Malloc bugs exhibited in ports/mail/dovecot

SANETO Takanori sanewo at ba2.so-net.ne.jp
Wed Jan 18 15:07:59 PST 2006 

I experienced this using malloc.c 1.95.
assert("arenas != NULL") failed in malloc.c:4519.

To reproduce, build mail/dovecot (under either version of malloc.c) and
run it under libc of malloc.c rev 1.95. imap-login and pop3-login dump core.

My environment is:
FreeBSD 7-CURRENT as of 2006/01/15 (+latest libc including malloc.c 1.95)
in VMware 4.5.3
sysctl hw.ncpu = 1

% ldd /usr/local/libexec/dovecot/imap-login
/usr/local/libexec/dovecot/imap-login:
        libssl.so.4 => /usr/lib/libssl.so.4 (0x2809b000)
        libcrypto.so.4 => /lib/libcrypto.so.4 (0x280cc000)
        libc.so.6 => /lib/libc.so.6 (0x281d2000)

Regrads,

SANETO Takanori

Jason Evans wrote:
> On Jan 16, 2006, at 3:50 AM, <freebsd at newmillennium.net.au> wrote:
>> I get core dumps in Dovecot under a recent -CURRENT, Using revision
>> 1.95 of
>> malloc.c:
>>
>> (gdb) bt
>> #0  0x0a250642 in arena_new (arena=0xa2d5140, malloced=false,
>> recursive=true) at /usr/src/lib/libc/stdlib/malloc.c:3520
>> #1  0x0a2520a5 in malloc_init_hard () at
>> /usr/src/lib/libc/stdlib/malloc.c:4444
>> #2  0x0a251b0e in malloc_init () at
>> /usr/src/lib/libc/stdlib/malloc.c:4233
>> #3  0x0a252222 in malloc (size=32784) at
>> /usr/src/lib/libc/stdlib/malloc.c:4528
>> #4  0x0805352a in mem_block_alloc (min_size=32768) at data-stack.c:190
>> #5  0x080538f5 in data_stack_init () at data-stack.c:360
>> #6  0x080575cf in lib_init () at lib.c:24
>> #7  0x0804d8f2 in main (argc=1, argv=0xbfbfecd4, envp=0x0) at main.c:281
> 
> Are you sure that you were using revision 1.95 of malloc.c?  The
> stacktrace looks more like it is from revsion 1.93.  Can you try again
> with revision 1.95, please?  Revisions 1.93 and 1.94 had a bug, in that
> they didn't check whether an allocation was successful in arena_new()
> before using memset() on the result.  I wouldn't have expected the
> allocation to ever fail, but the stacktrace above indicates that dovecot
> probably crashed as a result of the bug.
> 
> If you still have problems with revision 1.95, can you please provide
> details on how to reproduce the crash?
> 
> Thanks,
> Jason
> 
> _______________________________________________
> freebsd-current at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to "freebsd-current-unsubscribe at freebsd.org"

More information about the freebsd-current mailing list