Bug with pointer corruption when assigning smth to dereferenced pointer (part of a structure)

Marko Turk markoml at markoturk.info
Mon May 9 14:06:55 UTC 2016


On Mon, May 09, 2016 at 01:39:32PM +0000, twilight wrote:
> Hello!
> 
> When I were working on my FreeBSD-powered ThinkPad X200 I encounted a
> bug (not sure what causes that) that produced a segfault. After some
> investigation I were able to cut down the problem to such a small piece
> of code: https://ideone.com/VVtgpG.
> 
> As you can see on ideone, it works absolutely fine.
> But in my case I have:
> 
> ###############################
> In main we've got
> container->first: 0x801006060
> container->last 0x801006060
> container: 0x801006058
> 
> In main after change we've got
> container->first: 0x801006060
> container->last 0x800000005
> container: 0x801006058
> ###############################
> 
> 
> I've wondered if it's hardware related or compiler related, so at first
> I tried to compile with gcc and got the same result. Then, I tried to
> compile and run the same on Ubuntu Live USB (with gcc). Everything
> worked like a charm.
> 
> Here's the generated asm code: http://pastebin.com/8yRyk5nG.
> 
> Any suggestions where to submit the bug or what extra information to
> provide?

Hi,

you have a bug in your code:

Container *container = (Container*) malloc(sizeof(Container*));

This line will not malloc enough space for Container structure.

BR,
Marko
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20160509/cabee0d9/attachment.sig>


More information about the freebsd-questions mailing list