I got this today too, and managed to reproduce it with valgrind: ==9441== Invalid free() / delete / delete[] ==9441== at 0x4C21DBC: free (vg_replace_malloc.c:325) ==9441== by 0x4022D3: simple_spew (display.c:345) ==9441== by 0x40308A: main (display.c:620) ==9441== Address 0x53d4c10 is 0 bytes inside a block of size 64 free'd ==9441== at 0x4C21DBC: free (vg_replace_malloc.c:325) ==9441== by 0x4022D3: simple_spew (display.c:345) ==9441== by 0x40308A: main (display.c:620)
Double frees can sometimes be exploited. Perhaps this is a potential
security hole? I didn't look too closely what exactly is causing this,
but I verified that the given line number is correct. Changing it to:
if(buf.nsupgid > 0 && buf.supgid) { free(buf.supgid); buf.supgid =
0xbebebebe; }
Changed the "double free or corruption" to a simple segfault. For some
reason ps didn't dump core and I didn't bother looking further why.
Anyway, looks like buf isn't properly reset between the while() loop
runs. Similar bugs in the other case: parts in the switch loop.
signature.asc
Description: This is a digitally signed message part
