libbsd 0.5.1 causing segfault in FreeIPA
Eric Smith
brouhaha at fedoraproject.org
Thu Jun 6 10:31:18 PDT 2013
Backtraces are in this Fedora bug:
https://bugzilla.redhat.com/show_bug.cgi?id=971513
The comment by Nalin Dahyabhai seems quite informative, so I'll quote it here:
The top couple of frames in my backtrace (with a little more
debuginfo) look like this:
#0 __strchr_sse2 () at ../sysdeps/x86_64/strchr.S:32
#1 0x00007fffec389cdb in spt_copyenv (oldenv=0x55555577ec10)
at setproctitle.c:94
#2 spt_init (argc=8, argv=0x7fffffffe448, envp=0x55555577ec10)
at setproctitle.c:172
I think that spt_init's use of the passed-in value of "environ" is
causing some trouble because when it calls spt_clearenv(), and
spt_clearenv() ends up calling clearenv(), the value is freed before
it's read.
Patching spt_clearenv() to behave as if HAVE_CLEARENV isn't defined
keeps it from crashing on my system, as the fallback path doesn't
actually free the old environment.
More information about the libbsd
mailing list