I've observed this bug on curlftpfs today. Bug description with minimal test case is here: https://bugzilla.redhat.com/show_bug.cgi?id=754026 ==3271== Invalid free() / delete / delete[] ==3271== at 0x4C2962E: free (vg_replace_malloc.c:366) ==3271== by 0x4F459B7: __free_in6ai (check_pf.c:426) ==3271== by 0x4F0D444: getaddrinfo (getaddrinfo.c:2560) ==3271== by 0x4005F4: _resolve_addr (in /home/matt/test/gai-invalid-free/test) ==3271== by 0x400652: main (in /home/matt/test/gai-invalid-free/test) ==3271== Address 0x51e3390 is 0 bytes inside data symbol "noai6ai_cached" I failed to find what actually fixes in in glibc's tree. Sorry.
It occurs in version 2.18-r1 too: ==11499== Invalid free() / delete / delete[] / realloc() ==11499== at 0x4C2A2AC: free (vg_replace_malloc.c:468) ==11499== by 0x5E61C6B: __libc_freeres (in /lib64/libc-2.18.so) ==11499== by 0x4A2374C: _vgnU_freeres (vg_preloaded.c:62) ==11499== by 0x5D4C839: __run_exit_handlers (in /lib64/libc-2.18.so) ==11499== by 0x5D4C8D4: exit (in /lib64/libc-2.18.so) ==11499== by 0x5D35DDB: (below main) (in /lib64/libc-2.18.so) ==11499== Address 0x60b92d0 is 0 bytes inside data symbol "noai6ai_cached"
On modern glibc (2.22, 2.23) the bug does not manifest. Tried on sample from https://bugzilla.redhat.com/show_bug.cgi?id=754026 Closing as OBSOLETE.
