[added CC crash-catcher@lists.fedorahosted.org]
On Wed, 2010-05-19 at 15:38 +0200, Denys Vlasenko wrote:
On Wed, 2010-05-19 at 14:55 +0200, Nikola Pajkovsky wrote:
run abrtd -dvvv run gui click on report choose bugzilla plugin try to Refresh all information close gui kill abrtd with ctrl+c
result is that abrt abnormally leaks and die with SIGSEGV
Yes, I see it. It's pointless to try to plug leaks until we stop it from SEGVing. Let's find out why it SEGVs:
Digging into it:
==14157== Process terminating with default action of signal 11 (SIGSEGV) ==14157== Access not within mapped region at address 0xBF0E6B2 ==14157== at 0x364C035430: getenv (in /lib64/libc-2.12.so) ==14157== by 0x3D46A1A339: PR_GetEnv (in /lib64/libnspr4.so)
PR_IMPLEMENT(char*) PR_GetEnv(const char *var) { char *ev; if (!_pr_initialized) _PR_ImplicitInitialization(); _PR_LOCK_ENV(); ev = _PR_MD_GET_ENV(var); _PR_UNLOCK_ENV(); return ev; }
char * _PR_MD_GET_ENV(const char *name) { return getenv(name); }
So PR_GetEnv just does getenv without changing the var pointer...
==14157== by 0x3D47ADDB32: PKIX_PL_Shutdown (pkix_pl_lifecycle.c:293)
PKIX_Error * PKIX_PL_Shutdown(void *plContext) { PKIX_UInt32 numLeakedObjects = 0;
PKIX_ENTER(OBJECT, "PKIX_PL_Shutdown");
if (!pkix_pl_initialized) { /* The library was not initilized */ PKIX_RETURN(OBJECT); }
PR_DestroyLock(classTableLock);
pkix_pl_HttpCertStore_Shutdown(plContext);
numLeakedObjects = pkix_pl_lifecycle_ObjectLeakCheck(NULL); if (PR_GetEnv("NSS_STRICT_SHUTDOWN")) { <==================== here PORT_Assert(numLeakedObjects == 0); }
if (plContext != NULL) { PKIX_PL_NssContext_Destroy(plContext); }
pkix_pl_initialized = PKIX_FALSE;
PKIX_RETURN(OBJECT); }
Aha, it's a PR_GetEnv call with const string, not a variable from somewhere. Const string can't be corrupted. "Our environment is corrupted" theory gets a boost...
==14157== by 0x3D47A9F4B8: PKIX_Shutdown (pkix_lifecycle.c:231) ==14157== by 0x3D47A18850: nss_Shutdown (nssinit.c:1032) ==14157== by 0x3D49218574: rpmFreeCrypto (in /usr/lib64/librpmio.so.1.0.0) ==14157== by 0x40ABF5: CRPM::~CRPM() (RPM.cpp:31) ==14157== by 0x364C035FF1: exit (in /lib64/libc-2.12.so) ==14157== by 0x4C29291: xfunc_die() (logging.cpp:37) ==14157== by 0x4C2940F: error_msg_and_die(char const*, ...) (logging.cpp:117) ==14157== by 0x4184E2: main (Daemon.cpp:927)
Obviously, it SEGVed in PR_GetEnv. Possibly a bogus pointer. I will look into the source of these functions.
Digging deeper here is not needed for now. We need to check environ and maybe try running under gdb.
crash-catcher@lists.fedorahosted.org