[sldev] Openjpeg bug

Callum Lerwick seg at haxxed.com
Thu Aug 2 22:39:48 PDT 2007


On Thu, 2007-08-02 at 20:50 -0400, Jason Giglio wrote:
> Does anyone know if this OpenJPEG bug is already addressed in one of the 
> patches I likely do not have?
> 
> 
> *** glibc detected *** bin/do-not-directly-run-secondlife-bin: double 
> free or corruption (fasttop): 0x0c4ee640 ***
> ======= Backtrace: =========
> /lib/tls/i686/cmov/libc.so.6[0xb72fad35]
> /lib/tls/i686/cmov/libc.so.6(cfree+0x90)[0xb72fe7d0]
> /usr/lib/libstdc++.so.6(_ZdlPv+0x21)[0xb74c2d81]
> /usr/lib/libstdc++.so.6(_ZNSs4_Rep10_M_destroyERKSaIcE+0x1d)[0xb749e90d]
> /usr/lib/libstdc++.so.6(_ZNSs6assignERKSs+0xa6)[0xb74a0106]
> /home/jgiglio/opensl/SecondLife_i686_1_18_0_6/lib/libllimage.so(_ZN11LLImageBase12allocateDataEi+0x6d)[0xb7ef5b9f]
> /home/jgiglio/opensl/SecondLife_i686_1_18_0_6/lib/libllimage.so(_ZN10LLImageRaw12allocateDataEi+0x29)[0xb7ef601b]
> /home/jgiglio/opensl/SecondLife_i686_1_18_0_6/lib/libllimage.so(_ZN11LLImageBase16allocateDataSizeEiiii+0x46)[0xb7ef2864]
> /home/jgiglio/opensl/SecondLife_i686_1_18_0_6/lib/libllimage.so(_ZN10LLImageRawC1Etta+0x6a)[0xb7ef29fa]
> 
> Google says this usually is caused by a bad (or nonexisting) copy 
> constructor that causes a double free.

I don't see OpenJPEG in the trace. This is glibc detecting corruption of
its heap pointers, typically caused by a buffer overrun somewhere.

http://www.redhat.com/magazine/009jul05/features/execshield/#overflows

Unfortunately it only detects it after the fact, when a block is freed,
and really does nothing to tell you where the overrun (the actual bug)
happened, it could have been anywhere, in any part of the client, or
somewhere in any of the libraries.

I've seen this a lot, it seems to happen when rapidly crossing sim
borders, but damned if I can get it to happen while running under
valgrind. You can't do anything rapidly in valgrind...

Should probably Jira this, even with the total lack of information...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.secondlife.com/pipermail/sldev/attachments/20070803/b685bd0a/attachment.pgp


More information about the SLDev mailing list