Typical malloc-related application bugs
Joe Marcus Clarke
marcus at FreeBSD.org
Thu Jan 19 23:22:58 PST 2006
On Thu, 2006-01-19 at 23:10 -0800, Jason Evans wrote:
> Overall, the malloc changeover has been pretty uneventful. Now that
> jemalloc has seen a bit wider exposure, I thought it might be useful
> to summarize the types of application bugs that it has been uncovering.
First let me say that jemalloc has found quite a few bugs in GNOME
applications that were not spotted with phkmalloc+AJ. I only wish those
bugs had not been there to begin with :-}.
[snip]
> 2) Out-of-bounds writes. Lots of programs have been found to write
> past the end of the space they allocate. At the moment, jemalloc's
> redzone code is enabled, so these errors are causing messages to
> stderr that look like:
>
> ifconfig: (malloc) Corrupted redzone 1 byte after 0xa000150 (size
> 18) (0x0)
>
> In at least one case (running f2c while building the math/arpack
> port), these overruns would have caused actual malloc data structure
> corruption, had redzones not been enabled.
I'm seeing a lot of this when I run gnome-system-monitor. There appears
to be a bug in libgtop, but I don't know how to make these messages
fatal in order to produce a backtrace I can use to narrow down where the
problem lies. What can I do to isolate where in the code the redzone
corruption is occurring?
Additionally, do you have any example code that produces this kind of
redzone corruption? Thanks.
Joe
--
Joe Marcus Clarke
FreeBSD GNOME Team :: gnome at FreeBSD.org
FreeNode / #freebsd-gnome
http://www.FreeBSD.org/gnome
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20060120/764c65f9/attachment.bin
More information about the freebsd-current
mailing list