Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Date: Wed, 16 Mar 2005 12:50:36 -0500 (EST)
From: Igor Pechtchanski <pechtcha AT cs DOT nyu DOT edu>
Reply-To: cygwin AT cygwin DOT com
To: cygwin AT cygwin DOT com
Subject: Re: autossh crash with 20050314 and earlier cygwin1.dll [autossh maintainer please note]
In-Reply-To: <20050316162949.GA14571@trixie.casa.cgf.cx>
Message-ID: <Pine.GSO.4.61.0503161242550.16048@slinky.cs.nyu.edu>
References: <20050316162949 DOT GA14571 AT trixie DOT casa DOT cgf DOT cx>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII

On Wed, 16 Mar 2005, Christopher Faylor wrote:

> Once I installed a CVS-version of cygwin, I quickly discovered that, as
> Dave Korn unsurprisingly and correctly diagnosed, this is a heap
> corruption problem.  I'd noted that the stack trace which was previously
> provided looked "funny" and I couldn't figure out how cygwin could get
> in the state indicated by the stack trace.  Well, heap corruption is what
> caused the funniness.
>
> The problem is that autossh is freeing the return value of
> gethostbyname().  I can't find any reference which says that is a
> acceptable thing to do.  It certainly screws up cygwin, and I can't
> think of any way to avoid having it screw up cygwin.  Maybe it won't
> screw up other systems since they may not malloc the return value of
> gethostbyname.  I dunno.

This may be a shot in the dark, but don't statically allocated values and
malloc'ed values come from different (and easily distinguishable) address
ranges?  And if so, wouldn't the cost of a range check on every free() be
an acceptable price to pay for avoiding such heap corruption in the
future?  IIRC, the malloc implementation comes from newlib, so this would
have to be some sort of a Cygwin wrapper, I guess...

Note that it's perfectly acceptable to have a program that does something
stupid (like freeing a pointer to a static value) corrupt *its own* heap.
Once the Cygwin data structures are affected, though, something should
probably be done.
Opinions?
	Igor
-- 
				http://cs.nyu.edu/~pechtcha/
      |\      _,,,---,,_		pechtcha AT cs DOT nyu DOT edu
ZZZzz /,`.-'`'    -.  ;-;;,_		igor AT watson DOT ibm DOT com
     |,4-  ) )-,_. ,\ (  `'-'		Igor Pechtchanski, Ph.D.
    '---''(_/--'  `-'\_) fL	a.k.a JaguaR-R-R-r-r-r-.-.-.  Meow!

"The Sun will pass between the Earth and the Moon tonight for a total
Lunar eclipse..." -- WCBS Radio Newsbrief, Oct 27 2004, 12:01 pm EDT

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/