libc死机问题一(invalid pointer、数组或者指针越界)

一、简要介绍下glibc libc
glibc:
最开始是由fsf组织发起,实现ANSI C标准,在1990年后开始兼容c89和posix标准
libc:
1)起源于glibc,在1990年后,linux内核开发者发现glibc的发展过于缓慢,就拷贝了一个分支,后独立发展libc2-libc5
2)但1997年,glibc release了2.0版本,在可移植性,功能支持(ipv6、64位)等各方面均超越libc,libc分支就被废弃,重新启用glibc


但由此,版本号升级为libc6指向glibc2


引文:
http://en.wikipedia.org/wiki/GNU_C_Library


二、GNU扩展mcheck


简单说下mcheck可能检测的错误:


MCHECK_HEAD
数组或者指针越界,下限
MCHECK_TAIL
数组或者指针越界,上限
MCHECK_FREE
两次free


三、*** glibc detected  free(): invalid pointer: 0x36dfab78 问题
Program received signal SIGABRT, Aborted.


原因主要是源码中有破坏heap一致性的地方,违反了GNU扩展mcheck,glibc库调用了abort,向进程发送SIGABRT,进程挂掉


解决方式:
1)最科学的解决方式是去掉此部分不合理的代码,
2)一种变通的方式是设置环境变量,可以ignore这部分问题,但视代码情况有可能会掩盖存在的问题




四、测试源码:
/*  test program
    Copyright (C) 2013 Jiancheng Li.
    Written August 2013 by Jiancheng Li.
    e-mail:[email protected]


    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.


    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.


    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
*/
#include <stdlib.h>
#include <stdio.h>






main(void)
{
    void *p = malloc(32);
    printf("p=0x%x\n",p);
    free(p);
    printf("after free p one time\n");
    free(p);
    printf("after free p seconde time\n");
    
}
第一次执行main
[root@linux mcheck]# ./main 
p=0x1fffb010
after free p one time
*** glibc detected *** ./main: double free or corruption (fasttop): 0x000000001fffb010 ***
======= Backtrace: =========
/lib64/libc.so.6[0x380fc7245f]
/lib64/libc.so.6(cfree+0x4b)[0x380fc728bb]
./main[0x4005ad]
/lib64/libc.so.6(__libc_start_main+0xf4)[0x380fc1d994]
./main[0x4004b9]
======= Memory map: ========
00400000-00401000 r-xp 00000000 08:02 210141200                          /home/lijiancheng/test/mcheck/main
00600000-00601000 rw-p 00000000 08:02 210141200                          /home/lijiancheng/test/mcheck/main
1fffb000-2001c000 rw-p 1fffb000 00:00 0                                  [heap]
380f400000-380f41c000 r-xp 00000000 08:02 143884625                      /lib64/ld-2.5.so
380f61c000-380f61d000 r--p 0001c000 08:02 143884625                      /lib64/ld-2.5.so
380f61d000-380f61e000 rw-p 0001d000 08:02 143884625                      /lib64/ld-2.5.so
380fc00000-380fd4e000 r-xp 00000000 08:02 143884626                      /lib64/libc-2.5.so
380fd4e000-380ff4e000 ---p 0014e000 08:02 143884626                      /lib64/libc-2.5.so
380ff4e000-380ff52000 r--p 0014e000 08:02 143884626                      /lib64/libc-2.5.so
380ff52000-380ff53000 rw-p 00152000 08:02 143884626                      /lib64/libc-2.5.so
380ff53000-380ff58000 rw-p 380ff53000 00:00 0 
3811c00000-3811c0d000 r-xp 00000000 08:02 143884638                      /lib64/libgcc_s-4.1.2-20080825.so.1
3811c0d000-3811e0d000 ---p 0000d000 08:02 143884638                      /lib64/libgcc_s-4.1.2-20080825.so.1
3811e0d000-3811e0e000 rw-p 0000d000 08:02 143884638                      /lib64/libgcc_s-4.1.2-20080825.so.1
2b5a3739a000-2b5a3739d000 rw-p 2b5a3739a000 00:00 0 
2b5a373c8000-2b5a373c9000 rw-p 2b5a373c8000 00:00 0 
7fffbbc20000-7fffbbc35000 rw-p 7ffffffe9000 00:00 0                      [stack]
7fffbbc4e000-7fffbbc51000 r-xp 7fffbbc4e000 00:00 0                      [vdso]
ffffffffff600000-ffffffffffe00000 ---p 00000000 00:00 0                  [vsyscall]
Aborted






设置MALLOC_CHECK_环境变量
[root@linux mcheck]# export MALLOC_CHECK_=0






第二次执行main
[root@linux mcheck]# ./main
p=0x91a0010
after free p one time
after free p seconde time

你可能感兴趣的:(Invalid,pointer,glibc,死机,数组越界,堆栈检测)