X-Authentication-Warning: delorie.com: mail set sender to djgpp-bounces using -f
X-Recipient: djgpp AT delorie DOT com
X-Original-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=subject:to:references:from:openpgp:autocrypt:message-id:date
         :user-agent:mime-version:in-reply-to:content-language
         :content-transfer-encoding;
        bh=1wnaqNqK07Sn2L/ER0ed227/2Nu1lLILEDeqFI0eP/M=;
        b=igvFP34kIBvbGqTERzA3ncsLmImTkeBSKhLxKiPruiU/xRMiAs8DIFP34jaJvH2jqd
         lXCzEWYEfghYQNbBBITV9AiFHjroOgpjgFtniAnq/BrI/6hS37E8MqH896Kh0XXmous2
         M2aP9Stk6fBpRvyhfocubWcXwCIUQ/in40coIXZpfAmeWVKQ3kJ7MpZGK1PNV+67K1Wm
         m2I5Udr90LevujbnDxPmJduxcoY5KwreUaTg3Wlq+W0K7u6+u0UwyJVhfikgf+GzkDan
         8jxdTcp3aR1AJR/hWrG0iajF4dTSMhs7u7Jow4fnV4glv/8FssUkpZTH8PhQoY1gG3qt
         Tt6g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:subject:to:references:from:openpgp:autocrypt
         :message-id:date:user-agent:mime-version:in-reply-to
         :content-language:content-transfer-encoding;
        bh=1wnaqNqK07Sn2L/ER0ed227/2Nu1lLILEDeqFI0eP/M=;
        b=kwm8cIrM1vVQBg+isvj69BZ9yZs0OXyNaQCcMUYVDbz/XIizSRiynLR4s3GoTzLjQC
         HuhzhGGXRURO5KgSHK58CA3Mnx3KnkhYnl2VL505UiP/ly24a6xNE7b69tfyhF/ffzni
         Yr0fCkNSbpWD3FA9kbrUHOuLDzUkf/dlyUxz/iRtltBB6oz0R/8QpCrKcLsMU6a4qYp9
         ML/bgd9Jg7L4W8Er82tvLKwx8e4RPjK+y1ridWpqQ3Cyf/ruyo9rwfwq3VHCiC7fhf1Y
         2kXXyHEuDFNV1tA99Qc91dPw2EVjYqWgv65jwiccuDBvlrCpRx56V5JpJ9HZuE+OnJFD
         BmKg==
X-Gm-Message-State: APjAAAXK4eAcxtKygYTJwUUEcA9N9lTDtoZzTDrBBRoadM8CgM2Y8f1z
	puVH7tXcnpNd4UBX7aD1ub/afaoX
X-Google-Smtp-Source: APXvYqxs4gh+tXSLpYw0lA/m2LGQFhWIYHC8bh4I7E4nU3hD04a4uubCiWW7FV3f5Nw4+yAurj/3Xw==
X-Received: by 2002:a50:a56d:: with SMTP id z42mr7674371edb.241.1561678358019;
        Thu, 27 Jun 2019 16:32:38 -0700 (PDT)
Subject: Re: malloc() returns pointer to already allocated memory
To: djgpp AT delorie DOT com
References: <158e5d20-0a90-4beb-de48-da328379d8fb AT gmail DOT com>
 <qe76u1$1kj8$1 AT gioia DOT aioe DOT org>
 <f0b68226-f6f4-244a-6dd5-a8ecbabb584b AT gmail DOT com>
 <qe79eb$1urs$1 AT gioia DOT aioe DOT org> <qe7ar9$52r$1 AT gioia DOT aioe DOT org>
 <qe7avt$52r$2 AT gioia DOT aioe DOT org> <qe7bve$9ti$1 AT gioia DOT aioe DOT org>
 <qe7f8g$oak$1 AT gioia DOT aioe DOT org>
 <b035cc97-1261-e26e-2d3c-b3672928c9af AT gmail DOT com>
 <qec3qv$1hdk$1 AT gioia DOT aioe DOT org>
