delorie.com/archives/browse.cgi   search  
Mail Archives: djgpp/2019/06/17/01:32:17

X-Authentication-Warning: delorie.com: mail set sender to djgpp-bounces using -f
X-Recipient: djgpp AT delorie DOT com
X-Original-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20161025;
h=subject:to:references:from:message-id:date:user-agent:mime-version
:in-reply-to:content-transfer-encoding:content-language;
bh=yI3SwO6rT3Wm97l8K+wYh70FYj1du9JGkZ4YytITqwU=;
b=Fx2PvkzOCfXQqgIoKBzQnkTvNCDJZQIAy2l1fzfxTXgCeakbo8ZuFwe4ur6EIRn8Ub
jPHZr7dim6MKkdYu36e859p/eSJB05ktnNev3zKg60C7ZIPIVo83BFd6fIb8F7oO3wB/
HwCDtNL65OURUqVvVZKbBgwDPa9ZYZ7TRq2ZZYPTvdLBdQywne6aJ84jO2pmPE02q+L1
UB5+FOFz6oO4a8PE63JUYlBYqSFPrN6zHRbs70vGYWq/X6g0qh/qGxlpev30qM2M6cyP
iLTJnGeJDitGg+Id34Rl3yp9H2TuSLkHl8ZjUKw5vlNTFkJQY6kjGxlDN62+IhA5PLrk
1Wtg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:subject:to:references:from:message-id:date
:user-agent:mime-version:in-reply-to:content-transfer-encoding
:content-language;
bh=yI3SwO6rT3Wm97l8K+wYh70FYj1du9JGkZ4YytITqwU=;
b=iBGDwSjl/U3ckZvAVQTG7vjltjJhyz4lJmpVqP9q6Tg/KET+N3/iT/+Q0H/LWsncKh
03HFiqXMaJJAVx6VP4UYRKHlmm16YFaLmYiXdlW+UQEYjJWU09POj50DH4WDE6OqqxPR
OENMQfjauRUR25eqOaypdtzHvWWUIKsEmkCzpFVBAXNHTPJ67r0Z6cCMVk/Il+5R2VR8
t9bx5xg8QYA+u4RytzCbV27Ja0TUnvEQtWb2zfdTSkoTjPAnpbc7QIx8PWCpTwOADDuv
pH9h3vLP8PHu1seJMYE55vs45PgEzOMQ9kKVii152QF1BCrJe5UlnnPgUQ5fzpPp8HFv
RaqQ==
X-Gm-Message-State: APjAAAU+Rur4zFNoT2qsfpmX1ga/5vAFOtFoQZSe76jgtNpSnC3nQDfz
bpKCrc56+29s+dONDcl/2dUYEYa7
X-Google-Smtp-Source: APXvYqwooyWWSvp+gAMOO7einoLggs1yy1xJWnvKzD6VwxRgcoZYkZk8TO7lXj8o8tuxXHlzuw/oiw==
X-Received: by 2002:a0c:bd9a:: with SMTP id n26mr19577071qvg.25.1560749314168;
Sun, 16 Jun 2019 22:28:34 -0700 (PDT)
Subject: Re: malloc() returns pointer to already allocated memory
To: djgpp AT delorie DOT com
References: <158e5d20-0a90-4beb-de48-da328379d8fb AT gmail DOT com>
<qe76u1$1kj8$1 AT gioia DOT aioe DOT org>
From: "Frank Sapone (emoaddict15 AT gmail DOT com) [via djgpp AT delorie DOT com]" <djgpp AT delorie DOT com>
Message-ID: <f0b68226-f6f4-244a-6dd5-a8ecbabb584b@gmail.com>
Date: Mon, 17 Jun 2019 01:28:32 -0400
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101
Thunderbird/60.7.1
MIME-Version: 1.0
In-Reply-To: <qe76u1$1kj8$1@gioia.aioe.org>
Reply-To: djgpp AT delorie DOT com
Errors-To: nobody AT delorie DOT com
X-Mailing-List: djgpp AT delorie DOT com
X-Unsubscribes-To: listserv AT delorie DOT com

On 6/17/2019 1:05 AM, Rod Pemberton wrote:
> On Mon, 17 Jun 2019 02:27:18 +0200
> "J.W. Jagersma (jwjagersma AT gmail DOT com) [via djgpp AT delorie DOT com]"
> <djgpp AT delorie DOT com> wrote:
>
>> I ran into this issue with malloc(). It seems that, given enough
>> allocations, malloc() will eventually return a pointer into already
>> allocated memory.
>>
>> The attached program is able to reproduce this rather consistently,
>> but only under cwsdpmi. It also only happens if the memory has
>> previously been written to (suggesting a paging issue?). However the
>> code that first led me to investigate this also exhibits the same
>> problem under hdpmi. As such, I'm still not entirely convinced that
>> this initial issue wasn't caused by my own code. I also find it hard
>> to believe that no one else noticed this rather obvious problem
>> before me. Still, the attached program demonstrates this clobbering
>> issue, and I think this would warrant further investigation.
>>
>> Any insight is much appreciated.
>>
> First problem is trivial.  The code doesn't compile with older DJGPP
> v1.3.  The declaration of 'i' within the for() loop errors, but other
> C99 declarations only warn.
>
> Second problem is you don't call memset() prior to using memory, nor
> free() after you're done using it.  Of course, calling memset() would
> prevent your method of "clobber" detection from working.  But, not
> calling memset() means you don't know if the magic clobber value is:
> a) from you setting it within your program, or
> b) from some random garbage values in memory.
>
> Third problem is you apparently didn't test the program without the
> "p[i] = magic;" line.  If you had, you would've noticed that your
> program clobbers even without setting memory to magic values. In
> other words, memory is filled with random values, since it wasn't
> cleared by memset().  Also, some of those random values happen to
> match your program's random magic value used to detect clobbered memory.
>
> Fourth problem is that you can't actually confirm if memory is being
> clobbered from within a C program for two reasons: inability to
> distinguish a magic value from an identical random value in memory
> which hasn't been cleared, and the inability in C to allocate, clear,
> and free memory, prior to the re-use of the exact same memory for a
> clobber test.  To test this issue properly requires a modified version
> of the memory allocator, i.e., CWSDPMI in this case.
>
> Finally, you didn't report which version of DJGPP, or CWSDPMI, and
> whether or not your code is operating in a Windows 98/SE/ME/XP etc
> console.  When operating in a Windows console, CWSDPMI is not being
> used.  The Windows DPMI host is being used.
>
>
> Rod Pemberton

Hi Rod,

Good points.  I was thinking some of the same things when I read this 
post earlier, but I am not as much of a C guru as others here.  My 
initial thoughts were that memset was not being called and that it was a 
random integer for the magic value that there is a possibility of 
grabbing the same value.

Frank

- Raw text -


  webmaster     delorie software   privacy  
  Copyright © 2019   by DJ Delorie     Updated Jul 2019