qcache -a crashes with "free(): invalid next size" Reproducible: Always *** glibc detected *** qcache: free(): invalid next size (fast): 0x096e0c20 *** ======= Backtrace: ========= /lib/libc.so.6[0xb7e94370] /lib/libc.so.6(cfree+0x89)[0xb7e95d89] qcache[0x80565b5] qcache[0x80500f7] qcache[0x8054146] /lib/libc.so.6(__libc_start_main+0xdc)[0xb7e4060c] qcache[0x80498c1] ======= Memory map: ======== 08048000-0806c000 r-xp 00000000 08:03 56099325 /usr/bin/q 0806c000-08077000 rw-p 00024000 08:03 56099325 /usr/bin/q 08077000-08083000 rw-p 08077000 00:00 0 096e0000-09701000 rw-p 096e0000 00:00 0 [heap] b7c00000-b7c21000 rw-p b7c00000 00:00 0 b7c21000-b7d00000 ---p b7c21000 00:00 0 b7e29000-b7e2a000 rw-p b7e29000 00:00 0 b7e2a000-b7f5e000 r-xp 00000000 08:03 56364225 /lib/libc-2.8.so b7f5e000-b7f60000 r--p 00133000 08:03 56364225 /lib/libc-2.8.so b7f60000-b7f61000 rw-p 00135000 08:03 56364225 /lib/libc-2.8.so b7f61000-b7f65000 rw-p b7f61000 00:00 0 b7f85000-b7f90000 r-xp 00000000 08:03 43040811 /usr/lib/gcc/i686-pc-linux-gnu/4.3.1/libgcc_s.so.1 b7f90000-b7f91000 r--p 0000a000 08:03 43040811 /usr/lib/gcc/i686-pc-linux-gnu/4.3.1/libgcc_s.so.1 b7f91000-b7f92000 rw-p 0000b000 08:03 43040811 /usr/lib/gcc/i686-pc-linux-gnu/4.3.1/libgcc_s.so.1 b7f92000-b7f93000 rw-p b7f92000 00:00 0 b7f93000-b7fad000 r-xp 00000000 08:03 56364224 /lib/ld-2.8.so b7fad000-b7fae000 r--p 0001a000 08:03 56364224 /lib/ld-2.8.so b7fae000-b7faf000 rw-p 0001b000 08:03 56364224 /lib/ld-2.8.so bfb9a000-bfbaf000 rw-p bffeb000 00:00 0 [stack] ffffe000-fffff000 r-xp 00000000 00:00 0 [vdso] gdb backtrace: #6 0x080565b5 in qcache_traverse (func=0x80513e8 <qcache_all>) at qcache.c:593 #7 0x080500f7 in q_main (argc=2, argv=0xbfa65714) at q.c:82 #8 0x08054146 in main (argc=2, argv=0xbfa65714) at main.c:1039 valgrind: ==16793== ==16793== Invalid write of size 4 ==16793== at 0x804A951: read_keywords (qcache.c:209) ==16793== by 0x805142B: qcache_all (qcache.c:692) ==16793== by 0x80565B4: qcache_traverse (qcache.c:593) ==16793== by 0x80500F6: q_main (q.c:82) ==16793== by 0x8054145: main (main.c:1039) ==16793== Address 0x42813a4 is 0 bytes after a block of size 60 alloc'd ==16793== at 0x4023D9A: malloc (vg_replace_malloc.c:207) ==16793== by 0x80510CD: xmalloc (xmalloc.c:33) ==16793== by 0x8051417: qcache_all (qcache.c:690) ==16793== by 0x80565B4: qcache_traverse (qcache.c:593) ==16793== by 0x80500F6: q_main (q.c:82) ==16793== by 0x8054145: main (main.c:1039)
portage-utils-0.1.29: compiled on Jan 17 2008 $Id: qcache.c,v 1.32 2007/05/24 14:47:18 solar Exp $ cache written for Gentoo by <solar and vapier @ gentoo.org> Portage 2.2_rc1 (default-linux/x86/2007.0, gcc-4.3.1, glibc-2.8_p20080602-r0, 2.6.25-gentoo-r6-ines i686) ================================================================= System uname: Linux-2.6.25-gentoo-r6-ines-i686-Intel-R-_Core-TM-2_CPU_6600_@_2.40GHz-with-glibc2.0 Timestamp of tree: Wed, 16 Jul 2008 20:18:01 +0000 distcc 2.18.3 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled] ccache version 2.4 [disabled] app-shells/bash: 3.2_p39 dev-java/java-config: 