X-Authentication-Warning: delorie.com: mail set sender to djgpp-bounces using -f X-Recipient: djgpp AT delorie DOT com X-Original-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:openpgp:autocrypt:message-id:date :user-agent:mime-version:in-reply-to:content-language; bh=/qPiPYUemxV4ep8WGp6PwZe8WnLF97Ty6De0G54Ktic=; b=iQAEqMXh2wo5xE8Sp8Gt6qbCSPjCx8KU2cpAChU31LgXB6bD8lMPwxFvprFSs4svoQ D7pYMToopF07cHI6Tr1Swy1Bf0LTa1Qsg76luogQmWhNfxj2M6ndjTxE3FANgDXQfF9/ SwBg0Tp0YHt9lYwFdC4B9D2TbXpB7YGkEVWPiOc/fxE5sKaNfIrGL/6G7rBNIVj0N6Si mOIUDMBznP/LXzDKfu5ODpLS9Yo1u1ahOp1V8CqKjj0hoOmCMUrq03RVoAOQiuyUtCqr RASLEeWOjyxgBVns8PNQCuF6pYNpYtgGfj5MPQ8PUVgIbSPyjcvOC7+XwkJXVtkIevWp W74A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:openpgp:autocrypt :message-id:date:user-agent:mime-version:in-reply-to :content-language; bh=/qPiPYUemxV4ep8WGp6PwZe8WnLF97Ty6De0G54Ktic=; b=re+uWzkyp3Iq4ygqXcsdBhHIisxRGu+vpeWVVNWtx9IqAeJyLJwt14w8OI4u691Vv3 Hz1fbtGuVRm8erD6YeEPu9VFCq1FLBUqjSCsUT49XKnNnGilytSvBCdUZsSf92kFOjvA n7MncBC3xveOUk5OSUub8TS7e9wM0vUL+domcgkOcF1WlQhByuxHMmOWuQrKaffDAZ/8 V09pWXcL860d+6wW4VjzlJTmXdi9Eng6zW2OzU064qF1yZFSP0qI6Ud59gDfeurMKQxR ze2ijOlkZMa7k1ukjDWZIVeTJnCs8+D6lRe3CXKjadPwUEyaMjKPA0pDggPaSzDXGqro tDEg== X-Gm-Message-State: APjAAAUTIbAg1xS5tcRYe0YmstFHBdCh1v3WHsp9hWxdCujK5QfCg/U7 m+GWp0SM9U51ELMS1vPUomlPyUsq X-Google-Smtp-Source: APXvYqynPSXRNT5n0QMODEFEoRYapf1SQH8fjynC1TQJ8NDFdaJBFKowylNtXtpq1xcTti/PTZ4/dw== X-Received: by 2002:a17:906:28c4:: with SMTP id p4mr2292602ejd.181.1560805992439; Mon, 17 Jun 2019 14:13:12 -0700 (PDT) Subject: Re: malloc() returns pointer to already allocated memory To: djgpp AT delorie DOT com References: <158e5d20-0a90-4beb-de48-da328379d8fb AT gmail DOT com> <83tvcoth73 DOT fsf AT gnu DOT org> <12f60f52-addf-939d-8eee-e8f67a95715c AT gmail DOT com> <83imt4t9zu DOT fsf AT gnu DOT org> From: "J.W. Jagersma (jwjagersma AT gmail DOT com) [via djgpp AT delorie DOT com]" Openpgp: id=D1694EA4DA1338AF4905293BA5102F469FA45960 Autocrypt: addr=jwjagersma AT gmail DOT com; prefer-encrypt=mutual; keydata= mJMEWlMYlBMJKyQDAwIIAQENBAMEORD9eiW30pI0XzJbuE7/4WF3ZyEOkpRgrmZnpTRmzXMW z22N+2YrczEM+q+NzM/wn8XOVH4hZ7eSaUsLT86YLS+gF/F44IbRZVCHxdrL+qSQQ0SafwDM Aaddx2azX+6MtlFO2B6oDbCHT7Nn5oQi3IgR+pgBzaCkfxyOnU1wjvO0JEouVy4gSmFnZXJz bWEgPGp3amFnZXJzbWFAZ21haWwuY29tPojQBBMTCgA4FiEE0WlOpNoTOK9JBSk7pRAvRp+k WWAFAlpTGJQCGwMFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQpRAvRp+kWWA3xAH/WIBG sLngyIrTsn5uKz4JygtlCfjMRRSwl3/UIaW96VvIM/wUyzHl+vlyLmuclOjAiTVia/Js03Ar zB9iCHZQ0QH/W8cRwHjRNZRukU2IR8eqoGsl6hTUrrAAOKOVO04wrjO4jGDHg3Sw2GxBx7Md mD0QRId/gFwR/1UWS0jBdSUWC7iXBFpTGJQSCSskAwMCCAEBDQQDBFipNF/RUEAer/hhT6yJ 5no1ZLAZgpypvWZ3xJSrBKmcDTaOmNKNRrw1dNtSZ6M6wYcBmtCq7uvR5iiGyK3nD+olwe7a 4WDkhEEvbmdAYl2LnBsYeyruoW+N+KiMalvf9SphDmBi2NwdSZ1IhnBpxlUns8jqlgZGvG1G