node: corrupted double-linked list

[webholics]

In node >0.4.6 I'm getting the following exception regularly:

*** glibc detected *** node: corrupted double-linked list: 0x0a04ffb0 ***
======= Backtrace: =========
/lib/libc.so.6(+0x6c12a)[0x7cc12a]
/lib/libc.so.6(+0x6d9e1)[0x7cd9e1]
/lib/libc.so.6(cfree+0x6d)[0x7d0afd]
/usr/local/lib/node/.npm/iconv/1.1.0/package/iconv.node(libiconv_close+0x23)[0x645b57]
/usr/local/lib/node/.npm/iconv/1.1.0/package/iconv.node(+0x37d9)[0x6277d9]
node(_ZN2v88internal13GlobalHandles31PostGarbageCollectionProcessingEv+0xf4)[0x81eb134]
======= Memory map: ========
00116000-00131000 r-xp 00000000 fc:00 135507     /lib/ld-2.11.1.so
00131000-00132000 r--p 0001a000 fc:00 135507     /lib/ld-2.11.1.so
00132000-00133000 rw-p 0001b000 fc:00 135507     /lib/ld-2.11.1.so
00137000-0017b000 r-xp 00000000 fc:00 137553     /lib/i686/cmov/libssl.so.0.9.8
0017b000-0017c000 r--p 00044000 fc:00 137553     /lib/i686/cmov/libssl.so.0.9.8
0017c000-0017f000 rw-p 00045000 fc:00 137553     /lib/i686/cmov/libssl.so.0.9.8
0017f000-00268000 r-xp 00000000 fc:00 2942       /usr/lib/libstdc++.so.6.0.13
00268000-00269000 ---p 000e9000 fc:00 2942       /usr/lib/libstdc++.so.6.0.13
00269000-0026d000 r--p 000e9000 fc:00 2942       /usr/lib/libstdc++.so.6.0.13
0026d000-0026e000 rw-p 000ed000 fc:00 2942       /usr/lib/libstdc++.so.6.0.13
0026e000-00275000 rw-p 00000000 00:00 0 
00275000-002f5000 rwxp 00000000 00:00 0 
00359000-00379000 rwxp 00000000 00:00 0 
003cd000-003ed000 rwxp 00000000 00:00 0 
00424000-00426000 rwxp 00000000 00:00 0 
0044c000-00453000 r-xp 00000000 fc:00 135508     /lib/librt-2.11.1.so
00453000-00454000 r--p 00006000 fc:00 135508     /lib/librt-2.11.1.so
00454000-00455000 rw-p 00007000 fc:00 135508     /lib/librt-2.11.1.so
004d2000-0060a000 r-xp 00000000 fc:00 137548     /lib/i686/cmov/libcrypto.so.0.9.8
0060a000-00612000 r--p 00137000 fc:00 137548     /lib/i686/cmov/libcrypto.so.0.9.8
00612000-00620000 rw-p 0013f000 fc:00 137548     /lib/i686/cmov/libcrypto.so.0.9.8
00620000-00624000 rw-p 00000000 00:00 0 
00624000-00724000 r-xp 00000000 fc:00 134637     /usr/local/lib/node/.npm/iconv/1.1.0/package/iconv.node
00724000-00725000 r--p 00100000 fc:00 134637     /usr/local/lib/node/.npm/iconv/1.1.0/package/iconv.node
00725000-00726000 rw-p 00101000 fc:00 134637     /usr/local/lib/node/.npm/iconv/1.1.0/package/iconv.node
00760000-008a2000 r-xp 00000000 fc:00 131657     /lib/libc-2.11.1.so
008a2000-008a3000 ---p 00142000 fc:00 131657     /lib/libc-2.11.1.so
008a3000-008a5000 r--p 00142000 fc:00 131657     /lib/libc-2.11.1.so
