From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 3ECFF3860C33; Thu, 21 Jan 2021 13:28:01 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 3ECFF3860C33 From: "hadkeakash4 at gmail dot com" To: glibc-bugs@sourceware.org Subject: [Bug libc/27216] Illegally written memory chunk address and its value is not getting printed in core file Date: Thu, 21 Jan 2021 13:28:01 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: libc X-Bugzilla-Version: 2.27 X-Bugzilla-Keywords: X-Bugzilla-Severity: enhancement X-Bugzilla-Who: hadkeakash4 at gmail dot com X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: glibc-bugs@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Glibc-bugs mailing list List-Unsubscribe: , List-Archive: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Jan 2021 13:28:01 -0000 https://sourceware.org/bugzilla/show_bug.cgi?id=3D27216 --- Comment #3 from Akash Hadke --- (In reply to Carlos O'Donell from comment #1) > (In reply to Akash Hadke from comment #0) > > When illegal memory write operation (write after free) get performed and > > code fails it should provide address of illegally written memory chunk = and > > its value in core file for debugging purpose. >=20 > Could you please elaborate further on this? >=20 > 1. Provide an example program. I tried below CPP code to reproduce the issue typedef std::size_t Item; const std::size_t nItemsWanted =3D 64 / sizeof (Item); Item *const paItems1 =3D new Item [nItemsWanted]; { std::fill (paItems1, paItems1 + nItemsWanted, Item(0x8899AABBCCDDEEFF)); } delete [] paItems1; paItems1 [0] =3D 0x00214E414D544142; Item *const paItems3 =3D new Item [nItemsWanted]; Item *const paItems4 =3D new Item [nItemsWanted]; > 2. Provide example output. Above code failed and reproduce core file. After debugging core file got below backtrace. (gdb) bt #0 0x00007ff12b8f8407 in _GI__libc_malloc (bytes=3D64) at /usr/src/debug/glibc/2.27-r0/git/malloc/malloc.c:3068 #1 0x00007ff12c261b48 in operator new(unsigned long) () from /usr/lib/libstdc++.so.6 #2 0x000055c2db586645 in main () at /usr/src/debug/qtbase/5.6.2+gitAUTOINC+b4ada3f0d8-r0/Example-of-Buggy-Progr= am-v2.cpp:22 (gdb) x/8gx e Value can't be converted to integer. But I am expecting below output. (gdb) bt #0 __malloc_tcache_walk (ptcache=3D0x55b28b3d0010, tc_idx=3Dtc_idx@entry=3D= 3, e=3De@entry=3D0x55b28b3e1e70) at /usr/src/debug/glibc/2.27-r0/git/malloc/malloc.c:2949 #1 0x00007f90e5abc53a in tcache_get (tc_idx=3D3) at /usr/src/debug/glibc/2.27-r0/git/malloc/malloc.c:2984 #2 _GI__libc_malloc (bytes=3D64) at /usr/src/debug/glibc/2.27-r0/git/malloc/malloc.c:3096 #3 0x00007f90e6425b48 in operator new(unsigned long) () from /usr/lib/libstdc++.so.6 #4 0x000055b28a44263b in main () at /usr/src/debug/qtbase/5.6.2+gitAUTOINC+b4ada3f0d8-r0/Example-of-Buggy-Progr= am-v2.cpp:21 (gdb) x/8gx e 0x55b28b3e1e70: 0x00214e414d544142 0x000055b28b3d0010 0x55b28b3e1e80: 0x8899aabbccddeeff 0x8899aabbccddeeff 0x55b28b3e1e90: 0x8899aabbccddeeff 0x8899aabbccddeeff 0x55b28b3e1ea0: 0x8899aabbccddeeff 0x8899aabbccddeeff Where it will show heap chunk and illegally written address and its value. > 3. Describe data that should be written and under what conditions. To improve the tracing in case of production issues. We need traces from the production issues and its too complex to run the valgrind at least in production cases. I have suggested a patch for this. http://patchwork.sourceware.org/project/glibc/patch/CAK0fB4M6pXPL9D1aL8TcpF= GZDvjqoJrv93N_hDO26XHkVAkwAw@mail.gmail.com/ --=20 You are receiving this mail because: You are on the CC list for the bug.=