1.3.7, 2.1.6-r1 dev-lang/python: 2.4.4-r7, 2.5.2-r5 dev-python/pycrypto: 2.0.1-r6 dev-util/ccache: 2.4-r7 sys-apps/baselayout: 2.0.0 sys-apps/openrc: 0.2.5 sys-apps/sandbox: 1.2.18.1-r2 sys-devel/autoconf: 2.13, 2.62-r1 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10.1-r1 sys-devel/binutils: 2.18-r3 sys-devel/gcc-config: 1.4.0-r4 sys-devel/libtool: 2.2.4 virtual/os-headers: 2.6.25-r4 ACCEPT_KEYWORDS="x86 ~x86" CBUILD="i686-pc-linux-gnu" CFLAGS="-march=prescott -O2 -pipe -ggdb -fvar-tracking" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/config /var/bind /var/lib/hsqldb" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c /etc/udev/rules.d" CXXFLAGS="-march=prescott -O2 -pipe -ggdb -fvar-tracking" DISTDIR="/usr/portage/distfiles" FEATURES="distlocks installsources metadata-transfer nostrip notitles parallel-fetch preserve-libs sandbox sfperms strict unmerge-orphans userfetch userpriv usersandbox" GENTOO_MIRRORS="http://cudlug.cudenver.edu/gentoo/ http://gentoo.llarian.net/ http://trumpetti.atm.tut.fi/gentoo/ http://src.gentoo.pl http://gentoo.prz.rzeszow.pl http://gentoo.zie.pg.gda.pl http://gentoo.po.opole.pl ftp://gentoo.po.opole.pl http://ftp.du.se/pub/os/gentoo http://ds.thn.htu.se/linux/gentoo http://mirror.pudas.net/gentoo" LANG="en_US.utf8" LC_ALL="en_US.utf8" LDFLAGS="" LINGUAS="en pl" MAKEOPTS="-j4" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/portage/local/layman/sunrise /home/portage" SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" USE="3dnow 3dnowex X acl acpi adns alsa apache2 arts async berkdb bluetooth branding browserplugin bzip2 cgi cli cracklib crypt css cups curl dbus debug divx4linux dlloader doc dri dvd dvdr encode exif expat fam fastcgi ffmpeg fortran gd gdbm geoip gif gimp gimpprint glitz gpm gtk gtkhtml hal hash iconv imagemagick inifile innodb ipv6 irda isdnlog jabber java javamail javascript jpeg junit kde kipi ldap libnotify lm_sensors maildir mbox midi mmx mmxext mono mozdevelop mp3 mp4 mplayer mudflap musepack mysql mysqli ncurses nls nptl nptlonly nsplugin nvidia ogg opengl openmp pam pcre pdf perl php png posix ppd ppds pppd python readline real reflection ruby samba server session slang spell spl sqlite sse sse2 ssl ssse3 svg symlink tcpd tetex tiff transcode trayicon truetype tv type1 unicode usb v4l v4l2 vhosts visualization vorbis win32codecs wmf x86 xcomposite xinerama xorg xsl xvid zlib zvbi" ALSA_CARDS="hda-intel" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic auth_digest authn_anon authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock dbd deflate dir disk_cache env expires ext_filter file_cache filter headers ident imagemap include info log_config logio mem_cache mime mime_magic negotiation proxy proxy_ajp proxy_balancer proxy_connect proxy_http rewrite setenvif so speling status unique_id userdir usertrack vhost_alias" APACHE2_MPMS="prefork" CAMERAS="aox canon digigr8 digita directory fuji hp215 iclick konica lg_gsm mustek pccam300 pccam600 ptp2 ricoh samsung template adc65 agfa_cl20 barbie casio_qv clicksmart310 dimagev