sh breaks down

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

sh breaks down

972 Views
MFM
Contributor I

Hi,

I'm developing an application on an MCF54452 processor with an embedded linux port that uses busybox.

When executing my process I am getting this error message after some ENTER or ps or ls in shell and the system hangs up.

 

*** glibc detected *** -sh: free(): invalid pointer: 0x801d22b8 ***

======= Backtrace: =========

/lib/libc.so.6[0x8012fdac]

/lib/libc.so.6[0x80131252]

/lib/libc.so.6(cfree+0xa2)[0x801313a4]

-sh[0x8004eebc]

======= Memory map: ========

80000000-8007c000 r-xp 00000000 1f:0�

 

I remarked that when I declare a global buffer of more than 60KB the problem vanished !!!! Here is a trace of the shared memory buffers (allocated with shmget() and shmatt() ), you can see that the wrong pointer address is in the range of allocated buffers!!

Can anyone give me an explanation of that ? sh code space isn't protected from other processes ?

 

-----> with buffer

========> 232 - 0x801D4000

========> 231 - 0x801D8000

========> 250 - 0x801DC000

========> 230 - 0x801DE000

========> 229 - 0x801E0000

========> 242 - 0x801E2000

========> 228 - 0x801E4000

========> 245 - 0x801E6000

========> 247 - 0x801F4000

========> 224 - 0x801F6000

========> 223 - 0x801F8000

========> 251 - 0x801FA000

========> 79 - 0x801FC000

========> 78 - 0x801FE000

========> 77 - 0x80200000

 

----> Without buffer

========> 0xE8 - 0x801C6000

========> 0xE7 - 0x801CA000

========> 0xFA - 0x801CE000

========> 0xE6 - 0x801D0000

========> 0xE5 - 0x801D2000

========> 0xF2 - 0x801D4000

========> 0xE4 - 0x801D6000

========> 0xF5 - 0x801D8000

========> 0xF7 - 0x801E6000

========> 0xE0 - 0x801E8000

========> 0xDF - 0x801EA000

========> 0xFB - 0x801EC000

========> 0x4F - 0x801EE000

========> 0x4E - 0x801F0000

========> 0x4D - 0x801F2000

Labels (1)
0 Kudos
Reply
1 Reply

512 Views
MFM
Contributor I
Here is the output of /proc/PID/maps:
/ # cat /proc/465/maps
80000000-80036000 r-xp 00000000 00:0d 203 /home/itlapp/modules/busmanager
80036000-8003a000 rw-p 00034000 00:0d 203 /home/itlapp/modules/busmanager
8003a000-80054000 rwxp 8003a000 00:00 0 [heap]
80054000-8006a000 r-xp 00000000 1f:04 325 /lib/ld-2.5.so
8006a000-8006e000 rw-p 00014000 1f:04 325 /lib/ld-2.5.so
8006e000-80076000 r-xp 00000000 1f:04 365 /lib/librt-2.5.so
80076000-80078000 rw-p 00006000 1f:04 365 /lib/librt-2.5.so
80078000-80082000 rw-p 80078000 00:00 0
80082000-80178000 r-xp 00000000 1f:04 334 /lib/libc-2.5.so
80178000-80180000 rw-p 000f4000 1f:04 334 /lib/libc-2.5.so
80180000-80182000 rw-p 80180000 00:00 0
80182000-80190000 r-xp 00000000 1f:04 361 /lib/libpthread-0.10.so
80190000-80192000 rw-p 0000c000 1f:04 361 /lib/libpthread-0.10.so
80192000-801d4000 rw-p 80192000 00:00 0
bfd82000-bfdac000 rwxp bffd6000 00:00 0 [stack]

and for sh:
/ # cat /proc/477/maps
80000000-8007c000 r-xp 00000000 1f:04 21 /bin/busybox
8007c000-80080000 rw-p 0007a000 1f:04 21 /bin/busybox
80080000-8008a000 rwxp 80080000 00:00 0 [heap]
8008a000-800a0000 r-xp 00000000 1f:04 325 /lib/ld-2.5.so
800a0000-800a4000 rw-p 00014000 1f:04 325 /lib/ld-2.5.so
800a4000-800aa000 r-xp 00000000 1f:04 338 /lib/libcrypt-2.5.so
800aa000-800ac000 rw-p 00004000 1f:04 338 /lib/libcrypt-2.5.so
800ac000-800d2000 rw-p 800ac000 00:00 0
800d2000-801c8000 r-xp 00000000 1f:04 334 /lib/libc-2.5.so
801c8000-801d0000 rw-p 000f4000 1f:04 334 /lib/libc-2.5.so
801d0000-802d4000 rw-p 801d0000 00:00 0
bfb20000-bfb4a000 rwxp bffd6000 00:00 0 [stack]

When I added a declaration of a global buffer of almost 60KB I remarked that the overlapping happens no more and all is ok
0 Kudos
Reply