NetBSD Problem Report #49904

From www@NetBSD.org  Thu May 14 08:59:42 2015
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client CN "mail.netbsd.org", Issuer "Postmaster NetBSD.org" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 8F81CA6558
	for <gnats-bugs@gnats.NetBSD.org>; Thu, 14 May 2015 08:59:42 +0000 (UTC)
Message-Id: <20150514085941.79A1CA65ED@mollari.NetBSD.org>
Date: Thu, 14 May 2015 08:59:41 +0000 (UTC)
From: bsiegert@NetBSD.org
Reply-To: bsiegert@NetBSD.org
To: gnats-bugs@NetBSD.org
Subject: pkg_select crashes on startup on Mac OS 10.10
X-Send-Pr-Version: www-1.0

>Number:         49904
>Category:       pkg
>Synopsis:       pkg_select crashes on startup on Mac OS 10.10
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    imil
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu May 14 09:00:00 +0000 2015
>Closed-Date:    Sat Dec 30 18:25:15 +0000 2017
>Last-Modified:  Sat Dec 30 18:25:15 +0000 2017
>Originator:     Benny Siegert
>Release:        pkgsrc-HEAD as of May 2015 (ABI=64)
>Organization:
The NetBSD Foundation
>Environment:
Darwin lem.local 14.3.0 Darwin Kernel Version 14.3.0: Mon Mar 23 11:59:05 PDT 2015; root:xnu-2782.20.48~5/RELEASE_X86_64 x86_64

>Description:
When built on Mac OS 10.10.x 64-bit, pkg_select crashes immediately upon startup. This is what the screen shows:

&#9474; please wait while loading package database...pkg_select(7489,0x7fff74445300) malloc: *** error for object 0x7f9d28700640: incorrect checksum for freed object - object was probably modified after being freed.&#9472;&#9472;&#9472;&#9472;&#9472;&#9472;&#9472;&#9472;&#9472;&#9472;&#9472;&#9472;&#9472;&#9472;&#9472;&#9472;&#9472;&#9472;&#9472;&#9472;&#9472;&#9472;&#9472;&#9472;&#9472;&#9472;&#9472;&#9472;&#9472;&#9472;&#9472;&#9472;&#9472;&#9472;&#9472;&#9496;
*** set a breakpoint in malloc_error_break to debug
Abort

Sounds like a use after free.
>How-To-Repeat:
Build pkg_select:

[lem:pkgsrc/pkgtools/pkg_select] bsiegert% bmake describe
pkg_select-20090308nb3|/usr/pkgsrc/pkgtools/pkg_select|/usr/pkg|Curses based pkgsrc system browser / manager|/usr/pkgsrc/pkgtools/pkg_select/DESCR|imil@gcu.info|pkgtools|||any|any

Run it.

Note that this does not occur on every startup. If you try a couple of times, eventually it will run.
>Fix:

>Release-Note:

>Audit-Trail:

Responsible-Changed-From-To: pkg-manager->imil
Responsible-Changed-By: bsiegert@NetBSD.org
Responsible-Changed-When: Thu, 14 May 2015 09:02:08 +0000
Responsible-Changed-Why:
Assigning to maintainer.


From: Benny Siegert <bsiegert@NetBSD.org>
To: gnats-bugs@netbsd.org
Cc: 
Subject: Re: pkg/49904: pkg_select crashes on startup on Mac OS 10.10
Date: Sat, 16 May 2015 21:08:10 +0200

 I got the following backtrace from running with guard malloc, although
 I am not 100% sure if this is the same crash.

 * thread #1: tid = 0x1db11, 0x00007fff8931df51
 libsystem_platform.dylib`_platform_bzero$VARIANT$Ivybridge + 113,
 queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1,
 address=0x100b35000)
   * frame #0: 0x00007fff8931df51
 libsystem_platform.dylib`_platform_bzero$VARIANT$Ivybridge + 113
     frame #1: 0x00007fff8e3d0e0b libsystem_c.dylib`__memset_chk + 26
     frame #2: 0x0000000100005951
 pkg_select`loadfile(path=0x00007fff5fbfe670) + 225 at file.c:159
     frame #3: 0x000000010000705d
 pkg_select`loadpkginfo(pkg=0x00000001008f7fe5) + 237 at pkg_adm.c:241
     frame #4: 0x0000000100006ecd pkg_select`load_pkgdb + 253 at pkg_adm.c:74
     frame #5: 0x000000010000236d pkg_select`main(argc=0,
 argv=0x00007fff5fbff950) + 1277 at main.c:612
     frame #6: 0x00007fff86f945c9 libdyld.dylib`start + 1
     frame #7: 0x00007fff86f945c9 libdyld.dylib`start + 1

 Also, the original error message actually means that something was freed twice.

State-Changed-From-To: open->closed
State-Changed-By: bsiegert@NetBSD.org
State-Changed-When: Sat, 30 Dec 2017 18:25:15 +0000
State-Changed-Why:
A bunch of pkg_select bugs have just been fixed. I assume this no longer occurs
(though I lack the machine I reported this on).


>Unformatted:
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2014 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.