xE1sleq7AwEKCYi4BBgTCgAgFiEE0WlOpNoTOK9JBSk7pRAvRp+kWWAFAlpTGJQCGwwACgkQ pRAvRp+kWWBnyAH+JLrW/cK2aVDvq2nxn471opBgHyExzMi0hvbuy8BjyEt+AfL0RNCFcdds CQakIGDv5k69TAgOftECgASwv6CG5wH8D3jnksh6YvYMf0hCBlSfwJ5ehIeqQTj0m2410RgC KWywqmfU1X5YVXgmuXatRNgV/ggXS2Q7GnSP/StQzlh3sQ== Message-ID: Date: Mon, 17 Jun 2019 23:12:06 +0200 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.7.1 MIME-Version: 1.0 In-Reply-To: <83imt4t9zu.fsf@gnu.org> Content-Type: multipart/mixed; boundary="------------0C9C59910C4DFBD584C39519" Content-Language: en-US Reply-To: djgpp AT delorie DOT com Errors-To: nobody AT delorie DOT com X-Mailing-List: djgpp AT delorie DOT com X-Unsubscribes-To: listserv AT delorie DOT com Precedence: bulk This is a multi-part message in MIME format. --------------0C9C59910C4DFBD584C39519 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit On 2019-06-17 19:08, Eli Zaretskii (eliz AT gnu DOT org) [via djgpp AT delorie DOT com] wrote: >> From: "J.W. Jagersma (jwjagersma AT gmail DOT com) [via djgpp AT delorie DOT com]" >> Date: Mon, 17 Jun 2019 18:46:24 +0200 >> >>> Right. There's a startup flag that a program could optionally set to >>> request that allocated memory be filled with a specific fixed value, >>> then tests for clobbering could work. See the documentation of >>> _crt0_startup_flags in the libc manual. >>> >> >> If the issue is caused by the dpmi host or sbrk(), then I think enabling >> the _CRT0_FLAG_FILL_SBRK_MEMORY flag would mask this bug. > > How can it? sbrk cannot possibly cause this because your program > doesn't sound like one that would ever release sbrk'ed memory back to > the DPMI host. And malloc just fills the buffer it hands to you, > there's no effect of this flag on the address of that buffer. The zero-fill is performed at the end of sbrk (src/libc/crt0/crt0.S:614), so a bug like this has to originate before that point; either in sbrk itself, or the dpmi host. If at any point before the zero-fill the same pointer is returned twice (or possibly different pointers mapped to the same memory), you wouldn't be able to detect that. >> With this flag enabled, the test does complete successfully on >> cwsdpmi. > > Which probably means your detection of "already allocated" is flawed > in some sense. All this flag does is wipe out any possible garbage in > the memory you get from malloc, left-overs from previous allocations; > the flag AFAIR has no other effects on the algorithms of malloc. If you never free anything, as the test program does, you wouldn't expect there to be any leftovers from previous allocations. However I have written a new test case (attached) which saves and checks previously allocated pointers for aliasing. It's been running for a while and so far failed to find any. So it appears that the "clobbering" I was initially seeing is an artifact