From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <libc-hacker-return-9104-listarch-libc-hacker=sources.redhat.com@sourceware.org>
Received: (qmail 1690 invoked by alias); 2 Nov 2006 16:25:29 -0000
Received: (qmail 1640 invoked by uid 22791); 2 Nov 2006 16:25:29 -0000
X-Spam-Check-By: sourceware.org
Received: from sunsite.ms.mff.cuni.cz (HELO sunsite.mff.cuni.cz) (195.113.15.26)
    by sourceware.org (qpsmtpd/0.31) with ESMTP; Thu, 02 Nov 2006 16:25:13 +0000
Received: from sunsite.mff.cuni.cz (sunsite.mff.cuni.cz [127.0.0.1])
	by sunsite.mff.cuni.cz (8.13.1/8.13.1) with ESMTP id kA2GP32Y020380;
	Thu, 2 Nov 2006 17:25:03 +0100
Received: (from jj@localhost)
	by sunsite.mff.cuni.cz (8.13.1/8.13.1/Submit) id kA2GP27D020379;
	Thu, 2 Nov 2006 17:25:02 +0100
Date: Thu, 02 Nov 2006 16:25:00 -0000
From: Jakub Jelinek <jakub@redhat.com>
To: Ulrich Drepper <drepper@redhat.com>
Cc: Glibc hackers <libc-hacker@sources.redhat.com>
Subject: [PATCH] Fix libmemusage.so
Message-ID: <20061102162502.GC5868@sunsite.mff.cuni.cz>
Reply-To: Jakub Jelinek <jakub@redhat.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4.1i
Mailing-List: contact libc-hacker-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Subscribe: <mailto:libc-hacker-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/libc-hacker/>
List-Post: <mailto:libc-hacker@sourceware.org>
List-Help: <mailto:libc-hacker-help@sourceware.org>, <http://sourceware.org/ml/#faqs>
Sender: libc-hacker-owner@sourceware.org
X-SW-Source: 2006-11/txt/msg00000.txt.bz2

Hi!

When some shared libraries have destructors that free objects allocated
earlier and those destructors are run after libmemusage.so's destructor,
the programs die on invalid pointer passed to free.
One example is e.g. any program linked against libselinux.so.1 (which
malloc's selinux_mnt in its constructor and frees it in its destructor),
like id or ls.
The problem is that libmemusage.so's malloc, free etc. substantially differ
between not_me and !not_me cases (in the former case they just pass through
to libc functions, while in the latter they allocate a header in front
of the memory chunk).  Now, in libmemusage.so's destructor we don't want
the stat info to change when printing the statistics and set not_me to true
to avoid that, but we don't restore this afterwards.
This means selinux_mnt is malloced when not_me is false (i.e. with header
in front of it), but freed when not_me is true (as if it was being allocated
without the header in front of it).

2006-11-02  Jakub Jelinek  <jakub@redhat.com>

	* malloc/memusage.c (dest): Reset not_me back to false after printing
	statistics.

--- libc/malloc/memusage.c.jj	2006-10-19 17:26:39.000000000 +0200
+++ libc/malloc/memusage.c	2006-11-02 17:14:22.000000000 +0100
@@ -887,4 +887,10 @@ dest (void)
         fputc ('=', stderr);
       fputs ("\e[0;0m\n", stderr);
     }
+
+  /* Any following malloc/free etc. calls should generate statistics again,
+     because otherwise freeing something that has been malloced before
+     this destructor (including struct header in front of it) wouldn't
+     be properly freed.  */
+  not_me = false;
 }

	Jakub