[vox-tech] glibc bug

Peter Jay Salzman vox-tech@lists.lugod.org
Wed, 30 Apr 2003 10:30:28 -0700


thought this might be of interest to someone.  i reported this
yesterday.  these guys are fast!

pete



----- Forwarded message from GOTO Masanori <gotom@debian.or.jp> -----

Date: Thu, 01 May 2003 01:42:12 +0900
From: GOTO Masanori <gotom@debian.or.jp>
To: Wolfram Gloger <wg@malloc.de>, libc-alpha@sources.redhat.com
Cc: Peter Jay Salzman <p@dirac.org>, bug-glibc@gnu.org
Subject: Re: glibc bug with malloc_stats

At Tue, 29 Apr 2003 11:24:07 -0700,
Peter Jay Salzman wrote:
> i think this might be a bug:
> 
> this program runs fine when FULL is defined and segfaults when it's not.
> 
> i've seen this behavior on sarge (glibc 2.3.1), but it doesn't appear to
> happen on glibc 2.2.5 and 2.1.x.
> 
> if you have any further questions, please email me since i'm not on the
> glibc-bug mailing list.

Well, it's still segv in the latest cvs.

> #include <stdio.h>
> #include <stdlib.h>
> #include <malloc.h>
> // #define FULL
> 
> int main(void)
> {
> 
> #ifdef FULL
>    char *p = (char *) malloc(20*sizeof(char));
> #endif
> 
>    malloc_stats();
> 
> #ifdef FULL
>       free(p);
>       malloc_stats();
> #endif
> 
>    return 0;
> }

This is caused because malloc_arena->next is NULL.  The below patch
fixes the problem (Another fix is to initialize next as &main_arena).
Is it OK, Wolfram?

--- malloc/malloc.c     2003-02-02 05:27:15.000000000 +0900
+++ malloc/malloc.c.new 2003-05-01 01:24:27.000000000 +0900
@@ -5108,7 +5108,7 @@
 #endif
     (void)mutex_unlock(&ar_ptr->mutex);
     ar_ptr = ar_ptr->next;
-    if(ar_ptr == &main_arena) break;
+    if(ar_ptr == &main_arena || ar_ptr == NULL) break;
   }
 #if HAVE_MMAP
   fprintf(stderr, "Total (incl. mmap):\n");

Regards,
-- gotom

----- End forwarded message -----