delorie.com/archives/browse.cgi | search |
X-Authentication-Warning: | delorie.com: mail set sender to djgpp-bounces using -f |
X-Recipient: | djgpp AT delorie DOT com |
X-Original-DKIM-Signature: | v=1; a=rsa-sha256; c=relaxed/relaxed; |
d=gmail.com; s=20161025; | |
h=subject:to:references:from:message-id:date:user-agent:mime-version | |
:in-reply-to:content-transfer-encoding:content-language; | |
bh=yI3SwO6rT3Wm97l8K+wYh70FYj1du9JGkZ4YytITqwU=; | |
b=Fx2PvkzOCfXQqgIoKBzQnkTvNCDJZQIAy2l1fzfxTXgCeakbo8ZuFwe4ur6EIRn8Ub | |
jPHZr7dim6MKkdYu36e859p/eSJB05ktnNev3zKg60C7ZIPIVo83BFd6fIb8F7oO3wB/ | |
HwCDtNL65OURUqVvVZKbBgwDPa9ZYZ7TRq2ZZYPTvdLBdQywne6aJ84jO2pmPE02q+L1 | |
UB5+FOFz6oO4a8PE63JUYlBYqSFPrN6zHRbs70vGYWq/X6g0qh/qGxlpev30qM2M6cyP | |
iLTJnGeJDitGg+Id34Rl3yp9H2TuSLkHl8ZjUKw5vlNTFkJQY6kjGxlDN62+IhA5PLrk | |
1Wtg== | |
X-Google-DKIM-Signature: | v=1; a=rsa-sha256; c=relaxed/relaxed; |
d=1e100.net; s=20161025; | |
h=x-gm-message-state:subject:to:references:from:message-id:date | |
:user-agent:mime-version:in-reply-to:content-transfer-encoding | |
:content-language; | |
bh=yI3SwO6rT3Wm97l8K+wYh70FYj1du9JGkZ4YytITqwU=; | |
b=iBGDwSjl/U3ckZvAVQTG7vjltjJhyz4lJmpVqP9q6Tg/KET+N3/iT/+Q0H/LWsncKh | |
03HFiqXMaJJAVx6VP4UYRKHlmm16YFaLmYiXdlW+UQEYjJWU09POj50DH4WDE6OqqxPR | |
OENMQfjauRUR25eqOaypdtzHvWWUIKsEmkCzpFVBAXNHTPJ67r0Z6cCMVk/Il+5R2VR8 | |
t9bx5xg8QYA+u4RytzCbV27Ja0TUnvEQtWb2zfdTSkoTjPAnpbc7QIx8PWCpTwOADDuv | |
pH9h3vLP8PHu1seJMYE55vs45PgEzOMQ9kKVii152QF1BCrJe5UlnnPgUQ5fzpPp8HFv | |
RaqQ== | |
X-Gm-Message-State: | APjAAAU+Rur4zFNoT2qsfpmX1ga/5vAFOtFoQZSe76jgtNpSnC3nQDfz |
bpKCrc56+29s+dONDcl/2dUYEYa7 | |
X-Google-Smtp-Source: | APXvYqwooyWWSvp+gAMOO7einoLggs1yy1xJWnvKzD6VwxRgcoZYkZk8TO7lXj8o8tuxXHlzuw/oiw== |
X-Received: | by 2002:a0c:bd9a:: with SMTP id n26mr19577071qvg.25.1560749314168; |
Sun, 16 Jun 2019 22:28:34 -0700 (PDT) | |
Subject: | Re: malloc() returns pointer to already allocated memory |
To: | djgpp AT delorie DOT com |
References: | <158e5d20-0a90-4beb-de48-da328379d8fb AT gmail DOT com> |
<qe76u1$1kj8$1 AT gioia DOT aioe DOT org> | |
From: | "Frank Sapone (emoaddict15 AT gmail DOT com) [via djgpp AT delorie DOT com]" <djgpp AT delorie DOT com> |
Message-ID: | <f0b68226-f6f4-244a-6dd5-a8ecbabb584b@gmail.com> |
Date: | Mon, 17 Jun 2019 01:28:32 -0400 |
User-Agent: | Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 |
Thunderbird/60.7.1 | |
MIME-Version: | 1.0 |
In-Reply-To: | <qe76u1$1kj8$1@gioia.aioe.org> |
Reply-To: | djgpp AT delorie DOT com |
Errors-To: | nobody AT delorie DOT com |
X-Mailing-List: | djgpp AT delorie DOT com |
X-Unsubscribes-To: | listserv AT delorie DOT com |
On 6/17/2019 1:05 AM, Rod Pemberton wrote: > On Mon, 17 Jun 2019 02:27:18 +0200 > "J.W. Jagersma (jwjagersma AT gmail DOT com) [via djgpp AT delorie DOT com]" > <djgpp AT delorie DOT com> wrote: > >> I ran into this issue with malloc(). It seems that, given enough >> allocations, malloc() will eventually return a pointer into already >> allocated memory. >> >> The attached program is able to reproduce this rather consistently, >> but only under cwsdpmi. It also only happens if the memory has >> previously been written to (suggesting a paging issue?). However the >> code that first led me to investigate this also exhibits the same >> problem under hdpmi. As such, I'm still not entirely convinced that >> this initial issue wasn't caused by my own code. I also find it hard >> to believe that no one else noticed this rather obvious problem >> before me. Still, the attached program demonstrates this clobbering >> issue, and I think this would warrant further investigation. >> >> Any insight is much appreciated. >> > First problem is trivial. The code doesn't compile with older DJGPP > v1.3. The declaration of 'i' within the for() loop errors, but other > C99 declarations only warn. > > Second problem is you don't call memset() prior to using memory, nor > free() after you're done using it. Of course, calling memset() would > prevent your method of "clobber" detection from working. But, not > calling memset() means you don't know if the magic clobber value is: > a) from you setting it within your program, or > b) from some random garbage values in memory. > > Third problem is you apparently didn't test the program without the > "p[i] = magic;" line. If you had, you would've noticed that your > program clobbers even without setting memory to magic values. In > other words, memory is filled with random values, since it wasn't > cleared by memset(). Also, some of those random values happen to > match your program's random magic value used to detect clobbered memory. > > Fourth problem is that you can't actually confirm if memory is being > clobbered from within a C program for two reasons: inability to > distinguish a magic value from an identical random value in memory > which hasn't been cleared, and the inability in C to allocate, clear, > and free memory, prior to the re-use of the exact same memory for a > clobber test. To test this issue properly requires a modified version > of the memory allocator, i.e., CWSDPMI in this case. > > Finally, you didn't report which version of DJGPP, or CWSDPMI, and > whether or not your code is operating in a Windows 98/SE/ME/XP etc > console. When operating in a Windows console, CWSDPMI is not being > used. The Windows DPMI host is being used. > > > Rod Pemberton Hi Rod, Good points. I was thinking some of the same things when I read this post earlier, but I am not as much of a C guru as others here. My initial thoughts were that memset was not being called and that it was a random integer for the magic value that there is a possibility of grabbing the same value. Frank
webmaster | delorie software privacy |
Copyright © 2019 by DJ Delorie | Updated Jul 2019 |