008a5000-008a6000 rw-p 00144000 fc:00 131657     /lib/libc-2.11.1.so
008a6000-008a9000 rw-p 00000000 00:00 0 
0091a000-00926000 rwxp 00000000 00:00 0 
00a6e000-00a82000 r-xp 00000000 fc:00 130896     /lib/libpthread-2.11.1.so
00a82000-00a83000 r--p 00014000 fc:00 130896     /lib/libpthread-2.11.1.so
00a83000-00a84000 rw-p 00015000 fc:00 130896     /lib/libpthread-2.11.1.so
00a84000-00a86000 rw-p 00000000 00:00 0 
00b35000-00b48000 r-xp 00000000 fc:00 131512     /lib/libz.so.1.2.3.3
00b48000-00b49000 r--p 00012000 fc:00 131512     /lib/libz.so.1.2.3.3
00b49000-00b4a000 rw-p 00013000 fc:00 131512     /lib/libz.so.1.2.3.3
00b97000-00bb7000 rwxp 00000000 00:00 0 
00c1b000-00c3b000 rwxp 00000000 00:00 0 
00cf5000-00cf6000 r-xp 00000000 00:00 0          [vdso]
00d11000-00d13000 r-xp 00000000 fc:00 130895     /lib/libdl-2.11.1.so
00d13000-00d14000 r--p 00001000 fc:00 130895     /lib/libdl-2.11.1.so
00d14000-00d15000 rw-p 00002000 fc:00 130895     /lib/libdl-2.11.1.so
00dad000-00dd1000 r-xp 00000000 fc:00 135504     /lib/libm-2.11.1.so
00dd1000-00dd2000 r--p 00023000 fc:00 135504     /lib/libm-2.11.1.so
00dd2000-00dd3000 rw-p 00024000 fc:00 135504     /lib/libm-2.11.1.so
00e10000-00e30000 rwxp 00000000 00:00 0 
00e90000-00ead000 r-xp 00000000 fc:00 131416     /lib/libgcc_s.so.1
00ead000-00eae000 r--p 0001c000 fc:00 131416     /lib/libgcc_s.so.1
00eae000-00eaf000 rw-p 0001d000 fc:00 131416     /lib/libgcc_s.so.1
00ec2000-00ec4000 r-xp 00000000 fc:00 135516     /lib/libutil-2.11.1.so
00ec4000-00ec5000 r--p 00001000 fc:00 135516     /lib/libutil-2.11.1.so
00ec5000-00ec6000 rw-p 00002000 fc:00 135516     /lib/libutil-2.11.1.so
00fb9000-00fd9000 rwxp 00000000 00:00 0 
08048000-08577000 r-xp 00000000 fc:00 21256      /usr/local/bin/node
08577000-08578000 r--p 0052e000 fc:00 21256      /usr/local/bin/node
08578000-0857e000 rw-p 0052f000 fc:00 21256      /usr/local/bin/node
0857e000-08598000 rw-p 00000000 00:00 0 
09fbc000-0a233000 rw-p 00000000 00:00 0          [heap]
b4b00000-b4b21000 rw-p 00000000 00:00 0 
b4b21000-b4c00000 ---p 00000000 00:00 0 
b4c6c000-b4d57000 rw-p 00000000 00:00 0 
b4d5e000-b4d74000 rw-p 00000000 00:00 0 
b4d7b000-b4e88000 rw-p 00000000 00:00 0 
b4e88000-b4e89000 ---p 00000000 00:00 0 
b4e89000-b572a000 rw-p 00000000 00:00 0 
b572a000-b6000000 ---p 00000000 00:00 0 
b6000000-b6200000 rw-p 00000000 00:00 0 
b6200000-b6800000 ---p 00000000 00:00 0 
b6800000-b6a00000 rw-p 00000000 00:00 0 
b6a00000-b772a000 ---p 00000000 00:00 0 
b772a000-b772e000 rw-p 00000000 00:00 0 
b7730000-b7736000 rw-p 00000000 00:00 0 
bfd49000-bfd5e000 rw-p 00000000 00:00 0          [stack]
Aborted

Any ideas?

[bnoordhuis]

Hi Mario, thanks for reporting this. Could you perhaps run this through valgrind? What do uname -a and cat /etc/issue say?

[webholics]

uname -a

Linux chilitweets 2.6.32-28-generic #55-Ubuntu SMP Mon Jan 10 21:21:01 UTC 2011 i686 GNU/Linux

cat /etc/issue

Ubuntu 10.04.1 LTS \n \l

Valgrind memory error:

==2616== Memcheck, a memory error detector
==2616== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al.
==2616== Using Valgrind-3.6.0.SVN-Debian and LibVEX; rerun with -h for copyright info
==2616== Command: node test.js
==2616== Invalid free() / delete / delete[]
==2616==    at 0x4024B3A: free (vg_replace_malloc.c:366)
==2616==    by 0x7AC134C: (anonymous namespace)::FreeMemory(char*, void*) (in /usr/local/lib/node/.npm/iconv/1.1.0/package/iconv.node)
==2616==    by 0x81515B3: node::Buffer::Replace(char*, unsigned int, void (*)(char*, void*), void*) (node_buffer.cc:209)
==2616==    by 0x81539B7: node::Buffer::~Buffer() (node_buffer.cc:200)
==2616==    by 0x81EB133: v8::internal::GlobalHandles::PostGarbageCollectionProcessing() (in /usr/local/bin/node)
==2616==  Address 0x74dd6e0 is 0 bytes inside a block of size 16 free'd
==2616==    at 0x4024B3A: free (vg_replace_malloc.c:366)
==2616==    by 0x4024FBD: realloc (vg_replace_malloc.c:525)
==2616==    by 0x7AC0F33: (anonymous namespace)::Iconv::Convert(char*, unsigned int) (in /usr/local/lib/node/.npm/iconv/1.1.0/package/iconv.node)
==2616==    by 0x7AC1296: (anonymous namespace)::Iconv::Convert(v8::Arguments const&) (in /usr/local/lib/node/.npm/iconv/1.1.0/package/iconv.node)
==2616==    by 0x81B7601: v8::internal::Builtin_HandleApiCall(v8::internal::(anonymous namespace)::BuiltinArguments<(v8::internal::BuiltinExtraArguments)1>) (in /usr/local/bin/node)
==2616== 

[bnoordhuis]

Mario, could you post your test script? I can't reproduce it no matter how hard I pummel it.

[webholics]

Unfortunately I don't have a simple test case and I'm not sure when and why exactly the crash happens. I'm creating >100 Iconv instances and am calling convert() a lot in a short amount of time.

[bnoordhuis]

I'm closing the issue because I can't reproduce it. My pummel script is here if you're interested. Feel free to reopen the issue if you have suggestions or additional information.

[anhtuangai]

Hi, I have the same error on ubuntu (tried node 0.4.6 and 0.4.7) but not on OSX (0.4.6).
It happens when using a patched version of index.js in https://github.com/dvv/simple-geoip :

patch1:
var Iconv = require('iconv').Iconv
, iconv = new Iconv('iso-8859-1', 'utf-8');

and

patch2:
/OLD/
//record.city_name = buffer.toString('utf8', b, e);
/Patch/
record.city_name = iconv.convert(buffer.slice(b,e)).toString('utf8');

any idea?

[anhtuangai]

FYI, it works a few times and then fail. Moreover, everything works properly when removing call to iconv.convert, so I think it's not the buffer. (using: record.city_name = buffer.slice(b,e).toString('utf8');)

[bnoordhuis]

Anh-Tuan, can you wrap this up in a test case? What version of Ubuntu are you using, by the way?

[anhtuangai]

wget http://dl.dropbox.com/u/1435930/geoip.zip
unzip geoip.zip
cd geoip
wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
gzip -f -d GeoLiteCity.dat.gz
node node-iconv-fail-testcase.js

[anhtuangai]

Ubuntu 10.04 LTS

[bnoordhuis]

I'll be damned, it works (or rather, it doesn't). Not sure what's causing it but I'll dive in. Thanks!

[anhtuangai]

Thank you! FYI:
iconv --version
OSX: iconv (GNU libiconv 1.11)
Ubuntu: iconv (Ubuntu EGLIBC 2.11.1-0ubuntu7.8) 2.11.1

[bnoordhuis]

v1.1.1 contains this fix and has been uploaded to npm, by the way.

[anhtuangai]

Great! Dank je wel!

[mmcomp]

Hi guys i got the same error but i do not use iconv or anything like it, i just use openlayers and oracle modules. please help me.