Bug 64991 - malloc(3) crashes with some large parameters
Summary: malloc(3) crashes with some large parameters
Status: Closed FIXED
Alias: None
Product: Base System
Classification: Unclassified
Component: bin (show other bugs)
Version: 4.9-RELEASE
Hardware: Any Any
: Normal Affects Only Me
Assignee: Poul-Henning Kamp
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-03-31 14:00 UTC by Jinmei Tatuya
Modified: 2004-06-18 10:50 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jinmei Tatuya 2004-03-31 14:00:30 UTC
malloc(3) dumps core for large size parameters around 0xffff0000.

Fix: 

I don't have one.
How-To-Repeat: 
Compile the following code and execute it.  Then something similar to the
following should happen:
% ./foo
malloc: Cannot allocate memory
zsh: 2153 segmentation fault (core dumped)  ./foo

#include <sys/types.h>
#include <sys/param.h>

#include <stdio.h>
#include <stdlib.h>

main()
{
	char *p;

	p = (char *)malloc(0x8fff0000);
	if (p == NULL)
		perror("malloc");
	else
		free(p);

	p = (char *)malloc(0xffff0000);
	if (p == NULL)
		perror("malloc");

	exit(0);
}
Comment 1 Kris Kennaway freebsd_committer 2004-04-01 02:46:27 UTC
Responsible Changed
From-To: freebsd-bugs->phk

Assign to malloc author
Comment 2 sumikawa 2004-04-01 14:40:57 UTC
Note that 5-CURRENT is not affected.  4-STABLE is affected.

-- Sumikawa
Comment 3 Poul-Henning Kamp freebsd_committer 2004-06-18 09:50:15 UTC
State Changed
From-To: open->suspended

I'm not active in releng_4 any more, sorry.
Comment 4 Poul-Henning Kamp freebsd_committer 2004-06-18 10:49:18 UTC
State Changed
From-To: suspended->closed

OK, I'm out of date:  originator says it was fixed in 1.49.2.5.