X-Spam-Check-By: sourceware.org
Message-ID: <efacbe410708080926u6365eb63v381b7fa5d7972b03@mail.gmail.com>
Date: Wed, 8 Aug 2007 12:26:37 -0400
From: "Eric Belanger" <bilange AT gmail DOT com>
To: cygwin AT cygwin DOT com
Subject: Using malloc/realloc along with gdb: heap overflows
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

Hi group,

I'm on my way to learn C using Cygwin (along with the GCC tools) as my
development setup, and it seems that gdb somewhat fails at
reallocating some memory. I have trimmed down my bug to a minimum so I
can test it on other situations, but here's what i've found so far.

- Using gdb warns about heap leaking, SIGTRAPs, then SIGSEGVs if I
choose to continue anyway;
- Simply running the program (in a DOS box) doesnt produce any crashes
or errors, and outputs what I expected
- If I use Debian (Etch), there is no problems at all (even when
running thru gdb) - everything goes as expected.

Here's what gdb warns about:

---- Snippet ----

warning: HEAP[testcase.exe]:
warning: Heap block at 003D3FE0 modified at 003D3FEA past requested size of 2


Program received signal SIGTRAP, Trace/breakpoint trap.
0x7c911231 in ntdll!DbgUiConnectToDbg ()
   from /cygdrive/c/WINDOWS/system32/ntdll.dll
(gdb) c
Continuing.
warning: HEAP[testcase.exe]:
warning: Invalid Address specified to RtlReAllocateHeap( 003D0000, 003D3FE8 )


Program received signal SIGTRAP, Trace/breakpoint trap.
0x7c911231 in ntdll!DbgUiConnectToDbg ()
   from /cygdrive/c/WINDOWS/system32/ntdll.dll
(gdb) c
Continuing.
String: (null)

Program received signal SIGSEGV, Segmentation fault.
0x77c1794a in strncat () from /cygdrive/c/WINDOWS/system32/msvcrt.dll

---- /Snippet ----

Heres my trimmed down test case:

---- Code ----
#include <stdlib.h>
#include <string.h>
#include <stdio.h>

#define TCP_BUFSIZE 2

int main(int argc, char *argv) {
    /* *bufdata and *alldata were part of a recv() winsock procedure, fyi  */
    char *bufdata = malloc(sizeof(char)* (TCP_BUFSIZE / 2));
    int datasize = TCP_BUFSIZE;
    int numbytes = 0;

    char *alldata = malloc(sizeof(char)*datasize);
    memset(alldata,0,strlen(alldata));

    char *teststring = "Just testing realloc and stuff, long string
blah blah blah.";
    char *testptr, *tempdata;
    int i,tslen = strlen(teststring);

	/* copying teststring to alldata by increments of TCP_BUFSIZE ,
	verifying that alldata doesnt get overflowed in the process. */
    for (testptr = teststring,i = 0;i < tslen;testptr = testptr +
TCP_BUFSIZE,i += 2) {
		alldata = strncat(alldata,testptr,TCP_BUFSIZE);
		if (strlen(alldata) >= datasize) {
		    datasize *= 2;
			/* Should check realloc result, but lets keep the testcase simple. */
		    alldata = realloc(alldata,datasize);
		}
		printf("String: %s\n",alldata);
    }
    printf("\nFinal Result: %s",alldata);
    return 0;
}

---- /Code ----

Since i'm quite new about c programming in general, I fear I may have
missed something crucial (feel free to refer me to some docs if it's
the case); but since the ML archive mentionned a few times about
cygwin's gdb memory management issues AND the testcase working on
Linux, i'm not quite sure of the cause of the problem, hence this
e-mail.

Any clues?

Thanks in advance!

- Eric Belanger -- bilange AT gamebox DOT net

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/