64991 – malloc(3) crashes with some large parameters

Bug 64991 - malloc(3) crashes with some large parameters

Summary: malloc(3) crashes with some large parameters

Status:	Closed FIXED

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	bin (show other bugs)
Version:	4.9-RELEASE
Hardware:	Any Any

Importance:	Normal Affects Only Me
Assignee:	Poul-Henning Kamp

URL:
Keywords:

Depends on:
Blocks:

Reported:	2004-03-31 14:00 UTC by Jinmei Tatuya
Modified:	2004-06-18 10:50 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jinmei Tatuya 2004-03-31 14:00:30 UTC

malloc(3) dumps core for large size parameters around 0xffff0000.

Fix: 

I don't have one.
How-To-Repeat: 
Compile the following code and execute it.  Then something similar to the
following should happen:
% ./foo
malloc: Cannot allocate memory
zsh: 2153 segmentation fault (core dumped)  ./foo

#include <sys/types.h>
#include <sys/param.h>

#include <stdio.h>
#include <stdlib.h>

main()
{
	char *p;

	p = (char *)malloc(0x8fff0000);
	if (p == NULL)
		perror("malloc");
	else
		free(p);

	p = (char *)malloc(0xffff0000);
	if (p == NULL)
		perror("malloc");

	exit(0);
}

Comment 1 Kris Kennaway freebsd_committer

2004-04-01 02:46:27 UTC

Responsible Changed
From-To: freebsd-bugs->phk

Assign to malloc author

Comment 2 sumikawa 2004-04-01 14:40:57 UTC

Note that 5-CURRENT is not affected.  4-STABLE is affected.

-- Sumikawa

Comment 3 Poul-Henning Kamp freebsd_committer

2004-06-18 09:50:15 UTC

State Changed
From-To: open->suspended

I'm not active in releng_4 any more, sorry.

Comment 4 Poul-Henning Kamp freebsd_committer

2004-06-18 10:49:18 UTC

State Changed
From-To: suspended->closed

OK, I'm out of date:  originator says it was fixed in 1.49.2.5.