* [9fans] memory woes
@ 2007-01-05 14:36 sretzki
2007-01-05 14:44 ` erik quanstrom
2007-01-05 14:53 ` Axel Belinfante
0 siblings, 2 replies; 5+ messages in thread
From: sretzki @ 2007-01-05 14:36 UTC (permalink / raw)
To: 9fans
Hi all,
I got this code:
#include <u.h>
#include <libc.h>
void main(int argc, char **argv) {
int i;
char *m00;
for(i=0; i<=5; i++) {
if((m00 = malloc(strlen("Hello World"))) == nil) {
print("drama! [%d]\n",i);
exits("malloc");
}
strcpy(m00,"Hello World");
print("%d> %s\n",i,m00);
free(m00);
}
exits(nil);
}
If I run that, I get:
term% 8c foo.c && 8l foo.8
term% 8.out
0> Hello World
mem user overflow
pool sbrkmem block a460
hdr 0a110c09 00000040 0000104f 00000000 6c6c6548 6f57206f
tail 00000000 00000000 00000000 00000000 00000000 00000000 | ef2d00be 00000040
user data 6c 6f 20 57 6f 72 6c 64 | 00 fe f1 f0 00 00 00 00
panic: pool panic
8.out 1430: suicide: sys: trap: fault read addr=0x0 pc=0x0000324a
term%
Without the free()-call in the loop, it does not crash - why is that? Also, I see programs just get killed without any warning/error-message anywhere - commenting out random free() calls seem to help ^^
Can somebody explain what is going on?
Mfg, Sascha
^ permalink raw reply [flat|nested] 5+ messages in thread* Re: [9fans] memory woes
2007-01-05 14:36 [9fans] memory woes sretzki
@ 2007-01-05 14:44 ` erik quanstrom
2007-01-05 14:51 ` sretzki
2007-01-05 14:53 ` Axel Belinfante
1 sibling, 1 reply; 5+ messages in thread
From: erik quanstrom @ 2007-01-05 14:44 UTC (permalink / raw)
To: 9fans
you are forgetting +1 for the null. you need strlen("Hello World")+1.
- erik
> #include <u.h>
> #include <libc.h>
>
>
> void main(int argc, char **argv) {
> int i;
> char *m00;
>
> for(i=0; i<=5; i++) {
> if((m00 = malloc(strlen("Hello World"))) == nil) {
> print("drama! [%d]\n",i);
> exits("malloc");
> }
> strcpy(m00,"Hello World");
> print("%d> %s\n",i,m00);
> free(m00);
> }
> exits(nil);
> }
^ permalink raw reply [flat|nested] 5+ messages in thread* Re: [9fans] memory woes
2007-01-05 14:44 ` erik quanstrom
@ 2007-01-05 14:51 ` sretzki
0 siblings, 0 replies; 5+ messages in thread
From: sretzki @ 2007-01-05 14:51 UTC (permalink / raw)
To: 9fans
> you are forgetting +1 for the null. you need strlen("Hello World")+1.
Heh! Yeah, true. But then the strcpy() would write into non-allocated area, so why does the free()-call make it crash?
>
> - erik
>
>> #include <u.h>
>> #include <libc.h>
>>
>>
>> void main(int argc, char **argv) {
>> int i;
>> char *m00;
>>
>> for(i=0; i<=5; i++) {
>> if((m00 = malloc(strlen("Hello World"))) == nil) {
>> print("drama! [%d]\n",i);
>> exits("malloc");
>> }
>> strcpy(m00,"Hello World");
>> print("%d> %s\n",i,m00);
>> free(m00);
>> }
>> exits(nil);
>> }
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [9fans] memory woes
2007-01-05 14:36 [9fans] memory woes sretzki
2007-01-05 14:44 ` erik quanstrom
@ 2007-01-05 14:53 ` Axel Belinfante
1 sibling, 0 replies; 5+ messages in thread
From: Axel Belinfante @ 2007-01-05 14:53 UTC (permalink / raw)
To: Fans of the OS Plan 9 from Bell Labs
as Erik wrote you need to allocate one more byte: for the '\0'
at the end of the string.
regarding the crashing and presence/absence of free's:
if I'm not mistaken the blocks returned by malloc are
slightly bigger than the size you requested; at the end
(beyond the requested size) they contain a special bit
pattern that gets overwritten when you try to stuff to
much data in the block.
when a block is returned to the allocator (as done by free)
the special zone bitpattern is checked to catch this
kind of errors, and reported exactly as you see here.
somewhere in the 9fans archive there should be a message
that describes the details of the error message,
see also malloc(2)
Axel.
> I got this code:
> #include <u.h>
> #include <libc.h>
>
>
> void main(int argc, char **argv) {
> int i;
> char *m00;
>
> for(i=0; i<=5; i++) {
> if((m00 = malloc(strlen("Hello World"))) == nil) {
> print("drama! [%d]\n",i);
> exits("malloc");
> }
> strcpy(m00,"Hello World");
> print("%d> %s\n",i,m00);
> free(m00);
> }
> exits(nil);
> }
>
> If I run that, I get:
> term% 8c foo.c && 8l foo.8
> term% 8.out
> 0> Hello World
> mem user overflow
> pool sbrkmem block a460
> hdr 0a110c09 00000040 0000104f 00000000 6c6c6548 6f57206f
> tail 00000000 00000000 00000000 00000000 00000000 00000000 | ef2d00be 0000004
> 0
> user data 6c 6f 20 57 6f 72 6c 64 | 00 fe f1 f0 00 00 00 00
> panic: pool panic
> 8.out 1430: suicide: sys: trap: fault read addr=0x0 pc=0x0000324a
> term%
>
>
> Without the free()-call in the loop, it does not crash - why is that? Also, I
> see programs just get killed without any warning/error-message anywhere - co
> mmenting out random free() calls seem to help ^^
>
> Can somebody explain what is going on?
>
>
> Mfg, Sascha
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [9fans] memory woes
@ 2007-01-05 14:54 erik quanstrom
0 siblings, 0 replies; 5+ messages in thread
From: erik quanstrom @ 2007-01-05 14:54 UTC (permalink / raw)
To: sretzki, 9fans
libpool writes a magic byte at the end of the allocation. if this is not present
when memory is free'd, libpool assumes you've corrupted memory and aborts.
- erik
On Fri Jan 5 09:52:13 EST 2007, sretzki@gmx.de wrote:
> > you are forgetting +1 for the null. you need strlen("Hello World")+1.
>
> Heh! Yeah, true. But then the strcpy() would write into non-allocated area, so why does the free()-call make it crash?
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2007-01-05 14:54 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2007-01-05 14:36 [9fans] memory woes sretzki
2007-01-05 14:44 ` erik quanstrom
2007-01-05 14:51 ` sretzki
2007-01-05 14:53 ` Axel Belinfante
2007-01-05 14:54 erik quanstrom
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).