From owner-freebsd-questions@FreeBSD.ORG Fri Jun 11 19:56:31 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A934E106566C for ; Fri, 11 Jun 2010 19:56:31 +0000 (UTC) (envelope-from dan@dan.emsphone.com) Received: from email1.allantgroup.com (email1.emsphone.com [199.67.51.115]) by mx1.freebsd.org (Postfix) with ESMTP id 5514F8FC17 for ; Fri, 11 Jun 2010 19:56:31 +0000 (UTC) Received: from dan.emsphone.com (dan.emsphone.com [199.67.51.101]) by email1.allantgroup.com (8.14.0/8.14.0) with ESMTP id o5BJuUqI049064 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Fri, 11 Jun 2010 14:56:30 -0500 (CDT) (envelope-from dan@dan.emsphone.com) Received: from dan.emsphone.com (smmsp@localhost [127.0.0.1]) by dan.emsphone.com (8.14.4/8.14.4) with ESMTP id o5BJuTuq025655 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Fri, 11 Jun 2010 14:56:30 -0500 (CDT) (envelope-from dan@dan.emsphone.com) Received: (from dan@localhost) by dan.emsphone.com (8.14.4/8.14.3/Submit) id o5BJuTaP025651; Fri, 11 Jun 2010 14:56:29 -0500 (CDT) (envelope-from dan) Date: Fri, 11 Jun 2010 14:56:29 -0500 From: Dan Nelson To: Vikash Badal Message-ID: <20100611195628.GB36450@dan.emsphone.com> References: <9B425C841283E0418B1825D40CBCFA613D9E3CA643@ZABRYSVISEXMBX1.af.didata.local> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <9B425C841283E0418B1825D40CBCFA613D9E3CA643@ZABRYSVISEXMBX1.af.didata.local> X-OS: FreeBSD 8.1-PRERELEASE User-Agent: Mutt/1.5.20 (2009-06-14) X-Virus-Scanned: clamav-milter 0.96 at email1.allantgroup.com X-Virus-Status: Clean X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.0.2 (email1.allantgroup.com [199.67.51.78]); Fri, 11 Jun 2010 14:56:30 -0500 (CDT) X-Scanned-By: MIMEDefang 2.45 Cc: "freebsd-questions@freebsd.org" Subject: Re: threads and malloc/free on freebsd 8.0 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Jun 2010 19:56:31 -0000 In the last episode (Jun 11), Vikash Badal said: > I have a thread socket application that seems to be behaving strangely > > In a worker thread, I have the following. > > ----------- > LogMessage(DEBUG_0, "allocated %ld", malloc_usable_size(inst)); > free(inst); > LogMessage(DEBUG_0, "after free allocated %ld", malloc_usable_size(inst)); > free(inst); > return 0; > ----------- > output> allocated 2304 > output> after free allocated 2304 > > from playing around, this should have segfaulted but it didn't: > > if I try this from a non threaded, non socket code: > ------------------ > char *z; > > z = (char*)malloc(1000); > printf("malloc is %ld\n", malloc_usable_size(z)); > free(z); > printf("after malloc is %ld\n", malloc_usable_size(z)); > ------------------ > > Output> malloc is 1024 > Output> Segmentation fault (core dumped) > > Can anyone enlighten me ? why did the 2nd free not cause a segmentation > fault ? You asked this same question on May 24: http://lists.freebsd.org/pipermail/freebsd-questions/2010-May/216652.html The answer is still the same: You're invoking undefined behaviour here by calling malloc_usable_size on a free'd pointer. The function is free to crash, return useful data, or return useless data, at its discretion :) The fix is to remove your second call to malloc_usable_size(z)). Then neither version will crash. Also, a useful habit to start is to explicitly zero the pointer you just free'd, to prevent it from being used accidentally later. -- Dan Nelson dnelson@allantgroup.com