Date: Wed, 12 Mar 1997 10:58:29 -0700 (MST) From: Joel Maslak <jmaslak@blackfire.com> To: FreeBSD-gnats-submit@freebsd.org Subject: kern/2964: malloc() returns non-null when it should not Message-ID: <199703121758.KAA21827@blackfire.com> Resent-Message-ID: <199703121800.KAA29152@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 2964
>Category: kern
>Synopsis: malloc() returns non-null when it should not
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Wed Mar 12 10:00:01 PST 1997
>Last-Modified:
>Originator: Joel Maslak
>Organization:
None
>Release: FreeBSD 3.0-CURRENT i386
>Environment:
3.0-CURRENT from December 1996, Pentium, 32 MB RAM, 96 MB swap
Ulimit set to 64 MB data size.
>Description:
I'm assuming this is a kernel problem, although it may be a gnu
problem.
If malloc is called as follows:
malloc((size_t) 0xffffffff)
it returns a non-null pointer. Obviously, free objects to
freeing this storage, with a:
Malloc warning: free():junk pointer, too high to make sense
Thus, something is definately broke here. The pointer allocated
in this case has a value of 0x4000.
>How-To-Repeat:
Compile (with GCC) and run:
#include <stdlib.h>
#include <stdio.h>
int main(void) {
void * p;
p = malloc((size_t) 0xffffffff);
if (p != NULL)
printf("KERNEL BUG! %p\n", p);
return 0;
}
Other values to try:
0xffffb001 -> 0xfffff000 (Causes a segmentation fault,
inside malloc())
0xfffff001 -> 0xffffffff (non-null return value)
>Fix:
Don't use malloc. :)
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199703121758.KAA21827>