C++ glibc detected double free or corruption(!prev) using shared library

barfatchen · November 25, 2014, 8:17pm

Currently I test a shared library vendor provided in linux , the following is the simple source :

#include <iostream>
using namespace std;
 
extern int test1();
extern int test2();
 
int main()
{
    cout << "hello world" << endl ;
    return 0 ;
    cout << "Test 1" << endl;
    test1();
 
    cout << "Test 2" << endl;
    test2();
 
    return 0;
}

I have compile and link like :

g++ -g -Wall -fPIC -D_DEBUG -o test -I./include32 src/xxx.cpp src/yyy.cpp src/test.cpp -L./lib32 -lshare1 -lshared2

I have the following output while run :

hello world
***glibc detected *** ./test: double free or corrution (!prev) 0x00000000077ec30 ***

What I don't get is , since I only do print "hello world" and then return 0 ,
that mean I don't call any function in libshared1.so and libshared2.so ,
why error like glibc detected happen ? does it mean that shared library
has problem to be loaded to memory ? since the main function never call
test1() , test2() which really call functions in libshared1.so and
libshared2.so !!

And suggestions , comments are most appreciated !!

achenle · November 25, 2014, 10:52pm

The "0x00000000077ec30" value looks like an address, probably the address of the code that made the double free() call. To find out who's responsible for that code, you need to find out where it comes from.

Add these lines before your return call:

#include <sys/types.h>
#include <unistd.h>
#include <stdio.h>

char command[ 1024 ];
long pid = ( long ) ::getpid(); // use long to ensure correct format specifier
sprintf( command, "pmap %ld", pid );
system( command );

That will cause the pmap utility to be run against your running process. The address value "0x00000000077ec30" should fall within a range of one of the objects in the memory map you'll see as output. That should tell you who is responsible.

barfatchen · November 25, 2014, 11:03pm

@achenle , thanks !!!

May I ask , in the main function , all I do are

cout << "hello world" << endl ;
return 0 ;

How come errors double free still happen ?! Is it possible shared library damaged ?!

Corona688 · November 26, 2014, 9:51am

C++ shared libraries include a function that gets called when the library is loaded, to initialize global variables and such. It's likely that is what's crashing. Perhaps it's using an incompatible glibc++...

Very difficult to tell without knowing what it is. What is the shared library? Also, what do you see from ldd ./sharedlibrary.so

achenle · November 26, 2014, 11:59am

From the fact that the error happens after the test program emits "hello world", I'm more suspicious of the problem being a static destructor called when the process exits.

Replace the call to the "pmap" utility with a call to "pstack" and the call stack when the error is detected will be shown.

barfatchen · November 26, 2014, 7:46pm

#include <iostream>
#include <sys/types.h>
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
#include <dlfcn.h>

using namespace std;

int main()
{
   
    cout << "hello world 3 " << endl ;
    void *handle2;
    handle2 = dlopen ("/usr/local/lib/xxx.so", RTLD_LAZY);   
    if (!handle2) {
        fprintf (stderr, "%s\n", dlerror());
        exit(1);
    }
    
    cout << "hello world 1 " << endl ;
    void *handle3;
    handle3 = dlopen ("/usr/local/lib/yyy.so", RTLD_LAZY);
    if (!handle3) {
        fprintf (stderr, "%s\n", dlerror());
        exit(1);
    }


    cout << "hello world" << endl ;
}

Compile :
g++ -g -Wall -rdynamic -o test src/test.cpp -ldl

Output :
hello world 3
hello world 1
Segmentation fault (core dumped)

If I don't do dlopen in yyy.so , the program won't core dump ,
look like the yyy.so which vendor provide is damaged !!!!

Corona688 · December 5, 2014, 2:40pm

To repeat: