From owner-freebsd-current Thu Jan 4 12:41:41 1996 Return-Path: owner-current Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id MAA02940 for current-outgoing; Thu, 4 Jan 1996 12:41:41 -0800 (PST) Received: from fredriks.pr.mcs.net (fredriks.pr.mcs.net [199.3.36.197]) by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id MAA02931 for ; Thu, 4 Jan 1996 12:41:36 -0800 (PST) Received: (from fredriks@localhost) by fredriks.pr.mcs.net (8.7.3/8.6.6) id OAA29400 for current@freebsd.org; Thu, 4 Jan 1996 14:41:36 -0600 (CST) From: Lars Fredriksen Message-Id: <199601042041.OAA29400@fredriks.pr.mcs.net> Subject: malloc bug in current? To: current@freebsd.org Date: Thu, 4 Jan 1996 14:41:36 -0600 (CST) X-Mailer: ELM [version 2.4 PL24 ME8b] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-current@freebsd.org Precedence: bulk Hi, Pax kept blowing up on me in free() so I started looking at tit a bit. It looks like there is a slight bug in malloc.c. ------------------------------------------------------------------------------- *** malloc.c.orig Thu Jan 4 08:45:03 1996 --- malloc.c Thu Jan 4 08:45:06 1996 *************** *** 957,963 **** /* Count how many pages and mark them free at the same time */ page_dir[index] = MALLOC_FREE; ! for (i = 1; page_dir[index+i] == MALLOC_FOLLOW; i++) page_dir[index + i] = MALLOC_FREE; l = i << malloc_pageshift; --- 957,963 ---- /* Count how many pages and mark them free at the same time */ page_dir[index] = MALLOC_FREE; ! for (i = 1; (index < last_index) && (page_dir[index+i] == MALLOC_FOLLOW); i++) page_dir[index + i] = MALLOC_FREE; l = i << malloc_pageshift; ------------------------------------------------------------------------------- The problem was( I think) that index+i went past last_index which caused a SIGSEGV. With the above fix my backups now works again. :-) Lars