[physfs] physfs corruption (double free) in hardened version

Patrick Matthäi pmatthaei at debian.org
Wed May 4 15:59:10 EDT 2011


Am 04.05.2011 21:48, schrieb Ryan C. Gordon:
> 
>> I have attached a test program of a bug submitter, with that physfs
>> crashs, because of a double free exception, on amd64 (but not on i386).
> 
> I can't reproduce this; Valgrind reports no double free errors, and
> glibc does not panic about a double-free as was indicated.
> 
> I build this on amd64 with physfs-2.0.2 and gcc "version 4.4.5
> (Ubuntu/Linaro 4.4.4-14ubuntu5)", made a testdir directory and put two
> dummy files in it.
> 
> gcc -O0 -ggdb3 -o bug bug.c -I.. ./libphysfs.a -lz -std=c99
> 
> bug.c correctly gets a list of the two dummy files, and then
> successfully frees that list without a double-free. If I add a call to
> PHYSFS_deinit() at the end, there isn't even a single memory leak in the
> whole program.
> 
> Perhaps the problem is elsewhere?
> 
> (Granted, I'm not building this "hardened" ... if you give me
> instructions for that, I'll try it.)

The easiest way is:
# apt-get install hardening-wrapper
$ export DEB_BUILD_HARDENING=1
$ ./configure; make foo

Have a look here (there you also see the build flags):
http://wiki.debian.org/Hardening

-- 
/*
Mit freundlichem Gruß / With kind regards,
 Patrick Matthäi
 GNU/Linux Debian Developer

E-Mail: pmatthaei at debian.org
        patrick at linux-dev.org

Comment:
Always if we think we are right,
we were maybe wrong.
*/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://icculus.org/pipermail/physfs/attachments/20110504/27fb31f5/attachment.pgp>


More information about the physfs mailing list