[Webkit-unassigned] [Bug 246599] Using bmalloc somehow triggers a crash in glibc's free when running free(NULL) in glib library constructor

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Oct 17 05:47:09 PDT 2022


https://bugs.webkit.org/show_bug.cgi?id=246599

--- Comment #5 from Michael Catanzaro <mcatanzaro at gnome.org> ---
Anyway, so far we know that something bmalloc does before main() is somehow, improbably, responsible for this, because the crash does not occur if you disable bmalloc using the Malloc=1 environment variable.

We also know valgrind doesn't show anything interesting. At first I thought this indicated it was likely that memory corruption is to blame, but really all it indicates is that the bug is somewhere in one of the memory allocators, either bmalloc or glibc. Both get disabled when running under valgrind.

Next step: rebuild glibc with -O0 to try to see more specifically where it is crashing inside free(). We want to see a line number there.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20221017/16330c37/attachment.htm>


More information about the webkit-unassigned mailing list