Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 29 Jan 2009 13:17:50 +0100
From:      Bernd Walter <ticso@cicely7.cicely.de>
To:        Channa <channa.kad@gmail.com>
Cc:        Christoph Mallon <christoph.mallon@gmx.de>, freebsd-current@freebsd.org
Subject:   Re: Jemalloc SEGV for 1MB chunk
Message-ID:  <20090129121750.GO74490@cicely7.cicely.de>
In-Reply-To: <515c64960901280401w1e1d08bfx29adc124bc749c4a@mail.gmail.com>
References:  <515c64960901280339m17fa9309v2e1bc3f55454ab@mail.gmail.com> <49804597.6040303@gmx.de> <515c64960901280401w1e1d08bfx29adc124bc749c4a@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jan 28, 2009 at 05:31:43PM +0530, Channa wrote:
> Hi,
> Thanks for your reply.
> You mean to say i should modify the test as below:
> 
> #include <stdio.h>
> #include <stdlib.h>
> #include <string.h>
> 
> 
> int main()
> {
> int i;
> char *buf;
> size_t size = 1048576 ;
> 
>         buf = malloc(size);
>   for (i = 0; i <= 1048575; i++)
>     buf[i] = 'a';
> buf[size]='\0';
> printf("The length of buff is : %d\n",strlen(buf));
> free(buf);
> return 0;
> }
> 
> I NULL terminated the string
> buf[size] = '\0'  <== The last character is NULL
> 
> But still i get a SEGV at strlen.
> 
> Could you please tell me if my changes above are correct?

buf[size - 1]='\0';

It should panic with this line instead of strlen, because you tried
writing one byte behind allocation.
Originally your code wasn't terminating the string at all so strlen
was the first one to access behind allocation.

-- 
B.Walter <bernd@bwct.de> http://www.bwct.de
Modbus/TCP Ethernet I/O Baugruppen, ARM basierte FreeBSD Rechner uvm.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090129121750.GO74490>