dimera3500 enigma13 gsmart300 jamcam jd11 kodak_dc120 kodak_dc210 kodak_dc240 kodak_dc3200 kodak_ez200 konica_qm150 largan mars panasonic_coolshot panasonic_dc1000 panasonic_dc1580 panasonic_l859 polaroid_pdc320 polaroid_pdc640 polaroid_pdc700 ricoh_g3 sierra sipix_blink sipix_blink2 sipix_web2 smal sonix sony_dscf1 sony_dscf55 soundvision spca50x sq905 stv0674 stv0680 sx330z toshiba_pdrm11 agfacl20 casio dimera kodak minolta panasonic polaroid sipix sonydscf1 sonydscf55 toshiba" ELIBC="glibc" INPUT_DEVICES="keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en pl" USERLAND="GNU" VIDEO_CARDS="nvidia vesa nv" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
confirming that there is such a bug. my portage info: Portage 2.1.4.4 (default/linux/x86/2008.0, gcc-4.1.2, glibc-2.6.1-r0, 2.6.25-gentoo-r6 i686) ================================================================= System uname: 2.6.25-gentoo-r6 i686 Pentium III (Coppermine) Timestamp of tree: Sun, 20 Jul 2008 19:45:01 +0000 app-shells/bash: 3.2_p33 dev-java/java-config: 1.3.7, 2.1.6 dev-lang/python: 2.4.4-r13, 2.5.2-r5 dev-python/pycrypto: 2.0.1-r6 sys-apps/baselayout: 1.12.11.1 sys-apps/sandbox: 1.2.18.1-r2 sys-devel/autoconf: 2.13, 2.61-r2 sys-devel/automake: 1.8.5-r3, 1.9.6-r2, 1.10.1 sys-devel/binutils: 2.18-r3 sys-devel/gcc-config: 1.4.0-r4 sys-devel/libtool: 1.5.26 virtual/os-headers: 2.6.23-r3 ACCEPT_KEYWORDS="x86" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=pentium3 -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c /etc/udev/rules.d" CXXFLAGS="-O2 -march=pentium3 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="distlocks metadata-transfer sandbox sfperms strict unmerge-orphans userfetch" GENTOO_MIRRORS="http://gentoo.mirror.pw.edu.pl http://src.gentoo.pl http://gentoo.prz.rzeszow.pl http://distfiles.gentoo.org" LDFLAGS="-Wl,-O1" LINGUAS="en pl" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" USE="acl aim apache2 aspnet2 avahi bash-completion berkdb bzip2 cli cracklib crypt ctype cups curl dbus dri fastcgi fortran ftp gadu gd gdbm gpm iconv ipv6 isdnlog ithreads java javascript jpeg latex mdnsresponder-compat midi mmx mono mssql mudflap mysql mysqli ncurses nls nptl nptlonly openmp pam pcre pdf perl php png postgres pppd python readline reflection ruby server session simplexml slang spell spl sqlite sqlite3 sse ssl subversion suexec tcl tcpd tex4ht threads truetype unicode vhosts vim-syntax x86 xml xorg zlib" APACHE2_MODULES="actions alias auth_basic auth_digest authn_anon authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock dbd deflate dir disk_cache env expires ext_filter file_cache filter headers ident imagemap include info log_config logio mem_cache mime mime_magic negotiation proxy proxy_ajp proxy_balancer proxy_connect proxy_http rewrite setenvif so speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en pl" USERLAND="GNU" VIDEO_CARDS="vesa" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS all other data is same as in Marcin report
portage-utils: Sorry I missed noticing that this was not assigned to you.
