[Webkit-unassigned] [Bug 246599] Using bmalloc somehow triggers a crash in glibc's free when running free(NULL) in glib library constructor
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Oct 18 07:13:30 PDT 2022
https://bugs.webkit.org/show_bug.cgi?id=246599
--- Comment #8 from Michael Catanzaro <mcatanzaro at gnome.org> ---
(In reply to N4t3R from comment #7)
> Breakpoint 1, __GI___libc_free (mem=mem at entry=0x0) at malloc.c:3330
> 3330 if (mem == 0) /* free(0) has no effect */
So the crash is here:
https://github.com/bminor/glibc/blob/7363a9a9a097c455a7ddb9386b4c6f7bdf91065f/malloc/malloc.c#L3330
which is absolutely outrageous. I cannot imagine why initializing bmalloc would possibly cause a simple comparison "if (mem == 0)" to crash. It should return there because mem=0x0, not crash.
Let's do two more commands in gdb:
(gdb) info registers
(gdb) disassemble
This is way beyond what I can help debug, but at least now you've collected a bunch of info that will help. Good luck. :/
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20221018/ba710ea1/attachment.htm>
More information about the webkit-unassigned
mailing list