[gentoo-hardened] Glibc detected invalid pointer

[gentoo-hardened] Glibc detected invalid pointer

[Jeff Rooney]

Whenever I run tripwire in a check mode I get the following output:

*** glibc detected *** tripwire: free(): invalid pointer: 0x00007fffffffd5d8 ***
======= Backtrace: =========
/lib/libc.so.6[0x7f64eb0008ac]
/lib/libc.so.6(cfree+0x86)[0x7f64eb002506]
/usr/lib/gcc/x86_64-pc-linux-gnu/3.4.6/libstdc++.so.6(_ZdlPv+0x1d)[0x7f64eb83e3ad]
/usr/lib/gcc/x86_64-pc-linux-gnu/3.4.6/libstdc++.so.6(_ZNSs4_Rep10_M_destroyERKSaIcE+0x22)[0x7f64eb817c52]
/usr/lib/gcc/x86_64-pc-linux-gnu/3.4.6/libstdc++.so.6(_ZNSsD1Ev+0x7c)[0x7f64eb81803c]
tripwire[0x7f64ec111a03]
tripwire(main+0xb39)[0x7f64ec0f32a9]
/lib/libc.so.6(__libc_start_main+0xf6)[0x7f64eafb05c6]
tripwire[0x7f64ec0dfcc9]
======= Memory map: ========
7f64e4000000-7f64e4021000 rw-p 7f64e4000000 00:00 0
7f64e4021000-7f64e8000000 ---p 7f64e4021000 00:00 0
7f64ea558000-7f64ea563000 r-xp 00000000 08:03 4237597
  /lib64/libnss_files-2.9.so
7f64ea563000-7f64ea762000 ---p 0000b000 08:03 4237597
  /lib64/libnss_files-2.9.so
7f64ea762000-7f64ea763000 r--p 0000a000 08:03 4237597
  /lib64/libnss_files-2.9.so
7f64ea763000-7f64ea764000 rw-p 0000b000 08:03 4237597
  /lib64/libnss_files-2.9.so
7f64ea764000-7f64ea76e000 r-xp 00000000 08:03 4237633
  /lib64/libnss_nis-2.9.so
7f64ea76e000-7f64ea96d000 ---p 0000a000 08:03 4237633
  /lib64/libnss_nis-2.9.so
7f64ea96d000-7f64ea96e000 r--p 00009000 08:03 4237633
  /lib64/libnss_nis-2.9.so
7f64ea96e000-7f64ea96f000 rw-p 0000a000 08:03 4237633
  /lib64/libnss_nis-2.9.so
7f64ea96f000-7f64ea983000 r-xp 00000000 08:03 4237639
  /lib64/libnsl-2.9.so
7f64ea983000-7f64eab82000 ---p 00014000 08:03 4237639
  /lib64/libnsl-2.9.so
7f64eab82000-7f64eab83000 r--p 00013000 08:03 4237639
  /lib64/libnsl-2.9.so
7f64eab83000-7f64eab84000 rw-p 00014000 08:03 4237639
  /lib64/libnsl-2.9.so
7f64eab84000-7f64eab86000 rw-p 7f64eab84000 00:00 0
7f64eab86000-7f64eab8d000 r-xp 00000000 08:03 4237643
  /lib64/libnss_compat-2.9.so
7f64eab8d000-7f64ead8c000 ---p 00007000 08:03 4237643
  /lib64/libnss_compat-2.9.so
7f64ead8c000-7f64ead8d000 r--p 00006000 08:03 4237643
  /lib64/libnss_compat-2.9.so
7f64ead8d000-7f64ead8e000 rw-p 00007000 08:03 4237643
  /lib64/libnss_compat-2.9.so
7f64ead8e000-7f64ead90000 r-xp 00000000 08:03 4237636
  /lib64/libdl-2.9.so
7f64ead90000-7f64eaf90000 ---p 00002000 08:03 4237636
  /lib64/libdl-2.9.so
7f64eaf90000-7f64eaf91000 r--p 00002000 08:03 4237636
  /lib64/libdl-2.9.so
7f64eaf91000-7f64eaf92000 rw-p 00003000 08:03 4237636
  /lib64/libdl-2.9.so
7f64eaf92000-7f64eb0d2000 r-xp 00000000 08:03 4237598
  /lib64/libc-2.9.so
7f64eb0d2000-7f64eb2d2000 ---p 00140000 08:03 4237598
  /lib64/libc-2.9.so
7f64eb2d2000-7f64eb2d6000 r--p 00140000 08:03 4237598
  /lib64/libc-2.9.so
7f64eb2d6000-7f64eb2d7000 rw-p 00144000 08:03 4237598
  /lib64/libc-2.9.so
7f64eb2d7000-7f64eb2dc000 rw-p 7f64eb2d7000 00:00 0
7f64eb2dc000-7f64eb2e7000 r-xp 00000000 08:03 4237419
  /lib64/libgcc_s.so.1