Looks distinctly like bug 238147
I can't reproduce this. solar@media ~ $ qcache -V portage-utils-0.1.29: compiled on May 9 2008 $Id: qcache.c,v 1.32 2007/05/24 14:47:18 solar Exp $ olar@media ~ $ time qcache -a > /dev/null cache: Found a cache dir, but unable to process /usr/portage/dev-php4: No such file or directory cache: unable to read cache '/var/cache/edb/dep/usr/portage/local/skel' perhaps you need to `emerge --metadata` or `emerge --regen` ? real 0m0.748s user 0m0.400s sys 0m0.350s
Same problem here on two x86 systems. Besides 'qcache -a' most other options of qcache failes also. Portage 2.1.6.13 (default/linux/x86/2008.0/desktop, gcc-4.3.2, glibc-2.9_p20081201-r2, 2.6.29-gentoo-r5 i686) ================================================================= System uname: Linux-2.6.29-gentoo-r5-i686-AMD_Sempron-TM-_3000+-with-glibc2.0 Timestamp of tree: Sun, 02 Aug 2009 06:15:01 +0000 distcc 3.1 i686-pc-linux-gnu [disabled] ccache version 2.4 [enabled] app-shells/bash: 3.2_p39 dev-java/java-config: 2.1.8-r1 dev-lang/python: 2.4.6, 2.5.4-r3 dev-python/pycrypto: 2.0.1-r8 dev-util/ccache: 2.4-r7 dev-util/cmake: 2.6.4 sys-apps/baselayout: 1.12.11.1 sys-apps/sandbox: 1.6-r2 sys-devel/autoconf: 2.13, 2.63-r1 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10.2 sys-devel/binutils: 2.18-r3 sys-devel/gcc-config: 1.4.1 sys-devel/libtool: 1.5.26 virtual/os-headers: 2.6.27-r2 ACCEPT_KEYWORDS="x86" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -mtune=athlon-4" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/config" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/revdep-rebuild /etc/sandbox.d /etc/splash /etc/terminfo /etc/udev/rules.d" CXXFLAGS="-O2 -mtune=athlon-4" DISTDIR="/usr/portage/distfiles" FEATURES="ccache collision-detect distlocks fixpackages parallel-fetch protect-owned sandbox sfperms strict unmerge-orphans userfetch userpriv" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo" LDFLAGS="-Wl,-O1 -Wl,--as-needed -Wl,--hash-style=gnu" LINGUAS="de en" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/portage/local/layman/science /usr/portage/local/layman/sunrise /usr/local/portage" SYNC="rsync://rsync.de.gentoo.org/gentoo-portage" USE="3dnow X acl acpi alsa apache bash-completion berkdb branding bzip2 cairo cdr cli cracklib crypt cscope cups dbus dri dvd dvdr dvdread eds emboss encode esd evo fam firefox fltk fortran gdbm gif gnome gnuplot gpm gstreamer gtk gtk2 hal iconv ipv6 isdnlog jpeg kde libnotify logrotate mad mikmod mmx mp3 mpeg mudflap mysql ncurses nls nptl nptlonly ogg opengl openmp oss pam pcre pdf perl png portaudio ppds pppd pulseaudio python qt qt3 qt3support qt4 quicktime readline reflection sdl server session sndfile spell spl sse ssl startup-notification svg svga sysfs tcpd tiff truetype unicode usb vim-syntax vorbis win32codecs x86 xml xorg xscreensaver xulrunner xv zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic auth_digest authn_anon authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock dbd deflate dir disk_cache env expires ext_filter file_cache filter headers ident imagemap include info log_config logio mem_cache mime mime_magic negotiation proxy proxy_ajp proxy_balancer proxy_connect proxy_http rewrite setenvif so speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="evdev keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="de en" USERLAND="GNU" VIDEO_CARDS="mga vmware vesa" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LANG, LC_ALL, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
dirtyepic@halo ~ $ qcache -s cache: unable to read cache '/var/cache/edb/dep/usr/portage/app-accessibility/espeakup-9999' perhaps you need to `emerge --metadata` or `emerge --regen` ? cache: unable to read cache '/var/cache/edb/dep/usr/portage/app-accessibility/gnome-mag-0.15.8' perhaps you need to `emerge --metadata` or `emerge --regen` ? cache: unable to read cache '/var/cache/edb/dep/usr/portage/app-accessibility/gnome-mag-0.15.7' perhaps you need to `emerge --metadata` or `emerge --regen` ? cache: unable to read cache '/var/cache/edb/dep/usr/portage/app-accessibility/orca-2.26.3' perhaps you need to `emerge --metadata` or `emerge --regen` ? cache: unable to read cache '/var/cache/edb/dep/usr/portage/app-accessibility/speakup-9999' perhaps you need to `emerge --metadata` or `emerge --regen` ? cache: unable to read cache '/var/cache/edb/dep/usr/portage/app-accessibility/speakup-3.1.3' perhaps you need to `emerge --metadata` or `emerge --regen` ? cache: unable to read cache '/var/cache/edb/dep/usr/portage/app-accessibility/speakup-3.1.2' perhaps you need to `emerge --metadata` or `emerge --regen` ? cache: unable to read cache '/var/cache/edb/dep/usr/portage/app-admin/apache-tools-2.2.12' perhaps you need to `emerge --metadata` or `emerge --regen` ? cache: unable to read cache '/var/cache/edb/dep/usr/portage/app-admin/augeas-0.5.2' perhaps you need to `emerge --metadata` or `emerge --regen` ? cache: unable to read cache '/var/cache/edb/dep/usr/portage/app-admin/conky-1.7.2_rc2' perhaps you need to `emerge --metadata` or `emerge --regen` ? cache: unable to read cache '/var/cache/edb/dep/usr/portage/app-admin/conky-1.7.1.1-r2' perhaps you need to `emerge --metadata` or `emerge --regen` ? cache: unable to read cache '/var/cache/edb/dep/usr/portage/app-admin/eselect-python-20090804' perhaps you need to `emerge --metadata` or `emerge --regen` ? cache: unable to read cache '/var/cache/edb/dep/usr/portage/app-admin/eselect-python-20090801' perhaps you need to `emerge --metadata` or `emerge --regen` ? cache: unable to read cache '/var/cache/edb/dep/usr/portage/app-admin/eselect-wxwidgets-1.1' perhaps you need to `emerge --metadata` or `emerge --regen` ? cache: unable to read cache '/var/cache/edb/dep/usr/portage/app-admin/haskell-updater-0.9.1.0' perhaps you need to `emerge --metadata` or `emerge --regen` ? cache: Failed to read keywords for app-admin/mcelog-0.8_pre1.ebuild *** glibc detected *** qcache: corrupted double-linked list: 0x0000000001110500 *** ======= Backtrace: ========= /lib/libc.so.6[0x34c0472ac6] /lib/libc.so.6[0x34c0475f71] /lib/libc.so.6(__libc_malloc+0x6e)[0x34c047754e] qcache[0x408589] qcache[0x409d86] qcache[0x40a9d7] qcache[0x40cb9e] qcache[0x40cbf7] /lib/libc.so.6[0x34c043406d] /lib/libc.so.6[0x34c0433f68] /lib/libc.so.6(qsort_r+0x2bc)[0x34c043452c] /lib/libc.so.6(scandir+0x114)[0x34c049b0b4] qcache[0x40dade] qcache[0x416a27] qcache[0x416e31] /lib/libc.so.6(__libc_start_main+0xfd)[0x34c041ea3d] qcache[0x4022f9] ======= Memory map: ======== 00400000-00428000 r-xp 00000000 fe:00 66400 /usr/bin/q 00627000-00628000 r--p 00027000 fe:00 66400 /usr/bin/q 00628000-00635000 rw-p 00028000 fe:00 66400 /usr/bin/q 00635000-00640000 rw-p 00000000 00:00 0 0110e000-0112f000 rw-p 00000000 00:00 0 [heap] 34c0000000-34c001d000 r-xp 00000000 08:03 29590 /lib64/ld-2.10.1.so 34c021c000-34c021d000 r--p 0001c000 08:03 29590 /lib64/ld-2.10.1.so 34c021d000-34c021e000 rw-p 0001d000 08:03 29590 /lib64/ld-2.10.1.so 34c0400000-34c054e000 r-xp 00000000 08:03 29657 /lib64/libc-2.10.1.so 34c054e000-34c074e000 ---p 0014e000 08:03 29657 /lib64/libc-2.10.1.so 34c074e000-34c0752000 r--p 0014e000 08:03 29657 /lib64/libc-2.10.1.so 34c0752000-34c0753000 rw-p 00152000 08:03 29657 /lib64/libc-2.10.1.so 34c0753000-34c0758000 rw-p 00000000 00:00 0 34f7e00000-34f7e16000 r-xp 00000000 08:03 29665 /lib64/libgcc_s.so.1 34f7e16000-34f8015000 ---p 00016000 08:03 29665 /lib64/libgcc_s.so.1 34f8015000-34f8016000 r--p 00015000 08:03 29665 /lib64/libgcc_s.so.1 34f8016000-34f8017000 rw-p 00016000 08:03 29665 /lib64/libgcc_s.so.1 7f526c000000-7f526c021000 rw-p 00000000 00:00 0 7f526c021000-7f5270000000 ---p 00000000 00:00 0 7f52734a2000-7f52734a4000 rw-p 00000000 00:00 0 7f52734c7000-7f52734c9000 rw-p 00000000 00:00 0 7ffff3a76000-7ffff3a8b000 rw-p 00000000 00:00 0 [stack] 7ffff3b4f000-7ffff3b50000 r-xp 00000000 00:00 0 [vdso] ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall] Aborted (gdb) bt #0 0x00000034c0432455 in raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 #1 0x00000034c04338ba in abort () at abort.c:88 #2 0x00000034c046d3fd in __libc_message (do_abort=<value optimized out>, fmt=<value optimized out>) at ../sysdeps/unix/sysv/linux/libc_fatal.c:170 #3 0x00000034c0472ac6 in malloc_printerr (action=<value optimized out>, str=<value optimized out>, ptr=<value optimized out>) at malloc.c:6196 #4 0x00000034c0475f71 in _int_malloc (av=<value optimized out>, bytes=<value optimized out>) at malloc.c:4596 #5 0x00000034c047754e in __libc_malloc (bytes=<value optimized out>) at malloc.c:3638 #6 0x0000000000408589 in xmalloc (size=28482) at libq/xmalloc.c:33 #7 0x0000000000409d86 in xzalloc (size=28482) at libq/xmalloc.c:51 #8 0x000000000040a9d7 in atom_explode (atom=0x233cb83 "paxtest-0.9.7_pre5.ebuild") at libq/atom_explode.c:56 #9 0x000000000040cb9e in atom_compare_str (s1=<value optimized out>, s2=0x233cb83 "paxtest-0.9.7_pre5.ebuild") at libq/atom_compare.c:132 #10 0x000000000040cbf7 in qcache_vercmp (x=<value optimized out>, y=<value optimized out>) at qcache.c:446 #11 0x00000034c043406d in msort_with_tmp (p=<value optimized out>, b=<value optimized out>, n=<value optimized out>) at msort.c:83 #12 0x00000034c0433f68 in msort_with_tmp (p=<value optimized out>, b=<value optimized out>, n=<value optimized out>) at msort.c:54 #13 0x00000034c043452c in qsort_r (b=<value optimized out>, n=<value optimized out>, s=<value optimized out>, cmp=<value optimized out>, arg=<value optimized out>) at msort.c:294 #14 0x00000034c049b0b4 in scandir (dir=<value optimized out>, namelist=<value optimized out>, select=<value optimized out>, cmp=<value optimized out>) at ../sysdeps/wordsize-64/../../dirent/scandir.c:137 #15 0x000000000040dade in qcache_traverse (func=<value optimized out>) at qcache.c:552 #16 0x0000000000416a27 in q_main (argc=2, argv=0x7fff6522e2b8) at q.c:82 #17 0x0000000000416e31 in main (argc=2, argv=0x7fff6522e2b8) at main.c:1072
^ (portage-utils-0.2)
crashes for me with 0.3.1 still
adding a few sanity checks and we find the answer. the code assumes every value in KEYWORDS can be found in arch.list, but with "-*", that is not the case. since decode_arch() returns the array index (which is now out of bounds) anyways, and then the caller uses it, we get buffer overflows. cache: arch -* not found in global arch list
*** Bug 301557 has been marked as a duplicate of this bug. ***
*** Bug 238147 has been marked as a duplicate of this bug. ***
should be fixed with: http://sources.gentoo.org/gentoo-projects/portage-utils/qcache.c?r1=1.35&r2=1.36
