From owner-freebsd-current@FreeBSD.ORG  Wed May  9 19:02:39 2007
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
X-Original-To: freebsd-current@FreeBSD.org
Delivered-To: freebsd-current@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 0280616A402
	for <freebsd-current@FreeBSD.org>; Wed,  9 May 2007 19:02:39 +0000 (UTC)
	(envelope-from rdivacky@vlk.vlakno.cz)
Received: from vlakno.cz (vlk.vlakno.cz [62.168.28.247])
	by mx1.freebsd.org (Postfix) with ESMTP id A3C6613C458
	for <freebsd-current@FreeBSD.org>; Wed,  9 May 2007 19:02:33 +0000 (UTC)
	(envelope-from rdivacky@vlk.vlakno.cz)
Received: from localhost (localhost [127.0.0.1])
	by vlakno.cz (Postfix) with ESMTP id 3A2368BD490;
	Wed,  9 May 2007 21:02:32 +0200 (CEST)
X-Virus-Scanned: amavisd-new at vlakno.cz
Received: from vlakno.cz ([127.0.0.1])
	by localhost (vlk.vlakno.cz [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 7oFHu3bI50qS; Wed,  9 May 2007 21:02:31 +0200 (CEST)
Received: from vlk.vlakno.cz (localhost [127.0.0.1])
	by vlakno.cz (Postfix) with ESMTP id 5001D8BD48F;
	Wed,  9 May 2007 21:02:31 +0200 (CEST)
Received: (from rdivacky@localhost)
	by vlk.vlakno.cz (8.13.8/8.13.8/Submit) id l49J2STL058330;
	Wed, 9 May 2007 21:02:28 +0200 (CEST) (envelope-from rdivacky)
Date: Wed, 9 May 2007 21:02:28 +0200
From: Roman Divacky <rdivacky@FreeBSD.org>
To: Scott Long <scottl@samsco.org>
Message-ID: <20070509190228.GA58304@freebsd.org>
References: <20070509185905.GA29365@FreeBSD.czest.pl>
	<464213F4.5030704@samsco.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <464213F4.5030704@samsco.org>
User-Agent: Mutt/1.4.2.2i
Cc: freebsd-current@FreeBSD.org, "Wojciech A. Koszek" <wkoszek@FreeBSD.org>,
	jasone@FreeBSD.org
Subject: Re: yacc(1) causes a fault -- "fault VA = 0xa5a5a5b1"
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 09 May 2007 19:02:39 -0000

> >Sounds like a regression in malloc(3) ?
> >
> >Thanks,
> >
> 
> No, that looks like a use-after-free, with malloc filling the freed 
> memory with trash.  It's a debugging option that is turned off in
> RELENG_N branches and left on in HEAD, for precisely this reason.

this makes me ask a question - what is the state of running coverity
on fbsd userland? some of the programs in the userland are really
old and noone has touched them in ages... (yacc being obviously one of
them)

thnx for answer