Probable bug in libparted 2.1

bug-parted
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Probable bug in libparted 2.1

From:	Christian
Subject:	Probable bug in libparted 2.1
Date:	Mon, 18 Jan 2010 01:48:20 +0100
Hello everyone,

  While performing tests on a program that uses libparted I found a
problem. What happens if you accidentally uses the function
`ped_disk_delete_partition' on a partition of type
`PED_PARTITION_FREESPACE? My test program has tried to do this on a
table of type msdos. 

The first time the function `ped_disk_delete_partition' returned a
nonzero value (ie success), the partition has been destroyed but has
continued to appear in the table. The second time the function has
attempted to destroy the partition, but when he tried to free the memory
using the function `free' the C library has aborted the execution of the
test.

If it can be useful I tried using gdb. This is the last part of output:

        ped_partition_destroy (part=0x9267138) at disk.c:1313
        1313            PED_ASSERT (part != NULL, return);
        (gdb) n
        1314            PED_ASSERT (part->disk != NULL, return);
        (gdb) 
        1315            PED_ASSERT (part->disk->type->ops->partition_new != 
NULL, return);
        (gdb) 
        1317            part->disk->type->ops->partition_destroy (part);
        (gdb) s
        msdos_partition_destroy (part=0x9267138) at dos.c:1306
        1306            PED_ASSERT (part != NULL, return);
        (gdb) n
        1308            if (ped_partition_is_active (part)) {
        (gdb) 
        1314            free (part);
        (gdb) list 1306
        1301    }
        1302    
        1303    static void
        1304    msdos_partition_destroy (PedPartition* part)
        1305    {
        1306            PED_ASSERT (part != NULL, return);
        1307    
        1308            if (ped_partition_is_active (part)) {
        1309                    DosPartitionData* dos_data;
        1310                    dos_data = (DosPartitionData*) 
part->disk_specific;
        (gdb) 
        1311                    free (dos_data->orig);
        1312                    free (part->disk_specific);
        1313            }
        1314            free (part);
        1315    }
        (gdb) s
        *** glibc detected *** ~/test: free(): invalid next size (fast): 
0x09267138 ***
        ======= Backtrace: =========
        /lib/tls/i686/cmov/libc.so.6[0xb7d6d604]
        /lib/tls/i686/cmov/libc.so.6(cfree+0x96)[0xb7d6f5b6]
        /usr/local/lib/libparted-2.1.so.0[0xb7ea3ccb]
        
/usr/local/lib/libparted-2.1.so.0(ped_partition_destroy+0x33)[0xb7e732e3]
        
/usr/local/lib/libparted-2.1.so.0(ped_disk_delete_partition+0x60)[0xb7e74690]
        ~/test[0x804bf1b]
        ~/test[0x804a985]
        ~/test[0x804a20d]
        ~/test[0x804a41b]
        /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe5)[0xb7d14775]
        ~/test[0x8049051]
        ======= Memory map: ========
        08048000-0804e000 r-xp 00000000 08:01 691409     ~/test
        0804e000-0804f000 r--p 00005000 08:01 691409     ~/test
        0804f000-08050000 rw-p 00006000 08:01 691409     ~/test
        09267000-09288000 rw-p 09267000 00:00 0          [heap]
        b7b00000-b7b21000 rw-p b7b00000 00:00 0 
        b7b21000-b7c00000 ---p b7b21000 00:00 0 
        b7cf9000-b7cfa000 rw-p b7cf9000 00:00 0 
        b7cfa000-b7cfc000 r-xp 00000000 08:01 271383     
/lib/tls/i686/cmov/libdl-2.9.so
        b7cfc000-b7cfd000 r--p 00001000 08:01 271383     
/lib/tls/i686/cmov/libdl-2.9.so
        b7cfd000-b7cfe000 rw-p 00002000 08:01 271383     
/lib/tls/i686/cmov/libdl-2.9.so
        b7cfe000-b7e5a000 r-xp 00000000 08:01 271377     
/lib/tls/i686/cmov/libc-2.9.so
        b7e5a000-b7e5b000 ---p 0015c000 08:01 271377     
/lib/tls/i686/cmov/libc-2.9.so
        b7e5b000-b7e5d000 r--p 0015c000 08:01 271377     
/lib/tls/i686/cmov/libc-2.9.so
        b7e5d000-b7e5e000 rw-p 0015e000 08:01 271377     
/lib/tls/i686/cmov/libc-2.9.so
        b7e5e000-b7e61000 rw-p b7e5e000 00:00 0 
        b7e61000-b7ec7000 r-xp 00000000 08:01 950573     
/usr/local/lib/libparted-2.1.so.0.0.0
        b7ec7000-b7ec8000 ---p 00066000 08:01 950573     
/usr/local/lib/libparted-2.1.so.0.0.0
        b7ec8000-b7eca000 r--p 00066000 08:01 950573     
/usr/local/lib/libparted-2.1.so.0.0.0
        b7eca000-b7ecb000 rw-p 00068000 08:01 950573     
/usr/local/lib/libparted-2.1.so.0.0.0
        b7ecb000-b7ed2000 rw-p b7ecb000 00:00 0 
        b7ed9000-b7ee6000 r-xp 00000000 08:01 254019     /lib/libgcc_s.so.1
        b7ee6000-b7ee7000 r--p 0000c000 08:01 254019     /lib/libgcc_s.so.1
        b7ee7000-b7ee8000 rw-p 0000d000 08:01 254019     /lib/libgcc_s.so.1
        b7ee8000-b7eea000 rw-p b7ee8000 00:00 0 
        b7eea000-b7eeb000 r-xp b7eea000 00:00 0          [vdso]
        b7eeb000-b7f07000 r-xp 00000000 08:01 254006     /lib/ld-2.9.so
        b7f07000-b7f08000 r--p 0001b000 08:01 254006     /lib/ld-2.9.so
        b7f08000-b7f09000 rw-p 0001c000 08:01 254006     /lib/ld-2.9.so
        bf957000-bf96c000 rw-p bffeb000 00:00 0          [stack]
        
        Program received signal SIGABRT, Aborted.
        0xb7eea430 in __kernel_vsyscall ()
        (gdb) 
        
I do not know if this happens only with tables of type msdos but I think
that a control inside the function `ped_disk_remove_partition 'should
fix this problem (if this can be considered a problem)

Thanks to all.

        Christian.
[Prev in Thread]
Current Thread
[Next in Thread]
Probable bug in libparted 2.1, Christian <=
Prev by Date: report the bug
Next by Date: GNU storage guide?
Previous by thread: report the bug
Next by thread: GNU storage guide?
Index(es):
- Date
- Thread