[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
free(NULL) atexit (ITS#1014)
Full_Name: Mike Schiraldi
Version: 2.0.7
OS: RHL 7.0
URL:
Submission from: (NULL) (216.168.254.240)
This may be a bug in glibc. But i mention it on the off chance OpenLDAP is using
glibc incorrectly.
It appears that some md5 code is registering a function via atexit() which will
attempt to free NULL. For some reason the program doesn't die when this happens;
perhaps it has something to do with the fact that it's already exiting. Anyway,
here's the skinny:
$ cat test.c
int main()
{
return 0;
}
$ cat mem.c
#include <stdio.h>
void
free(void * ptr)
{
if(ptr == NULL)
fprintf(stderr, "free() called on NULL pointer!\n");
}
$ gcc test.c -llber -lresolv mem.c
$ ./a.out
$
[Note that there was no problem since -lldap was omitted. Now watch...]
$ gcc test.c -lldap -llber -lresolv mem.c
$ ./a.out
free() called on NULL pointer!
$ gdb a.out
[snip]
(gdb) break fprintf
Breakpoint 1 at 0x80484b0
(gdb) r
[snip]
(gdb) bt
#0 fprintf (stream=0x401809c0,
format=0x8048680 "free() called on NULL pointer!\n") at fprintf.c:31
#1 0x80485f7 in free ()
#2 0x402849ce in free_mem () at md5-crypt.c:263
#3 0x4028400d in __do_global_dtors_aux () from /lib/libcrypt.so.1
#4 0x40286d8d in _fini () from /lib/libcrypt.so.1
#5 0x4000e182 in _dl_fini () at dl-fini.c:170
#6 0x40091f56 in exit (status=0) at exit.c:57
#7 0x4007eb6e in __libc_start_main (main=0x80485cc <main>, argc=1,
ubp_av=0xbffffae4, init=0x8048460 <_init>, fini=0x804863c <_fini>,
rtld_fini=0x4000df24 <_dl_fini>, stack_end=0xbffffadc)
at ../sysdeps/generic/libc-start.c:111
(gdb)
The relevant lines of md5-crypt.c:
static void
__attribute__ ((__destructor__))
free_mem (void)
{
free (buffer);
}
So this could be a glibc bug -- maybe there should be a if(buffer != NULL) in
there. What do you think?