From bicknell@ussenterprise.ufp.org  Fri Jun 12 14:51:07 1998
Received: from ussenterprise.ufp.org (bicknell@ussenterprise.ufp.org [209.12.7.40])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id OAA23703
          for <FreeBSD-gnats-submit@freebsd.org>; Fri, 12 Jun 1998 14:51:07 -0700 (PDT)
          (envelope-from bicknell@ussenterprise.ufp.org)
Received: (from bicknell@localhost)
	by ussenterprise.ufp.org (8.8.8/8.8.7) id RAA09751;
	Fri, 12 Jun 1998 17:50:51 -0400 (EDT)
Message-Id: <199806122150.RAA09751@ussenterprise.ufp.org>
Date: Fri, 12 Jun 1998 17:50:51 -0400 (EDT)
From: Leo Bicknell <bicknell@ufp.org>
Reply-To: bicknell@ufp.org
To: FreeBSD-gnats-submit@freebsd.org
Subject: Inetd corrupting pointer.
X-Send-Pr-Version: 3.2

>Number:         6933
>Category:       bin
>Synopsis:       Inetd corrupting a pointer then passing to free.
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Jun 12 15:00:00 PDT 1998
>Closed-Date:    Sat Jun 13 11:24:37 PDT 1998
>Last-Modified:  Sat Jun 13 11:25:08 PDT 1998
>Originator:     Leo Bicknell
>Release:        FreeBSD 2.2.5-RELEASE i386
>Organization:
United Federation of Planets
>Environment:

	Seen on FreeBSD 2.2.5 and 2.2.6 systems using "stock" inetd's.

>Description:

	Users connecting to inetd services (eg telnet, pop3) get the message
"inetd in free(), warning junk pointer, too low to make sense."  This was
traced to about line 1043 of /usr/src/lib/libc/stdlib/malloc.c, in the ifree
function.  It appears inetd is corrupting a pointer, then passing it to free
triggering an error.

	Once this state has been entered all additional inetd services exhibit
the same behavior.  Inetd must be restarted.

>How-To-Repeat:

	Unknown.  Problem has occured 3 times to date with no common elements
leading up to the failure.  This has happened with three different config
files as well, making it unlikely it is a config file anomoly.

>Fix:
	
	

>Release-Note:
>Audit-Trail:

From: "Jordan K. Hubbard" <jkh@time.cdrom.com>
To: bicknell@ufp.org
Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: bin/6933: Inetd corrupting pointer. 
Date: Fri, 12 Jun 1998 17:12:58 -0700

 > 	Users connecting to inetd services (eg telnet, pop3) get the message
 > "inetd in free(), warning junk pointer, too low to make sense."  This was
 > traced to about line 1043 of /usr/src/lib/libc/stdlib/malloc.c, in the ifree
 > function.  It appears inetd is corrupting a pointer, then passing it to free
 > triggering an error.
 > 
 > 	Once this state has been entered all additional inetd services exhibit
 > the same behavior.  Inetd must be restarted.
 
 This is a known problem, but to date no one has found just where the
 memory is being corrupted. :-(
 
 - Jordan
State-Changed-From-To: open->closed 
State-Changed-By: steve 
State-Changed-When: Sat Jun 13 11:24:37 PDT 1998 
State-Changed-Why:  
Duplicate of PR# 6858 and it has a detailed Audit-Trail. 
>Unformatted:
