From mboxrd@z Thu Jan 1 00:00:00 1970 Message-Id: <200701051453.l05Er2t16842@zamenhof.cs.utwente.nl> To: Fans of the OS Plan 9 from Bell Labs <9fans@cse.psu.edu> Subject: Re: [9fans] memory woes In-reply-to: Your message of "Fri, 05 Jan 2007 15:36:32 +0100." <329de470156ae34054ae5f9314a37c49@mail.gmx.net> References: <329de470156ae34054ae5f9314a37c49@mail.gmx.net> From: Axel Belinfante MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <16840.1168008782.1@zamenhof.cs.utwente.nl.cs.utwente.nl> Date: Fri, 5 Jan 2007 15:53:02 +0100 Topicbox-Message-UUID: fdf55fb4-ead1-11e9-9d60-3106f5b1d025 as Erik wrote you need to allocate one more byte: for the '\0' at the end of the string. regarding the crashing and presence/absence of free's: if I'm not mistaken the blocks returned by malloc are slightly bigger than the size you requested; at the end (beyond the requested size) they contain a special bit pattern that gets overwritten when you try to stuff to much data in the block. when a block is returned to the allocator (as done by free) the special zone bitpattern is checked to catch this kind of errors, and reported exactly as you see here. somewhere in the 9fans archive there should be a message that describes the details of the error message, see also malloc(2) Axel. > I got this code: > #include > #include > > > void main(int argc, char **argv) { > int i; > char *m00; > > for(i=0; i<=5; i++) { > if((m00 = malloc(strlen("Hello World"))) == nil) { > print("drama! [%d]\n",i); > exits("malloc"); > } > strcpy(m00,"Hello World"); > print("%d> %s\n",i,m00); > free(m00); > } > exits(nil); > } > > If I run that, I get: > term% 8c foo.c && 8l foo.8 > term% 8.out > 0> Hello World > mem user overflow > pool sbrkmem block a460 > hdr 0a110c09 00000040 0000104f 00000000 6c6c6548 6f57206f > tail 00000000 00000000 00000000 00000000 00000000 00000000 | ef2d00be 0000004 > 0 > user data 6c 6f 20 57 6f 72 6c 64 | 00 fe f1 f0 00 00 00 00 > panic: pool panic > 8.out 1430: suicide: sys: trap: fault read addr=0x0 pc=0x0000324a > term% > > > Without the free()-call in the loop, it does not crash - why is that? Also, I > see programs just get killed without any warning/error-message anywhere - co > mmenting out random free() calls seem to help ^^ > > Can somebody explain what is going on? > > > Mfg, Sascha