| Summary: | guile-1.6.4 and lower contains a use-after-free bug which causes segfaults | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Jonathan Briggs <zlynx> |
| Component: | [OLD] Library | Assignee: | Gentoo Linux Gnome Desktop Team <gnome> |
| Status: | RESOLVED UPSTREAM | ||
| Severity: | normal | CC: | amd64 |
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
|
Description
Jonathan Briggs
2004-10-28 23:47:02 UTC
Call me crazy, but I don't have Applications -> Games -> Solitaire from gnome-games. I can't see any solitaire game provided by that package. Aisleriot (the Solitare games) only builds if you have guile installed. emerge guile emerge gnome-games and you should have it. Okay, thanks for that Jonathon. However I can't reproduce this on my x86 - I can play Aisleriot with no problems. @amd64 team: could you please look? @reporter: do you have a link to info on the use-after-freed bug? Thanks sorry, i can't confirm this -> WORKSFORME. can you please provide a emerge info and possibly a strace? The Guile bug is in the guile source in libguile/gc.c:2054 The scm_must_realloc function calls realloc() before calling check_mtrigger(). check_mtrigger() calls scm_igr() which calls scm_mark_subr_table() which uses the global variable scm_subr_table. When scm_must_realloc() is used on scm_subr_table, it ends up using scm_subr_table after realloc has freed it. http://www.gnu.org/software/guile/news.html contains notes about the 1.6.5 Guile release. One note of interest is this: "The use of scm_must_realloc() for memory which is scanned by GC could trigger a GC scan of a free()d block of memory. This has been fixed." Guile 1.6.6 and 1.6.7 are in the tree, taking care of this bug. The fix could be applied to older guile versions if the patch is provided. |
