[SOLVED] BUG: glibc detected *** listing: double free

Index > Linux > [SOLVED] BUG: glibc detected *** listing: double free

Author

Thread

buzzkill

Joined: 15 Mar 2009
Posts: 111
Location: the nether lands

buzzkill 17 Mar 2009, 14:48

This is my first bug report for fasm, so I'm not quite sure where to put it; I experienced the bug under linux, so I'm putting it in the Linux forum, but I don't know if it's a linux-only bug...

I've got this really awesome app: Smile

Code:

format ELF

section '.text' executable

public _start
_start:
      mov   eax, 4      ; write
      mov   ebx, 1
      mov   ecx, msg
      mov   edx, msg.len
      int   80h         ; exit
      mov   eax, 1
      mov   ebx, 0
      int   80h

section '.data' writeable

msg         db "Hello, World!", 0Ah
.len        = $-msg

I assemble it and let fasm generate debug info:

Code:

$ fasm hello.asm hello.o -s hello.fas

I then want to generate a listing from the debug info (I run this command immediately after the fasm command, as recommended in the readme):

Code:

$ listing -a hello.fas hello.lst
*** glibc detected *** listing: double free or corruption (out): 0x0804ea48 ***
Aborted

Looks like some sort of malloc()-bug?

However, when I run the listing program without the -a switch, it does work without errors. But in the tools/readme.txt it says the -a switch is recommended, and besides: recommended or no, it should work, right? Smile

BTW, Tomasz (I assume you'll handle this), I compiled my listing executable with gcc, the way you recommend Smile

Let me know if there's more info I can give that's useful to you...

Last edited by buzzkill on 17 Mar 2009, 15:27; edited 1 time in total

17 Mar 2009, 14:48

Tomasz Grysztar

Joined: 16 Jun 2003
Posts: 8095
Location: Kraków, Poland

Tomasz Grysztar 17 Mar 2009, 15:16

You're right, it's an memory allocation bug, just a little too short buffer is being allocated there.

For a quick fix, find this piece of code in LISTING.INC:

Code:

        mov     eax,[code_bytes_per_line]
        imul    eax,3
        add     eax,[maximum_address_length]
        add     eax,10
        call    alloc
        jc      not_enough_memory
        mov     [output_buffer],eax

And replace "add eax,10" with "add eax,12".

And, as you can see, this bug isn't specific just to Linux. Thanks for the report.

17 Mar 2009, 15:16

buzzkill

Joined: 15 Mar 2009
Posts: 111
Location: the nether lands

buzzkill 17 Mar 2009, 15:26

Wow, that has to be the quickest bug-fix I've ever seen Shocked

(As opposed to some other projects where bugs sit in a bugzilla for years...) And -ofcourse- your fix works like a charm, I just tested it. Thanks man, great work!

17 Mar 2009, 15:26

vid
Verbosity in development

Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia

vid 17 Mar 2009, 23:40

Quote:

And replace "add eax,10" with "add eax,12".

Needless to say, but that's the result of using notebook instead of symbolic names for structures Wink

17 Mar 2009, 23:40

Tomasz Grysztar

Joined: 16 Jun 2003
Posts: 8095
Location: Kraków, Poland

Tomasz Grysztar 18 Mar 2009, 09:20

vid wrote:

Needless to say, but that's the result of using notebook instead of symbolic names for structures

That's just the result of not couting all the spaces correctly in the fully-qualified listing line. In fact, I just realized that I still didn't take all of them into consideration, because with other count of byte columns you might still get more additional spaces for 8 columns alignment. It safer to put "add eax,18" there.

18 Mar 2009, 09:20

< Last Thread | Next Thread >

Forum Rules:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum