Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 18 Sep 1997 13:12:18 -0600 (MDT)
From:      Nate Williams <nate@mt.sri.com>
To:        Poul-Henning Kamp <phk@critter.freebsd.dk>
Cc:        Nate Williams <nate@mt.sri.com>, Graham Wheeler <gram@cdsec.com>, hackers@freebsd.org
Subject:   Re: Bug in malloc/free (was: Memory leak in getservbyXXX?) 
Message-ID:  <199709181912.NAA13699@rocky.mt.sri.com>
In-Reply-To: <10897.874608673@critter.freebsd.dk>
References:  <199709181811.MAA13376@rocky.mt.sri.com> <10897.874608673@critter.freebsd.dk>
next in thread | previous in thread | raw e-mail | index | archive | help 
[ Bugs in phk-malloc ]

> Anyway, if you think so: do like so many others have done, look at the 
> source for phkmalloc.c and try to spot the error.  I can't.

I know, and I don't expect you to find any.  But, it doesn't mean there
isn't one. :)

[ 'hangs' in malloc due to memory over-write causing circular lists ]

> >> This is about the only way you could get it to loop I think.  That means
> >> that somebody wrote to memory malloc hadn't passed them (ie: your code).
> >
> >Yikes, this would be 'Hard to Do', even by design (ie; self-modifying
> >code).  But, stranger things have happened, especially with dealing with
> >malloc/free.
> 
> No, all you have to do is to make each allocation have it's own set of
> pages, munmap them when free is called and never use those pages again.
> 
> You run out of address space really fast, and it is slow, but it works.

It's slow, but how would it cause malloc to hang?

> >> This would indicate a bug of the class where memory is written to after
> >> being free()'ed, a kind of bug which phkmalloc makes no attempt to catch.
> >
> >This is a 'hard problem'.
> 
> Not really, there is a simple way to find it I belive.  Hack phkmalloc
> the following way:  Add a nontrivial checksum field to the freechunk
> structure.  Check before use, and update it after changes.  Should
> nail it in no time.

Cool, sounds like another option *YOU* should implement. *grin*

(just kidding, just kidding.....)



Nate

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199709181912.NAA13699>