/bugtracker

Double free detection is causing some errors with Chrome #187

Closed
Fuzion24 opened this Issue Feb 18, 2016 · 4 comments

Comments

Assignees
No one assigned
Labels
Projects
None yet
Milestone
No milestone
2 participants
@Fuzion24 @thestinger
@Fuzion24

Fuzion24 commented Feb 18, 2016

https://gist.github.com/Fuzion24/1bac9d9eff0402d3796a

@thestinger thestinger added the Type: bug label Feb 18, 2016

@thestinger

This comment has been minimized.

Show comment Hide comment
@thestinger

thestinger Feb 18, 2016

Contributor

Does it crash consistently or is this just an intermittent issue?
Contributor

thestinger commented Feb 18, 2016

Does it crash consistently or is this just an intermittent issue?
@thestinger

This comment has been minimized.

Show comment Hide comment
@thestinger

thestinger Feb 18, 2016

Contributor

The error happens when an allocation is freed but there's no entry for the page in the region hash table. So it's a pointer to memory that's not currently handed out as a malloc allocation. It's one of the baseline OpenBSD malloc features rather than a CopperheadOS extension.
Contributor

thestinger commented Feb 18, 2016

The error happens when an allocation is freed but there's no entry for the page in the region hash table. So it's a pointer to memory that's not currently handed out as a malloc allocation. It's one of the baseline OpenBSD malloc features rather than a CopperheadOS extension.
@thestinger

This comment has been minimized.

Show comment Hide comment
@thestinger

thestinger Feb 18, 2016

Contributor

So this might be a double-free, but it could also be free(invalid_ptr) where invalid_ptr was allocated with another allocator or something like that. It would be very helpful if you could provide tombstones. It would show whether the memory at that address is actually mapped and it might be labelled. Could add a debugging feature to OpenBSD malloc to label all the memory properly too - just didn't do that because it hits mmap quite a bit and adding the prctl call would add significant overhead.
Contributor

thestinger commented Feb 18, 2016

So this might be a double-free, but it could also be free(invalid_ptr) where invalid_ptr was allocated with another allocator or something like that. It would be very helpful if you could provide tombstones. It would show whether the memory at that address is actually mapped and it might be labelled. Could add a debugging feature to OpenBSD malloc to label all the memory properly too - just didn't do that because it hits mmap quite a bit and adding the prctl call would add significant overhead.

@thestinger thestinger added the upstream-app label Feb 21, 2016

@thestinger

This comment has been minimized.

Show comment Hide comment
@thestinger

thestinger Mar 11, 2016

Contributor

This needs to be reconfirmed with a new Chrome version and I don't think there's any way it's a CopperheadOS bug.
Contributor

thestinger commented Mar 11, 2016

This needs to be reconfirmed with a new Chrome version and I don't think there's any way it's a CopperheadOS bug.

@thestinger thestinger closed this Mar 11, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment