From owner-freebsd-bugs@FreeBSD.ORG Thu Jun 12 11:50:10 2003 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5070137B401 for ; Thu, 12 Jun 2003 11:50:10 -0700 (PDT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 52A2B43FB1 for ; Thu, 12 Jun 2003 11:50:09 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.9/8.12.9) with ESMTP id h5CIo9Up042655 for ; Thu, 12 Jun 2003 11:50:09 -0700 (PDT) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.9/8.12.9/Submit) id h5CIo9BL042654; Thu, 12 Jun 2003 11:50:09 -0700 (PDT) Resent-Date: Thu, 12 Jun 2003 11:50:09 -0700 (PDT) Resent-Message-Id: <200306121850.h5CIo9BL042654@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Tony Gottfridsson , tony@expletus.se Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2FEF137B401 for ; Thu, 12 Jun 2003 11:46:07 -0700 (PDT) Received: from safe.mine.nu (c-f4b470d5.016-4-67766c2.cust.bredbandsbolaget.se [213.112.180.244]) by mx1.FreeBSD.org (Postfix) with ESMTP id 01E9043FAF for ; Thu, 12 Jun 2003 11:46:06 -0700 (PDT) (envelope-from togo@safe.mine.nu) Received: (from togo@localhost) by safe.mine.nu (8.11.6/8.11.6) id h5CIkdS64241; Thu, 12 Jun 2003 20:46:39 +0200 (CEST) (envelope-from togo) Message-Id: <200306121846.h5CIkdS64241@safe.mine.nu> Date: Thu, 12 Jun 2003 20:46:39 +0200 (CEST) From: Tony Gottfridsson To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Subject: kern/53257: malloc() never returns 0 X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Tony Gottfridsson List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Jun 2003 18:50:10 -0000 >Number: 53257 >Category: kern >Synopsis: malloc() never returns 0 >Confidential: no >Severity: serious >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Jun 12 11:50:08 PDT 2003 >Closed-Date: >Last-Modified: >Originator: Tony Gottfridsson >Release: FreeBSD 4.5-RELEASE i386 >Organization: Expletus >Environment: System: FreeBSD safe.mine.nu 4.5-RELEASE FreeBSD 4.5-RELEASE #0: Sat Apr 20 12:33:32 CEST 2002 root@safe.mine.nu:/usr/src/sys/compile/SAFE i386 >Description: FreeBSD 4.5 malloc() never returns 0 and kills what seems to be random processes, in my case apache seems to be the most likely process to get killed first. This process killing is out of security bounds, ie. normal user malloc()ing forever can kill processes owned by root I haven't found any info on this being solved in newer releases. >How-To-Repeat: togo@~$ cat usemem.c #include #include int main() { char *ptr; int malloc_size=10000000; int i; puts("Starting to allocate memory like a wild"); for (;;) { if ((ptr=(char *)malloc(malloc_size))==NULL) { puts("Got memory allocation failure"); return 1; } for (i=0; iFix: >Release-Note: >Audit-Trail: >Unformatted: