Typical malloc-related application bugs

Joe Marcus Clarke marcus at FreeBSD.org
Thu Jan 19 23:22:58 PST 2006

On Thu, 2006-01-19 at 23:10 -0800, Jason Evans wrote:
> Overall, the malloc changeover has been pretty uneventful.  Now that  
> jemalloc has seen a bit wider exposure, I thought it might be useful  
> to summarize the types of application bugs that it has been uncovering.

First let me say that jemalloc has found quite a few bugs in GNOME
applications that were not spotted with phkmalloc+AJ.  I only wish those
bugs had not been there to begin with :-}.


> 2) Out-of-bounds writes.  Lots of programs have been found to write  
> past the end of the space they allocate.  At the moment, jemalloc's  
> redzone code is enabled, so these errors are causing messages to  
> stderr that look like:
> 	ifconfig: (malloc) Corrupted redzone 1 byte after 0xa000150 (size  
> 18) (0x0)
> In at least one case (running f2c while building the math/arpack  
> port), these overruns would have caused actual malloc data structure  
> corruption, had redzones not been enabled.

I'm seeing a lot of this when I run gnome-system-monitor.  There appears
to be a bug in libgtop, but I don't know how to make these messages
fatal in order to produce a backtrace I can use to narrow down where the
problem lies.  What can I do to isolate where in the code the redzone
corruption is occurring?

Additionally, do you have any example code that produces this kind of
redzone corruption?  Thanks.


Joe Marcus Clarke
FreeBSD GNOME Team      ::      gnome at FreeBSD.org
FreeNode / #freebsd-gnome
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20060120/764c65f9/attachment.bin

More information about the freebsd-current mailing list