Bug 20862

Summary: malloc() generates SIGSEGV
Product: Base System Reporter: jml <jml>
Component: miscAssignee: Poul-Henning Kamp <phk>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: 4.1-RELEASE   
Hardware: Any   
OS: Any   

Description jml 2000-08-26 15:00:00 UTC 
malloc() says "recursive call" and gives a SIGSEGV when called with a
nasty size value (0xffff0000..0xfffefff qualify). The
wraparound check added with kern/2964 was apparently not sufficient :-)

How-To-Repeat: void *foo = malloc(0xffff0000);
Comment 1 Sheldon Hearn freebsd_committer freebsd_triage 2000-08-28 10:58:03 UTC 
Responsible Changed
From-To: freebsd-bugs->phk

Poul-Henning closed kern/2964.
Comment 2 Poul-Henning Kamp freebsd_committer freebsd_triage 2000-09-16 20:55:46 UTC 
State Changed
From-To: open->closed

I cannot reproduce this.  Are you sure you don't have a signal handler 
or something which directly or indirectly calls malloc ?