[3350] in Athena Bugs
minor malloc bugs
daemon@ATHENA.MIT.EDU (Ken Raeburn)
Wed Oct 4 12:04:40 1989
Date: Wed, 4 Oct 89 12:03:34 -0400
From: Ken Raeburn <Raeburn@MIT.EDU>
To: 4bsd-bugs@BERKELEY.EDU
Cc: bugs@ATHENA.MIT.EDU
Cc: Ezra Peisach <epeisach@MIT.EDU>
Due to inappropriate `unsigned' declarations in malloc.c, some oddball
cases are not properly handled:
1. sbrk is used before malloc, and the resulting brk value is just
under a page boundary
2. realloc is called on memory that was never allocated by malloc
Shar file below contains two test files that demonstrate the problem,
and a patch to fix it, based on 4.3BSD-Tahoe version.
(Problem and fix courtesy of Ezra Peisach.)
#! /bin/sh
# This is a shell archive. Remove anything before this line, then unpack
# it by saving it into a file and typing "sh file". To overwrite existing
# files, type "sh file -c". You can also feed this as standard input via
# unshar, or by typing "sh <file", e.g.. If this archive is complete, you
# will see the following message at the end:
# "End of shell archive."
# Contents: test1.c test2.c malloc.patch
# Wrapped by raeburn@prometheus on Wed Oct 4 11:51:45 1989
PATH=/bin:/usr/bin:/usr/ucb ; export PATH
if test -f 'test1.c' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'test1.c'\"
else
echo shar: Extracting \"'test1.c'\" \(468 characters\)
sed "s/^X//" >'test1.c' <<'END_OF_FILE'
X#include <sys/types.h>
X
Xmain()
X{
X int n;
X char *op;
X int result[10];
X
X n = getpagesize();
X
X op = (char *) sbrk(0);
X
X n = n -((int)op & (n - 1)) -1; /* The one should put us within 1 of the top*/
X op = (char *) sbrk(n) + n -1 ;
X *op = 72;
X result[0] = *op;
X result[1] = sbrk(0);
X result[2] = malloc(20);
X result[3] = *op;
X printf("op= %x, initial value = %d, sbrk=%x, malloc=%x, newvalue = %d\n",
X op, result[0], result[1], result[2], result[3]);
X
X}
X
END_OF_FILE
if test 468 -ne `wc -c <'test1.c'`; then
echo shar: \"'test1.c'\" unpacked with wrong size!
fi
# end of 'test1.c'
fi
if test -f 'test2.c' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'test2.c'\"
else
echo shar: Extracting \"'test2.c'\" \(154 characters\)
sed "s/^X//" >'test2.c' <<'END_OF_FILE'
Xchar *a = "Hello there wilbur";
Xchar *b = "The wind is nice";
X
Xchar *realloc();
X
Xmain()
X{
X char *c;
X
X c = realloc(a, 30);
X printf("%s, there\n", c);
X}
END_OF_FILE
if test 154 -ne `wc -c <'test2.c'`; then
echo shar: \"'test2.c'\" unpacked with wrong size!
fi
# end of 'test2.c'
fi
if test -f 'malloc.patch' -a "${1}" != "-c" ; then
echo shar: Will not clobber existing file \"'malloc.patch'\"
else
echo shar: Extracting \"'malloc.patch'\" \(819 characters\)
sed "s/^X//" >'malloc.patch' <<'END_OF_FILE'
X*** /tmp/,RCSt1007870 Wed Oct 4 11:44:39 1989
X--- malloc.c Wed Oct 4 11:36:35 1989
X***************
X*** 99,106 ****
X unsigned nbytes;
X {
X register union overhead *op;
X! register int bucket;
X! register unsigned amt, n;
X
X /*
X * First time malloc is called, setup page size and
X--- 99,106 ----
X unsigned nbytes;
X {
X register union overhead *op;
X! register int bucket, n;
X! register unsigned amt;
X
X /*
X * First time malloc is called, setup page size and
X***************
X*** 266,272 ****
X char *cp;
X unsigned nbytes;
X {
X! register u_int onb, i;
X union overhead *op;
X char *res;
X int was_alloced = 0;
X--- 266,273 ----
X char *cp;
X unsigned nbytes;
X {
X! register u_int onb;
X! register int i;
X union overhead *op;
X char *res;
X int was_alloced = 0;
END_OF_FILE
if test 819 -ne `wc -c <'malloc.patch'`; then
echo shar: \"'malloc.patch'\" unpacked with wrong size!
fi
# end of 'malloc.patch'
fi
echo shar: End of shell archive.
exit 0
