From owner-freebsd-bugs Sat Aug 26 7: 0:14 2000 Delivered-To: freebsd-bugs@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 110E337B43F for ; Sat, 26 Aug 2000 07:00:01 -0700 (PDT) Received: (from gnats@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id HAA14974; Sat, 26 Aug 2000 07:00:01 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: by hub.freebsd.org (Postfix, from userid 32767) id E62AD37B424; Sat, 26 Aug 2000 06:55:40 -0700 (PDT) Message-Id: <20000826135540.E62AD37B424@hub.freebsd.org> Date: Sat, 26 Aug 2000 06:55:40 -0700 (PDT) From: jml@cubical.fi To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-1.0 Subject: misc/20862: malloc() generates SIGSEGV Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 20862 >Category: misc >Synopsis: malloc() generates SIGSEGV >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sat Aug 26 07:00:00 PDT 2000 >Closed-Date: >Last-Modified: >Originator: Juha Liukkonen >Release: 4.1-RELEASE >Organization: Cubical Solutions Ltd >Environment: FreeBSD skitso.intra.net 4.1-RELEASE FreeBSD 4.1-RELEASE #0: Sat Aug 19 14:56:42 EEST 2000 root@skitso.intra.net:/usr/src/sys/compile/server-mp.conf i386 >Description: malloc() says "recursive call" and gives a SIGSEGV when called with a nasty size value (0xffff0000..0xfffefff qualify). The wraparound check added with kern/2964 was apparently not sufficient :-) >How-To-Repeat: void *foo = malloc(0xffff0000); >Fix: >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message