[openssl-dev] [openssl.org #3957] BUG:Double free in int_thread_del_item in crypto/err/err.c
mahendar katkuri via RT
rt at openssl.org
Mon Jul 27 17:04:10 UTC 2015
Dear Sir/Madam,
During system restart, there is a crash in openSSL(ver openssl-1.0.1j)
pointing to crypto/err/err.c
>From the backtrace, it is complaining about double free
in int_thread_del_item() function in crypto/err/err.c file. Please find
backtrace below. Could you let us know if this is a known issue.
#3 0x000000801ea20000 in __GI_raise (sig=<optimized out>) at
../sysdeps/unix/sysv/linux/raise.c:55
#4 0x000000801ea25850 in __GI_abort () at abort.c:89
#5 0x000000801ea60e24 in __libc_message (do_abort=<optimized out>,
fmt=<optimized out>) at ../sysdeps/posix/libc_fatal.c:175
#6 0x000000801ea6f368 in malloc_printerr (action=<optimized out>,
str=0x801eb4f240 "*double free or corruption (!prev)*", ptr=<optimized
out>) at malloc.c:4958
#7 0x000000801ea701bc in _int_free (av=<optimized out>, p=<optimized
out>, have_lock=<optimized out>) at malloc.c:3829
#8 0x00003fff7ab472d8 in CRYPTO_free (str=0x3fff4c001010) at mem.c:397
#9 0x00003fff7abda018 in lh_free (lh=0x3fff4c000f50) at lhash.c:175
#10 0x00003fff7abdd858 in int_thread_del_item (d=<optimized out>) at err.c:537
#11 0x00003fff7abde978 in ERR_remove_thread_state (id=<optimized out>)
at err.c:994
#12 0x00003fff7abdea14 in ERR_remove_state (pid=<optimized out>) at err.c:1000
BR
Mahendar.
-------------- next part --------------
_______________________________________________
openssl-bugs-mod mailing list
openssl-bugs-mod at openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod
More information about the openssl-dev
mailing list