From owner-freebsd-hackers@FreeBSD.ORG Wed Feb 2 18:31:36 2011 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B0FE7106566B for ; Wed, 2 Feb 2011 18:31:36 +0000 (UTC) (envelope-from aduane@juniper.net) Received: from exprod7og114.obsmtp.com (exprod7og114.obsmtp.com [64.18.2.215]) by mx1.freebsd.org (Postfix) with ESMTP id 30F168FC19 for ; Wed, 2 Feb 2011 18:31:35 +0000 (UTC) Received: from source ([66.129.224.36]) (using TLSv1) by exprod7ob114.postini.com ([64.18.6.12]) with SMTP ID DSNKTUmjB1MvYfuiFiZYkEm5p/VKmEP0RyMT@postini.com; Wed, 02 Feb 2011 10:31:36 PST Received: from p-emfe02-wf.jnpr.net (172.28.145.25) by P-EMHUB02-HQ.jnpr.net (172.24.192.36) with Microsoft SMTP Server (TLS) id 8.2.254.0; Wed, 2 Feb 2011 10:06:21 -0800 Received: from EMBX01-WF.jnpr.net ([fe80::1914:3299:33d9:e43b]) by p-emfe02-wf.jnpr.net ([fe80::c126:c633:d2dc:8090%11]) with mapi; Wed, 2 Feb 2011 13:08:25 -0500 From: Andrew Duane To: "freebsd-hackers@freebsd.org" Date: Wed, 2 Feb 2011 13:04:15 -0500 Thread-Topic: Strange problems in the old libc malloc routines Thread-Index: AQHLwwQvLmaqR8SdCk+zAeqiMD/Fmg== Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: Strange problems in the old libc malloc routines X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Feb 2011 18:31:36 -0000 We are still using the FreeBSD 6 malloc routines, and are rather suddenly h= aving a large number of problems with one or two of our programs. Before I = dig into the 100+ crash dumps I have, I thought I'd see if anyone else has = ever encountered this. The problems all seem to stem from some case of malloc returning the pointe= r "1" instead of either NULL or a valid pointer. Always exactly "1". Where = this goes bad depends on where it happens (in the program or inside malloc = itself), but that pointer value of "1" is always involved. Some of the stru= ctures like page_dir look corrupted too. It seems as if maybe the "1" is co= ming from sbrk(0) which is just returning the value of curbrk (which is cor= rect, and not even close to "1").=20 Does this ring any bells? -- Andrew Duane Juniper Networks 978-589-0551 10 Technology Park Dr aduane@juniper.net Westford, MA 01886-3418