of the way cwsdpmi allocates new pages, apparently it sporadically clones some data from other pages. --------------0C9C59910C4DFBD584C39519 Content-Type: text/plain; charset=UTF-8; name="malloc2.c" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="malloc2.c" I2luY2x1ZGUgPHN0ZGxpYi5oPg0KI2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3Ry aW5nLmg+DQojaW5jbHVkZSA8dGltZS5oPg0KI2luY2x1ZGUgPGNydDAuaD4NCg0KaW50IF9j cnQwX3N0YXJ0dXBfZmxhZ3MgPSAwOyAvKiB8IF9DUlQwX0ZMQUdfRklMTF9TQlJLX01FTU9S WTsgKi8NCg0KaW50IG1haW4oKQ0Kew0KICAgIHNyYW5kKHJhd2Nsb2NrKCkpOw0KICAgIGNv bnN0IGludCBtYWdpYyA9IHJhbmQoKTsNCiAgICBwcmludGYoInVzaW5nIG1hZ2ljPSV4XG4i LCBtYWdpYyk7DQogICAgDQogICAgY29uc3QgaW50IHNpemUgPSAweDEwMDA7DQogICAgY29u c3QgaW50IGFycmF5X3NpemUgPSAoMSA8PCAzMCkgLyAoc2l6ZSAqIHNpemVvZihpbnQpKTsN CiAgICBpbnQqKiBhcnJheSA9IG1hbGxvYyhhcnJheV9zaXplICogc2l6ZW9mKGludCopKTsN CiAgICBwcmludGYoInBvaW50ZXIgdGFibGUgYWxsb2NhdGVkIGZyb20gJXggdG8gJXhcbiIs IGFycmF5LCBhcnJheSArIGFycmF5X3NpemUpOw0KICAgIGZvciAoaW50IGkgPSAwOyBpIDwg YXJyYXlfc2l6ZTsgKytpKQ0KICAgICAgICBhcnJheVtpXSA9IChpbnQqKW1hZ2ljOw0KICAg IA0KICAgIGZvciAoaW50IGkgPSAwOyBpIDwgYXJyYXlfc2l6ZTsgKytpKQ0KICAgIHsNCiAg ICAgICAgaW50KiBwID0gbWFsbG9jKHNpemUgKiBzaXplb2YoaW50KSk7DQogICAgICAgIGlm IChwID09IE5VTEwpDQogICAgICAgIHsNCiAgICAgICAgICAgIHByaW50Zigib2suIChvdXQg b2YgbWVtb3J5KVxuIik7DQogICAgICAgICAgICByZXR1cm4gMDsNCiAgICAgICAgfQ0KICAg ICAgICBhcnJheVtpXSA9IHA7DQogICAgICAgIA0KICAgICAgICBmb3IgKGludCBqID0gMDsg aiA8IHNpemU7ICsraikNCiAgICAgICAgew0KICAgICAgICAgICAgaWYgKHBbal0gPT0gbWFn aWMpDQogICAgICAgICAgICB7DQogICAgICAgICAgICAgICAgcHJpbnRmKCJtYWdpYyBmb3Vu ZCBhdCAleFxuIiwgcCArIGopOw0KICAgICAgICAgICAgICAgIGNvbnN0IGludCBtYWdpYzIg PSB+bWFnaWM7DQogICAgICAgICAgICAgICAgcFtqXSA9IG1hZ2ljMjsNCiAgICAgICAgICAg ICAgICBmb3IgKGludCBrID0gMDsgayA8IGFycmF5X3NpemU7ICsraykNCiAgICAgICAgICAg ICAgICB7DQogICAgICAgICAgICAgICAgICAgIGlmICgoaW50KWFycmF5W2tdID09IG1hZ2lj MikNCiAgICAgICAgICAgICAgICAgICAgew0KICAgICAgICAgICAgICAgICAgICAgICAgcHJp bnRmKCJwb2ludGVycyAleCBhbmQgJXggYXJlIGlkZW50aWNhbC4iLCBhcnJheSArIGssIHAg KyBqKTsNCiAgICAgICAgICAgICAgICAgICAgICAgIHJldHVybiAtMTsNCiAgICAgICAgICAg ICAgICAgICAgfQ0KICAgICAgICAgICAgICAgICAgICBpZiAoayA+PSBpKSBjb250aW51ZTsN CiAgICAgICAgICAgICAgICAgICAgZm9yIChpbnQgbCA9IDA7IGwgPCBzaXplOyArK2wpDQog ICAgICAgICAgICAgICAgICAgIHsNCiAgICAgICAgICAgICAgICAgICAgICAgIGlmIChhcnJh eVtrXVtsXSA9PSBtYWdpYzIpDQogICAgICAgICAgICAgICAgICAgICAgICB7DQogICAgICAg ICAgICAgICAgICAgICAgICAgICAgcHJpbnRmKCJwb2ludGVycyAleCBhbmQgJXggYXJlIGlk ZW50aWNhbC4iLCBhcnJheVtrXSArIGwsIHAgKyBqKTsNCiAgICAgICAgICAgICAgICAgICAg ICAgICAgICByZXR1cm4gLTE7DQogICAgICAgICAgICAgICAgICAgICAgICB9DQogICAgICAg ICAgICAgICAgICAgIH0NCiAgICAgICAgICAgICAgICB9DQogICAgICAgICAgICB9DQogICAg ICAgICAgICBwW2pdID0gbWFnaWM7DQogICAgICAgIH0NCiAgICB9DQogICAgcmV0dXJuIDE7 DQp9DQo= --------------0C9C59910C4DFBD584C39519--