7f64eb2e7000-7f64eb4e6000 ---p 0000b000 08:03 4237419
  /lib64/libgcc_s.so.1
7f64eb4e6000-7f64eb4e7000 r--p 0000a000 08:03 4237419
  /lib64/libgcc_s.so.1
7f64eb4e7000-7f64eb4e8000 rw-p 0000b000 08:03 4237419
  /lib64/libgcc_s.so.1
7f64eb4e8000-7f64eb56d000 r-xp 00000000 08:03 4237634
  /lib64/libm-2.9.so
7f64eb56d000-7f64eb76d000 ---p 00085000 08:03 4237634
  /lib64/libm-2.9.so
7f64eb76d000-7f64eb76e000 r--p 00085000 08:03 4237634
  /lib64/libm-2.9.so
7f64eb76e000-7f64eb76f000 rw-p 00086000 08:03 4237634
  /lib64/libm-2.9.so
7f64eb76f000-7f64eb8af000 r-xp 00000000 08:07 778854
  /usr/lib64/gcc/x86_64-pc-l                           .6.0.3
7f64eb8af000-7f64ebaae000 ---p 00140000 08:07 778854
  /usr/lib64/gcc/x86_64-pc-l                           .6.0.3
7f64ebaae000-7f64ebab1000 r--p 0013f000 08:07 778854
  /usr/lib64/gcc/x86_64-pc-l                           .6.0.3
7f64ebab1000-7f64ebab7000 rw-p 00142000 08:07 778854
  /usr/lib64/gcc/x86_64-pc-l                           .6.0.3
7f64ebab7000-7f64ebaca000 rw-p 7f64ebab7000 00:00 0
7f64ebaca000-7f64ebc67000 r-xp 00000000 08:07 50831649
  /usr/lib64/libcrypto.so.0.
7f64ebc67000-7f64ebe66000 ---p 0019d000 08:07 50831649
  /usr/lib64/libcrypto.so.0.
7f64ebe66000-7f64ebe74000 r--p 0019c000 08:07 50831649
  /usr/lib64/libcrypto.so.0.
7f64ebe74000-7f64ebe8c000 rw-p 001aa000 08:07 50831649
  /usr/lib64/libcrypto.so.0.
7f64ebe8c000-7f64ebe90000 rw-p 7f64ebe8c000 00:00 0
7f64ebe90000-7f64ebeac000 r-xp 00000000 08:03 4237596
  /lib64/ld-2.9.so
7f64ec03a000-7f64ec0a0000 rw-p 7f64ec03a000 00:00 0
7f64ec0a6000-7f64ec0aa000 rw-p 7f64ec0a6000 00:00 0
7f64ec0aa000-7f64ec0ab000 r-xp 7f64ec0aa000 00:00 0                      [vdso]
7f64ec0ab000-7f64ec0ac000 r--p 0001b000 08:03 4237596
  /lib64/ld-2.9.so
7f64ec0ac000-7f64ec0ad000 rw-p 0001c000 08:03 4237596
  /lib64/ld-2.9.so
7f64ec0ad000-7f64ec282000 r-xp 00000000 08:07 777645
  /usr/sbin/tripwire
7f64ec481000-7f64ec484000 r--p 001d4000 08:07 777645
  /usr/sbin/tripwire
7f64ec484000-7f64ec496000 rw-p 001d7000 08:07 777645
  /usr/sbin/tripwire
7f64ec496000-7f64ed50b000 rw-p 7f64ec496000 00:00 0                      [heap]
7ffffffe9000-7ffffffff000 rw-p 7ffffffe9000 00:00 0                      [stack]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0
  [vsyscall]
Software interrupt forced exit: Abort


I'm running 2.6.28-hardened-r9 with grsec enabled on gcc 3.4.6-r2
glibc 2.9_p20081201-r2, any suggestions?

--
Jeff

Re: [gentoo-hardened] Glibc detected invalid pointer

[pageexec]

On 16 Oct 2009 at 15:50, Jeff Rooney wrote:

> Whenever I run tripwire in a check mode I get the following output:
> 
> *** glibc detected *** tripwire: free(): invalid pointer: 0x00007fffffffd5d8 ***

that looks like a stack pointer, i.e., tripwire somewhere stored a local variable
address (of a std::basic_string apparently) and tried to free it later (via the
delete operator). you should try to find out where 0x7f64ec111a03 resolves in the
tripwire binary and debug it from there (it will be easier on a non-PIE binary).