Menu

free(): invalid pointer

Open Discussion
Marshall McMullen
2008-08-11
2013-04-30

  • Marshall McMullen

    Marshall McMullen - 2008-08-11

    I've recently set up tripwire, and periodically when I run "tripwire --check" crashes with a free of an invalid pointer.  Below is the stacktrace:

    *** glibc detected *** tripwire: free(): invalid pointer: 0x000075cc9055ae28 ***
    ======= Backtrace: =========
    /lib/libc.so.6[0x3537cffa8a1c]
    /lib/libc.so.6(cfree+0x88)[0x3537cffa97e8]
    /usr/lib/gcc/x86_64-pc-linux-gnu/3.4.6/libstdc++.so.6(_ZdlPv+0x1d)[0x3537cf81c3ad]
    /usr/lib/gcc/x86_64-pc-linux-gnu/3.4.6/libstdc++.so.6(_ZNSs4_Rep10_M_destroyERKSaIcE+0x22)[0x3537cf7f5c52]
    /usr/lib/gcc/x86_64-pc-linux-gnu/3.4.6/libstdc++.so.6(_ZNSsD1Ev+0x7c)[0x3537cf7f603c]
    tripwire[0xbc9418659d3]
    tripwire(main+0xb39)[0xbc941847259]
    /lib/libc.so.6(__libc_start_main+0xf6)[0x3537cff59b76]
    tripwire[0xbc941833c79]
    ======= Memory map: ========
    bc941801000-bc9419d6000 r-xp 00000000 08:23 2532874                      /usr/sbin/tripwire
    bc941bd5000-bc941bd8000 r--p 001d4000 08:23 2532874                      /usr/sbin/tripwire
    bc941bd8000-bc941bea000 rw-p 001d7000 08:23 2532874                      /usr/sbin/tripwire
    bc941bea000-bc941e94000 rw-p bc941bea000 00:00 0                         [heap]
    3537cf163000-3537cf17d000 r-xp 00000000 08:23 3399803                    /lib64/ld-2.6.1.so
    3537cf37d000-3537cf37e000 r--p 0001a000 08:23 3399803                    /lib64/ld-2.6.1.so
    3537cf37e000-3537cf37f000 rw-p 0001b000 08:23 3399803                    /lib64/ld-2.6.1.so
    3537cf37f000-3537cf380000 rw-p 3537cf37f000 00:00 0
    3537cf38b000-3537cf525000 r-xp 00000000 08:23 2531430                    /usr/lib64/libcrypto.so.0.9.8
    3537cf525000-3537cf724000 ---p 0019a000 08:23 2531430                    /usr/lib64/libcrypto.so.0.9.8
    3537cf724000-3537cf732000 r--p 00199000 08:23 2531430                    /usr/lib64/libcrypto.so.0.9.8
    3537cf732000-3537cf749000 rw-p 001a7000 08:23 2531430                    /usr/lib64/libcrypto.so.0.9.8
    3537cf749000-3537cf74d000 rw-p 3537cf749000 00:00 0
    3537cf74d000-3537cf88d000 r-xp 00000000 08:23 2581233                    /usr/lib64/gcc/x86_64-pc-linux-gnu/3.4.6/libstdc++.so.6.0.3
    3537cf88d000-3537cfa8c000 ---p 00140000 08:23 2581233                    /usr/lib64/gcc/x86_64-pc-linux-gnu/3.4.6/libstdc++.so.6.0.3
    3537cfa8c000-3537cfa8f000 r--p 0013f000 08:23 2581233                    /usr/lib64/gcc/x86_64-pc-linux-gnu/3.4.6/libstdc++.so.6.0.3
    3537cfa8f000-3537cfa95000 rw-p 00142000 08:23 2581233                    /usr/lib64/gcc/x86_64-pc-linux-gnu/3.4.6/libstdc++.so.6.0.3
    3537cfa95000-3537cfaa8000 rw-p 3537cfa95000 00:00 0
    3537cfaa8000-3537cfb2d000 r-xp 00000000 08:23 3399794                    /lib64/libm-2.6.1.so
    3537cfb2d000-3537cfd2d000 ---p 00085000 08:23 3399794                    /lib64/libm-2.6.1.so
    3537cfd2d000-3537cfd2e000 r--p 00085000 08:23 3399794                    /lib64/libm-2.6.1.so
    3537cfd2e000-3537cfd2f000 rw-p 00086000 08:23 3399794                    /lib64/libm-2.6.1.so
    3537cfd2f000-3537cfd3a000 r-xp 00000000 08:23 3399761                    /lib64/libgcc_s.so.1
    3537cfd3a000-3537cff39000 ---p 0000b000 08:23 3399761                    /lib64/libgcc_s.so.1
    3537cff39000-3537cff3a000 r--p 0000a000 08:23 3399761                    /lib64/libgcc_s.so.1
    3537cff3a000-3537cff3b000 rw-p 0000b000 08:23 3399761                    /lib64/libgcc_s.so.1
    3537cff3b000-3537cff3c000 rw-p 3537cff3b000 00:00 0
    3537cff3c000-3537d0073000 r-xp 00000000 08:23 3399815                    /lib64/libc-2.6.1.so
    3537d0073000-3537d0273000 ---p 00137000 08:23 3399815                    /lib64/libc-2.6.1.so
    3537d0273000-3537d0277000 r--p 00137000 08:23 3399815                    /lib64/libc-2.6.1.so
    3537d0277000-3537d0278000 rw-p 0013b000 08:23 3399815                    /lib64/libc-2.6.1.so
    3537d0278000-3537d027d000 rw-p 3537d0278000 00:00 0
    3537d027d000-3537d027f000 r-xp 00000000 08:23 3399817                    /lib64/libdl-2.6.1.so
    3537d027f000-3537d047f000 ---p 00002000 08:23 3399817                    /lib64/libdl-2.6.1.so
    3537d047f000-3537d0480000 r--p 00002000 08:23 3399817                    /lib64/libdl-2.6.1.so
    3537d0480000-3537d0481000 rw-p 00003000 08:23 3399817                    /lib64/libdl-2.6.1.so
    3537d0481000-3537d04e5000 rw-p 3537d0481000 00:00 0
    3537d04e6000-3537d04e8000 rw-p 3537d04e6000 00:00 0
    3537d04f2000-3537d04f9000 r-xp 00000000 08:23 3399816                    /lib64/libnss_compat-2.6.1.so
    3537d04f9000-3537d06f8000 ---p 00007000 08:23 3399816                    /lib64/libnss_compat-2.6.1.so
    3537d06f8000-3537d06f9000 r--p 00006000 08:23 3399816                    /lib64/libnss_compat-2.6.1.so
    3537d06f9000-3537d06fa000 rw-p 00007000 08:23 3399816                    /lib64/libnss_compat-2.6.1.so
    3537d06fa000-3537d070e000 r-xp 00000000 08:23 3399824                    /lib64/libnsl-2.6.1.so
    3537d070e000-3537d090d000 ---p 00014000 08:23 3399824                    /lib64/libnsl-2.6.1.so
    3537d090d000-3537d090e000 r--p 00013000 08:23 3399824                    /lib64/libnsl-2.6.1.so
    3537d090e000-3537d090f000 rw-p 00014000 08:23 3399824                    /lib64/libnsl-2.6.1.so
    3537d090f000-3537d0911000 rw-p 3537d090f000 00:00 0
    3537d0911000-3537d091a000 r-xp 00000000 08:23 3399793                    /lib64/libnss_nis-2.6.1.so
    3537d091a000-3537d0b1a000 ---p 00009000 08:23 3399793                    /lib64/libnss_nis-2.6.1.so
    3537d0b1a000-3537d0b1b000 r--p 00009000 08:23 3399793                    /lib64/libnss_nis-2.6.1.so
    3537d0b1b000-3537d0b1c000 rw-p 0000a000 08:23 3399793                    /lib64/libnss_nis-2.6.1.so
    3537d0b1c000-3537d0b26000 r-xp 00000000 08:23 3399786                    /lib64/libnss_files-2.6.1.so
    3537d0b26000-3537d0d25000 ---p 0000a000 08:23 3399786                    /lib64/libnss_files-2.6.1.so
    3537d0d25000-3537d0d26000 r--p 00009000 08:23 3399786                    /lib64/libnss_files-2.6.1.so
    3537d0d26000-3537d0d27000 rw-p 0000a000 08:23 3399786                    /lib64/libnss_files-2.6.1.so
    3537d0d32000-3537d0d36000 r-xp 00000000 08:23 3399813                    /lib64/libnss_dns-2.6.1.so
    3537d0d36000-3537d0f35000 ---p 00004000 08:23 3399813                    /lib64/libnss_dns-2.6.1.so
    3537d0f35000-3537d0f36000 r--p 00003000 08:23 3399813                    /lib64/libnss_dns-2.6.1.so
    3537d0f36000-3537d0f37000 rw-p 00004000 08:23 3399813                    /lib64/libnss_dns-2.6.1.so
    3537d0f37000-3537d0f47000 r-xp 00000000 08:23 3399823                    /lib64/libresolv-2.6.1.so
    3537d0f47000-3537d1147000 ---p 00010000 08:23 3399823                    /lib64/libresolv-2.6.1.so
    3537d1147000-3537d1148000 r--p 00010000 08:23 3399823                    /lib64/libresolv-2.6.1.so
    3537d1148000-3537d1149000 rw-p 00011000 08:23 3399823                    /lib64/libresolv-2.6.1.so
    3537d1149000-3537d114b000 rw-p 3537d1149000 00:00 0
    3537d4000000-3537d4021000 rw-p 3537d4000000 00:00 0
    3537d4021000-3537d8000000 ---p 3537d4021000 00:00 0
    75cc90547000-75cc9055c000 rw-p 7ffffffea000 00:00 0                      [stack]
    ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
    Software interrupt forced exit: Abort

    I'm running a hardened kernel (2.6.24-r3) with both pax and grsecurity.  Has anyone seen this problem before ? The above scenario recreates about every 4/5 times I run it.

    Here's some additional info about my system:
    Distro: Gentoo
    tripwire-2.3.1.2-r2
    glibc-2.6.1

    I'm happy to provide any other requested info.

    Thanks!

     

    • Marshall McMullen

      Marshall McMullen - 2008-08-12

      Never mind, problem solved.  I recompiled tripwire without the stack smash protector from gcc 3.4, as apparently there are known issues with it miscompiling certain types of code.  Now it works perfectly.  Sorry for the extra noise on this list!

       

Log in to post a comment.