Bug #39749 for Geo-Proj4: 'make test' gives crash with free()ing an invalid pointer

Wed Oct 01 14:45:54 2008 DSTAHLKE [...] cpan.org - Ticket created

Subject:

'make test' gives crash with free()ing an invalid pointer

With Perl 5.10.0 on Fedora 9, the Geo::Proj4 module will not pass "make test". It works fine on another box that is Fedora 8 with Perl 5.8.8. Both boxes are x86_64. A workaround is to comment out lines 205-207 in Proj4.xs which free the x, y, and z variables, although I haven't looked at the code enough to tell what is going on. Here is an excerpt of the error that I get: PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t t/10utm........*** glibc detected *** /usr/bin/perl: free(): invalid pointer: 0x000000000160ff58 *** ======= Backtrace: ========= /lib64/libc.so.6[0x33d2478228] /lib64/libc.so.6(cfree+0x76)[0x33d247a866] blib/arch/auto/Geo/Proj4/Proj4.so(XS_Geo__Proj4_transform_proj4+0xcca)[0x60760a] /usr/lib64/perl5/5.10.0/x86_64-linux-thread-multi/CORE/libperl.so(Perl_pp_entersub+0x5a5)[0x34956bf6a5] /usr/lib64/perl5/5.10.0/x86_64-linux-thread-multi/CORE/libperl.so(Perl_runops_debug+0x137)[0x3495694a87] /usr/lib64/perl5/5.10.0/x86_64-linux-thread-multi/CORE/libperl.so(perl_run+0x497)[0x34956bb5c7] /usr/bin/perl(main+0xe4)[0x400cf4] /lib64/libc.so.6(__libc_start_main+0xfa)[0x33d241e32a] /usr/bin/perl[0x400b49]

Wed Oct 01 15:20:59 2008 Mark [...] Overmeer.net - Correspondence added

CC:	undisclosed-recipients: ;
Subject:	Re: [rt.cpan.org #39749] 'make test' gives crash with free()ing an invalid pointer
Date:	Wed, 1 Oct 2008 21:20:38 +0200
To:	DSTAHLKE via RT <bug-Geo-Proj4 [...] rt.cpan.org>
From:	Mark Overmeer <mark [...] overmeer.net>

* DSTAHLKE via RT (bug-Geo-Proj4@rt.cpan.org) [081001 18:45]: Show quoted text

> Transaction: Ticket created by DSTAHLKE > Queue: Geo-Proj4 > Subject: 'make test' gives crash with free()ing an invalid pointer > > With Perl 5.10.0 on Fedora 9, the Geo::Proj4 module will not pass "make > test". It works fine on another box that is Fedora 8 with Perl 5.8.8. > Both boxes are x86_64. A workaround is to comment out lines 205-207 in > Proj4.xs which free the x, y, and z variables, although I haven't looked > at the code enough to tell what is going on.

This kind of bugs is extremely hard to tackle. However... see https://list.hut.fi/pipermail/geo-perl/2008-August.txt -- MarkOv ------------------------------------------------------------------------ Mark Overmeer MSc MARKOV Solutions Mark@Overmeer.net solutions@overmeer.net http://Mark.Overmeer.net http://solutions.overmeer.net

Wed Oct 01 15:21:00 2008 The RT System itself - Status changed from 'new' to 'open'

Thu Oct 02 13:09:03 2008 DSTAHLKE [...] cpan.org - Correspondence added

Mark, I think I have tracked it down. The problem is that you need to use the Safefree() command instead of free(). The perlapi manpage mentions this function but doesn't exactly relate the necessity of using it. The problem is that the New() macro uses perl's own malloc() wrapper. For one reason or another they decided to put some custom metadata in the beginning of the memory block and therefore return a pointer that is a few bytes past the actual start of the malloc'd block. This amount needs to be subtracted again before the pointer is suitable for being free'd. The bug only turns up when some sort of memory tracking feature is compiled into perl, and this is why some people experience the bug and others don't. From valgrind: ==17590== Invalid free() / delete / delete[] ==17590== at 0x4A0609F: free (vg_replace_malloc.c:323) ==17590== by 0x56465C9: XS_Geo__Proj4_transform_proj4 (Proj4.xs:211) ==17590== by 0x34956BF6A4: Perl_pp_entersub (in /usr/lib64/perl5/5.10.0/x86_64-linux-thread-multi/CORE/libperl.so) ==17590== by 0x3495694A86: Perl_runops_debug (in /usr/lib64/perl5/5.10.0/x86_64-linux-thread-multi/CORE/libperl.so) ==17590== by 0x34956BB5C6: perl_run (in /usr/lib64/perl5/5.10.0/x86_64-linux-thread-multi/CORE/libperl.so) ==17590== by 0x400CF3: main (in /usr/bin/perl) ==17590== Address 0x51dddf8 is 24 bytes inside a block of size 32 alloc'd ==17590== at 0x4A0739E: malloc (vg_replace_malloc.c:207) ==17590== by 0x349569D091: Perl_safesysmalloc (in /usr/lib64/perl5/5.10.0/x86_64-linux-thread-multi/CORE/libperl.so) ==17590== by 0x5645EBA: XS_Geo__Proj4_transform_proj4 (Proj4.xs:162) ==17590== by 0x34956BF6A4: Perl_pp_entersub (in /usr/lib64/perl5/5.10.0/x86_64-linux-thread-multi/CORE/libperl.so) ==17590== by 0x3495694A86: Perl_runops_debug (in /usr/lib64/perl5/5.10.0/x86_64-linux-thread-multi/CORE/libperl.so) ==17590== by 0x34956BB5C6: perl_run (in /usr/lib64/perl5/5.10.0/x86_64-linux-thread-multi/CORE/libperl.so) ==17590== by 0x400CF3: main (in /usr/bin/perl) And in the perl source: (gdb) list Perl_safesysmalloc ... 85 #ifdef PERL_TRACK_MEMPOOL 86 size += sTHX; 87 #endif ... 115 ptr = (Malloc_t)((char*)ptr+sTHX);

Thu Oct 02 17:25:39 2008 Mark [...] Overmeer.net - Correspondence added

Subject:	Re: [rt.cpan.org #39749] 'make test' gives crash with free()ing an invalid pointer
Date:	Thu, 2 Oct 2008 23:25:23 +0200
To:	DSTAHLKE via RT <bug-Geo-Proj4 [...] rt.cpan.org>
From:	Mark Overmeer <mark [...] overmeer.net>

* DSTAHLKE via RT (bug-Geo-Proj4@rt.cpan.org) [081002 17:09]: Show quoted text

> Queue: Geo-Proj4 > Ticket <URL: http://rt.cpan.org/Ticket/Display.html?id=39749 > > > I think I have tracked it down. The problem is that you need to use the > Safefree() command instead of free().

You're an XS wizzard! Genious! -- Regards, MarkOv ------------------------------------------------------------------------ Mark Overmeer MSc MARKOV Solutions Mark@Overmeer.net solutions@overmeer.net http://Mark.Overmeer.net http://solutions.overmeer.net

Mon Nov 24 02:59:04 2008 MARKOV [...] cpan.org - Correspondence added

Problem got fixed in 1.00

Mon Nov 24 02:59:06 2008 MARKOV [...] cpan.org - Status changed from 'open' to 'resolved'