-2.15.so
7f04880ad000-7f04880b1000 r--p 001b5000 fc:01 5243207
/lib/x86_64-linux-gnu/libc-2.15.so
7f04880b1000-7f04880b3000 rw-p 001b9000 fc:01 5243207
/lib/x86_64-linux-gnu/libc-2.15.so
7f04880b3000-7f04880b8000 rw-p 00000000 00:00 0
7f04880b8000-7f04880d8000 r-xp 00000000 fc:01 5243041
/lib/libdevmapper.so.1.02.1
7f04880d8000-7f04882d8000 ---p 00020000 fc:01 5243041
/lib/libdevmapper.so.1.02.1
7f04882d8000-7f04882d9000 r--p 00020000 fc:01 5243041
/lib/libdevmapper.so.1.02.1
7f04882d9000-7f04882db000 rw-p 00021000 fc:01 5243041
/lib/libdevmapper.so.1.02.1
7f04882e0000-7f0488302000 r-xp 00000000 fc:01 5246753
/lib/x86_64-linux-gnu/ld-2.15.so
7f04884f5000-7f04884f8000 rw-p 00000000 00:00 0
7f04884ff000-7f0488502000 rw-p 00000000 00:00 0
7f0488502000-7f0488503000 r--p 00022000 fc:01 5246753
/lib/x86_64-linux-gnu/ld-2.15.so
7f0488503000-7f0488505000 rw-p 00023000 fc:01 5246753
/lib/x86_64-linux-gnu/ld-2.15.so
7f0488505000-7f0488508000 rw-p 00000000 00:00 0
7fff794f0000-7fff79517000 rw-p 00000000 00:00 0
[stack]
7fff795e0000-7fff795e2000 r-xp 00000000 00:00 0
[vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0
[vsyscall]
Aborted
So I've started digging. With some help, it was narrowed down to
grub-core/disk/diskfilter.c:886 where first free occured.
It seems that for some reasons, lv->fullname == lv->name == vg->name, but
there lv->fullname is freed and replaced with new value (but lv->name and
vg->name is not).
I've created a simple patch for that. Though, I'm a bit in doubt about it's
correctness, because I can't understand why vg->name == lv->fullname.
While digging, I've also find small memory leak (lv->idname is allocated, but
never freed), and also fixed it.
I hope it'll help somebody.
_______________________________________________________
File Attachments:
-------------------------------------------------------
Date: Thu 13 Feb 2014 07:33:42 PM GMT Name:
0001-Fix-double-free-when-using-LVM.patch Size: 901B By: civil
<http://savannah.gnu.org/bugs/download.php?file_id=30542>
-------------------------------------------------------
Date: Thu 13 Feb 2014 07:33:42 PM GMT Name: 0002-Fix-small-memory-leak.patch
Size: 707B By: civil
<http://savannah.gnu.org/bugs/download.php?file_id=30543>
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?41582>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
- [bug #41582] Double free in grub-probe when using LVM,
Vladimir Smirnov <=