I accidentally ran into this while grepping a kernel tree
for the
string 'all rights reserved':
$ cat /etc/redhat-release
CentOS release 4.4 (Final)
$ uname -m
i686
$ rpm -q grep
grep-2.5.1-32.2
$ wget http://www.few.vu.nl/~buytenh/zImage.grep.heap.corrupti
on
$ grep -i "all rights reserved"
zImage.grep.heap.corruption
*** glibc detected *** free(): invalid next size (normal):
0x08c8a168 ***
Aborted
$
Backtrace looks somewhat like this:
#0 0x00abc7a2 in _dl_sysinfo_int80 () from
/lib/ld-linux.so.2
#1 0x00afc7a5 in raise () from /lib/tls/libc.so.6
#2 0x00afe209 in abort () from /lib/tls/libc.so.6
#3 0x00b3071a in __libc_message () from /lib/tls/libc.so.6
#4 0x00b36fbf in _int_free () from /lib/tls/libc.so.6
#5 0x00b3733a in free () from /lib/tls/libc.so.6
#6 0x00b7ece0 in re_search_internal () from
/lib/tls/libc.so.6
#7 0x00b811b3 in re_search_stub () from /lib/tls/libc.so.6
#8 0x00b81623 in re_search () from /lib/tls/libc.so.6
#9 0x080546df in ?? ()
#10 0x090cc970 in ?? ()
#11 0x090d4e15 in ?? ()
#12 0x00000450 in ?? ()
#13 0x00000000 in ?? ()
- I can reproduce this on three different CentOS 4.4 x86
installs.
- It doesn't happen on x86_64 CentOS 4.4, nor on x86 FC6.
- It doesn't trigger if you search without '-i'.
- It doesn't trigger with any random search string.
- There seems to be something special about the length of
the string,
as I can also trigger it with a 19-byte (same length)
string of
just a's, but not with a 18 byte or 20 byte string.
$ grep -i "aaaaaaaaaaaaaaaaaaa"
zImage.grep.heap.corruption
*** glibc detected *** free(): invalid next size (normal):
0x09651f50 ***
Aborted
Can anyone else reproduce this as well?
_______________________________________________
CentOS-devel mailing list
CentOS-devel centos.org
http://lists.centos.org/mailman/listinfo/centos-devel
|
