sh breaks down

MFM · ‎12-15-2009

Hi,

I'm developing an application on an MCF54452 processor with an embedded linux port that uses busybox.

When executing my process I am getting this error message after some ENTER or ps or ls in shell and the system hangs up.

*** glibc detected *** -sh: free(): invalid pointer: 0x801d22b8 ***

======= Backtrace: =========

/lib/libc.so.6[0x8012fdac]

/lib/libc.so.6[0x80131252]

/lib/libc.so.6(cfree+0xa2)[0x801313a4]

-sh[0x8004eebc]

======= Memory map: ========

80000000-8007c000 r-xp 00000000 1f:0ï¿½

I remarked that when I declare a global buffer of more than 60KB the problem vanished !!!! Here is a trace of the shared memory buffers (allocated with shmget() and shmatt() ), you can see that the wrong pointer address is in the range of allocated buffers!!

Can anyone give me an explanation of that ? sh code space isn't protected from other processes ?

-----> with buffer

========> 232 - 0x801D4000

========> 231 - 0x801D8000

========> 250 - 0x801DC000

========> 230 - 0x801DE000

========> 229 - 0x801E0000

========> 242 - 0x801E2000

========> 228 - 0x801E4000

========> 245 - 0x801E6000

========> 247 - 0x801F4000

========> 224 - 0x801F6000

========> 223 - 0x801F8000

========> 251 - 0x801FA000

========> 79 - 0x801FC000

========> 78 - 0x801FE000

========> 77 - 0x80200000

----> Without buffer

========> 0xE8 - 0x801C6000

========> 0xE7 - 0x801CA000

========> 0xFA - 0x801CE000

========> 0xE6 - 0x801D0000

========> 0xE5 - 0x801D2000

========> 0xF2 - 0x801D4000

========> 0xE4 - 0x801D6000

========> 0xF5 - 0x801D8000

========> 0xF7 - 0x801E6000

========> 0xE0 - 0x801E8000

========> 0xDF - 0x801EA000

========> 0xFB - 0x801EC000

========> 0x4F - 0x801EE000

========> 0x4E - 0x801F0000

========> 0x4D - 0x801F2000

MFM · ‎12-16-2009

Here is the output of /proc/PID/maps:
/ # cat /proc/465/maps
80000000-80036000 r-xp 00000000 00:0d 203 /home/itlapp/modules/busmanager
80036000-8003a000 rw-p 00034000 00:0d 203 /home/itlapp/modules/busmanager
8003a000-80054000 rwxp 8003a000 00:00 0 [heap]
80054000-8006a000 r-xp 00000000 1f:04 325 /lib/ld-2.5.so
8006a000-8006e000 rw-p 00014000 1f:04 325 /lib/ld-2.5.so
8006e000-80076000 r-xp 00000000 1f:04 365 /lib/librt-2.5.so
80076000-80078000 rw-p 00006000 1f:04 365 /lib/librt-2.5.so
80078000-80082000 rw-p 80078000 00:00 0
80082000-80178000 r-xp 00000000 1f:04 334 /lib/libc-2.5.so
80178000-80180000 rw-p 000f4000 1f:04 334 /lib/libc-2.5.so
80180000-80182000 rw-p 80180000 00:00 0
80182000-80190000 r-xp 00000000 1f:04 361 /lib/libpthread-0.10.so
80190000-80192000 rw-p 0000c000 1f:04 361 /lib/libpthread-0.10.so
80192000-801d4000 rw-p 80192000 00:00 0
bfd82000-bfdac000 rwxp bffd6000 00:00 0 [stack]

and for sh:
/ # cat /proc/477/maps
80000000-8007c000 r-xp 00000000 1f:04 21 /bin/busybox
8007c000-80080000 rw-p 0007a000 1f:04 21 /bin/busybox
80080000-8008a000 rwxp 80080000 00:00 0 [heap]
8008a000-800a0000 r-xp 00000000 1f:04 325 /lib/ld-2.5.so
800a0000-800a4000 rw-p 00014000 1f:04 325 /lib/ld-2.5.so
800a4000-800aa000 r-xp 00000000 1f:04 338 /lib/libcrypt-2.5.so
800aa000-800ac000 rw-p 00004000 1f:04 338 /lib/libcrypt-2.5.so
800ac000-800d2000 rw-p 800ac000 00:00 0
800d2000-801c8000 r-xp 00000000 1f:04 334 /lib/libc-2.5.so
801c8000-801d0000 rw-p 000f4000 1f:04 334 /lib/libc-2.5.so
801d0000-802d4000 rw-p 801d0000 00:00 0
bfb20000-bfb4a000 rwxp bffd6000 00:00 0 [stack]

When I added a declaration of a global buffer of almost 60KB I remarked that the overlapping happens no more and all is ok

sh breaks down

sh breaks down

General