Date: Thu, 19 Jan 2006 08:07:24 +0900 From: SANETO Takanori <sanewo@ba2.so-net.ne.jp> To: Jason Evans <jasone@freebsd.org> Cc: freebsd@newmillennium.net.au, freebsd-current@FreeBSD.org Subject: Re: Malloc bugs exhibited in ports/mail/dovecot Message-ID: <43CECA2C.6030400@ba2.so-net.ne.jp> In-Reply-To: <91B40C65-A11B-427E-B352-8B6EF8A55864@freebsd.org> References: <200601161150.k0GBoamk010563@locutus.newmillennium.net.au> <91B40C65-A11B-427E-B352-8B6EF8A55864@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
I experienced this using malloc.c 1.95. assert("arenas != NULL") failed in malloc.c:4519. To reproduce, build mail/dovecot (under either version of malloc.c) and run it under libc of malloc.c rev 1.95. imap-login and pop3-login dump core. My environment is: FreeBSD 7-CURRENT as of 2006/01/15 (+latest libc including malloc.c 1.95) in VMware 4.5.3 sysctl hw.ncpu = 1 % ldd /usr/local/libexec/dovecot/imap-login /usr/local/libexec/dovecot/imap-login: libssl.so.4 => /usr/lib/libssl.so.4 (0x2809b000) libcrypto.so.4 => /lib/libcrypto.so.4 (0x280cc000) libc.so.6 => /lib/libc.so.6 (0x281d2000) Regrads, SANETO Takanori Jason Evans wrote: > On Jan 16, 2006, at 3:50 AM, <freebsd@newmillennium.net.au> wrote: >> I get core dumps in Dovecot under a recent -CURRENT, Using revision >> 1.95 of >> malloc.c: >> >> (gdb) bt >> #0 0x0a250642 in arena_new (arena=0xa2d5140, malloced=false, >> recursive=true) at /usr/src/lib/libc/stdlib/malloc.c:3520 >> #1 0x0a2520a5 in malloc_init_hard () at >> /usr/src/lib/libc/stdlib/malloc.c:4444 >> #2 0x0a251b0e in malloc_init () at >> /usr/src/lib/libc/stdlib/malloc.c:4233 >> #3 0x0a252222 in malloc (size=32784) at >> /usr/src/lib/libc/stdlib/malloc.c:4528 >> #4 0x0805352a in mem_block_alloc (min_size=32768) at data-stack.c:190 >> #5 0x080538f5 in data_stack_init () at data-stack.c:360 >> #6 0x080575cf in lib_init () at lib.c:24 >> #7 0x0804d8f2 in main (argc=1, argv=0xbfbfecd4, envp=0x0) at main.c:281 > > Are you sure that you were using revision 1.95 of malloc.c? The > stacktrace looks more like it is from revsion 1.93. Can you try again > with revision 1.95, please? Revisions 1.93 and 1.94 had a bug, in that > they didn't check whether an allocation was successful in arena_new() > before using memset() on the result. I wouldn't have expected the > allocation to ever fail, but the stacktrace above indicates that dovecot > probably crashed as a result of the bug. > > If you still have problems with revision 1.95, can you please provide > details on how to reproduce the crash? > > Thanks, > Jason > > _______________________________________________ > freebsd-current@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43CECA2C.6030400>