From: Jeff King <peff@peff.net>
To: Dilyan Palauzov <dilyan.palauzov@aegee.org>
Cc: git@vger.kernel.org
Subject: Re: git 2.2.2 annotate crash (strbuf.c:32)
Date: Sun, 8 Feb 2015 20:28:58 -0500 [thread overview]
Message-ID: <20150209012858.GB21072@peff.net> (raw)
In-Reply-To: <54D7D634.2050807@aegee.org>
On Sun, Feb 08, 2015 at 10:33:40PM +0100, Dilyan Palauzov wrote:
> I use git 2.2.2 and on my system git annotate crashed with the following
> log.
I couldn't reproduce it with a few simple examples. Is it possible for
you to show us the repository and command that caused this?
> (gdb) bt full
> #0 0x00007fe420649655 in raise () from /lib64/libc.so.6
> No symbol table info available.
> #1 0x00007fe42064aad8 in abort () from /lib64/libc.so.6
> No symbol table info available.
> #2 0x00007fe42068928b in __libc_message () from /lib64/libc.so.6
> No symbol table info available.
> #3 0x00007fe42068ee36 in malloc_printerr () from /lib64/libc.so.6
> No symbol table info available.
> #4 0x00007fe42068fbb3 in _int_free () from /lib64/libc.so.6
> No symbol table info available.
> #5 0x000000000041335a in strbuf_release (sb=0x7fff44797480) at strbuf.c:32
> sb = 0x7fff44797480
So presumably the sb->buf we pass to free() is not valid. Given the
address of the strbuf, and the address of the commit_info here:
> #6 commit_info_destroy (ci=0x7fff447973e0) at builtin/blame.c:1646
> No locals.
we are at offset 160, which is almost certainly the ci->summary strbuf.
Which is:
> summary = {
> alloc = 26,
> len = 25,
> buf = 0xe05b50 <incomplete sequence \330>
> }
The alloc/len look reasonable, but the buffer looks odd (it should
probably have some actual text in it). I don't see anywhere in the code
that we assign to that buffer or do anything questionable, though. We
just strbuf_add and then eventually strbuf_release it. You cannot even
get into this situation by calling strbuf_release twice, as it sets the
pointer to a known value after it is freed.
-Peff
next prev parent reply other threads:[~2015-02-09 1:29 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-02-08 21:33 git 2.2.2 annotate crash (strbuf.c:32) Dilyan Palauzov
2015-02-09 1:28 ` Jeff King [this message]
2015-02-09 4:39 ` Eric Sunshine
2015-02-09 10:33 ` Dilyan Palauzov
2015-02-09 18:46 ` Eric Sunshine
2015-02-09 19:22 ` Dilyan Palauzov
2015-02-09 20:50 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150209012858.GB21072@peff.net \
--to=peff@peff.net \
--cc=dilyan.palauzov@aegee.org \
--cc=git@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.