Bug 64991

Summary: malloc(3) crashes with some large parameters
Product: Base System Reporter: Jinmei Tatuya <jinmei>
Component: binAssignee: Poul-Henning Kamp <phk>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: 4.9-RELEASE   
Hardware: Any   
OS: Any   

Description Jinmei Tatuya 2004-03-31 14:00:30 UTC 
malloc(3) dumps core for large size parameters around 0xffff0000.

Fix: 

I don't have one.
How-To-Repeat: 
Compile the following code and execute it.  Then something similar to the
following should happen:
% ./foo
malloc: Cannot allocate memory
zsh: 2153 segmentation fault (core dumped)  ./foo

#include <sys/types.h>
#include <sys/param.h>

#include <stdio.h>
#include <stdlib.h>

main()
{
	char *p;

	p = (char *)malloc(0x8fff0000);
	if (p == NULL)
		perror("malloc");
	else
		free(p);

	p = (char *)malloc(0xffff0000);
	if (p == NULL)
		perror("malloc");

	exit(0);
}
Comment 1 Kris Kennaway freebsd_committer freebsd_triage 2004-04-01 02:46:27 UTC 
Responsible Changed
From-To: freebsd-bugs->phk

Assign to malloc author
Comment 2 sumikawa 2004-04-01 14:40:57 UTC 
Note that 5-CURRENT is not affected.  4-STABLE is affected.

-- Sumikawa
Comment 3 Poul-Henning Kamp freebsd_committer freebsd_triage 2004-06-18 09:50:15 UTC 
State Changed
From-To: open->suspended

I'm not active in releng_4 any more, sorry.
Comment 4 Poul-Henning Kamp freebsd_committer freebsd_triage 2004-06-18 10:49:18 UTC 
State Changed
From-To: suspended->closed

OK, I'm out of date:  originator says it was fixed in 1.49.2.5.