From owner-freebsd-hackers@FreeBSD.ORG  Thu Nov 22 11:54:52 2007
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 50B3416A46C
	for <freebsd-hackers@freebsd.org>; Thu, 22 Nov 2007 11:54:52 +0000 (UTC)
	(envelope-from jasone@freebsd.org)
Received: from canonware.com (canonware.com [64.183.146.166])
	by mx1.freebsd.org (Postfix) with ESMTP id 2E49913C46B
	for <freebsd-hackers@freebsd.org>; Thu, 22 Nov 2007 11:54:51 +0000 (UTC)
	(envelope-from jasone@freebsd.org)
Received: from [192.168.168.201] (canonware.com [64.183.146.166])
	by canonware.com (Postfix) with ESMTP id 4145B12981E;
	Wed, 21 Nov 2007 19:02:25 -0800 (PST)
Message-ID: <4744EFC9.50409@freebsd.org>
Date: Wed, 21 Nov 2007 18:56:09 -0800
From: Jason Evans <jasone@freebsd.org>
User-Agent: Thunderbird 1.5.0.12 (X11/20071018)
MIME-Version: 1.0
To: Pietro Cerutti <gahr@gahr.ch>
References: <474420B8.10203@gahr.ch>
In-Reply-To: <474420B8.10203@gahr.ch>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-hackers@freebsd.org
Subject: Re: assertion failed on malloc.c
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Nov 2007 11:54:52 -0000

Pietro Cerutti wrote:
>> uname -r
> 8.0-CURRENT
> 
> Mplayer always crashes quitting .flv video (either by pressing 'q' or
> because the video is over).
> 
> The error is:
> 
> Assertion failed: (diff == regind * size), function
> arena_run_reg_dalloc, file /usr/src/lib/libc/stdlib/malloc.c, line 1714.
> 
> Removing the assert at line 1714 and recompiling libc solves the
> problem, but I'm not that familiar with the current malloc
> implementation to know whether (diff == regind * size) is always
> supposed to be true (thus a bug in mplayer) or the assertion is simply
> wrong.

This is probably due to attempted deallocation of an invalid pointer. 
This could be either a double free or a totally bogus deallocation, 
perhaps of a pointer that is within a valid object.

Removing the assertion in malloc.c simply allows undefined behavior 
beyond where the assertion failure would have caused a crash.  The 
failure modes  can be serious, such as memory corruption or a 
segmentation fault.

Jason