 <64786234-be30-3862-b2ee-133d2c49fb1a AT gmail DOT com>
 <qefq2m$1o7d$1 AT gioia DOT aioe DOT org>
 <19ff3320-4068-663e-ca70-d3e4dc459ba7 AT gmail DOT com>
 <qehvr7$1fra$1 AT gioia DOT aioe DOT org>
From: "J.W. Jagersma (jwjagersma AT gmail DOT com) [via djgpp AT delorie DOT com]" <djgpp AT delorie DOT com>
Openpgp: id=D1694EA4DA1338AF4905293BA5102F469FA45960
Autocrypt: addr=jwjagersma AT gmail DOT com; prefer-encrypt=mutual; keydata=
 mJMEWlMYlBMJKyQDAwIIAQENBAMEORD9eiW30pI0XzJbuE7/4WF3ZyEOkpRgrmZnpTRmzXMW
 z22N+2YrczEM+q+NzM/wn8XOVH4hZ7eSaUsLT86YLS+gF/F44IbRZVCHxdrL+qSQQ0SafwDM
 Aaddx2azX+6MtlFO2B6oDbCHT7Nn5oQi3IgR+pgBzaCkfxyOnU1wjvO0JEouVy4gSmFnZXJz
 bWEgPGp3amFnZXJzbWFAZ21haWwuY29tPojQBBMTCgA4FiEE0WlOpNoTOK9JBSk7pRAvRp+k
 WWAFAlpTGJQCGwMFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQpRAvRp+kWWA3xAH/WIBG
 sLngyIrTsn5uKz4JygtlCfjMRRSwl3/UIaW96VvIM/wUyzHl+vlyLmuclOjAiTVia/Js03Ar
 zB9iCHZQ0QH/W8cRwHjRNZRukU2IR8eqoGsl6hTUrrAAOKOVO04wrjO4jGDHg3Sw2GxBx7Md
 mD0QRId/gFwR/1UWS0jBdSUWC7iXBFpTGJQSCSskAwMCCAEBDQQDBFipNF/RUEAer/hhT6yJ
 5no1ZLAZgpypvWZ3xJSrBKmcDTaOmNKNRrw1dNtSZ6M6wYcBmtCq7uvR5iiGyK3nD+olwe7a
 4WDkhEEvbmdAYl2LnBsYeyruoW+N+KiMalvf9SphDmBi2NwdSZ1IhnBpxlUns8jqlgZGvG1G
 xE1sleq7AwEKCYi4BBgTCgAgFiEE0WlOpNoTOK9JBSk7pRAvRp+kWWAFAlpTGJQCGwwACgkQ
 pRAvRp+kWWBnyAH+JLrW/cK2aVDvq2nxn471opBgHyExzMi0hvbuy8BjyEt+AfL0RNCFcdds
 CQakIGDv5k69TAgOftECgASwv6CG5wH8D3jnksh6YvYMf0hCBlSfwJ5ehIeqQTj0m2410RgC
 KWywqmfU1X5YVXgmuXatRNgV/ggXS2Q7GnSP/StQzlh3sQ==
Message-ID: <849808b9-2fa5-8361-09e3-bf75b9447500@gmail.com>
Date: Fri, 28 Jun 2019 01:30:59 +0200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101
 Thunderbird/60.7.2
MIME-Version: 1.0
In-Reply-To: <qehvr7$1fra$1@gioia.aioe.org>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Reply-To: djgpp AT delorie DOT com
Errors-To: nobody AT delorie DOT com
X-Mailing-List: djgpp AT delorie DOT com
X-Unsubscribes-To: listserv AT delorie DOT com
Precedence: bulk

On 2019-06-21 09:12, Rod Pemberton wrote:
> From personal and professional experience, bugs can hide in code for a
> long, long time.  Attack the "black box" from many angles. Try and try
> again, until you succeed.

And just now, I *finally* did succeed. A classic use-after-free bug. 
It's so obvious once you see it.

I have a std::vector filled with structs. These store a reference to a 
parent object, which may be (and in this case is) itself.
So when a std::vector resizes, it reallocates and moves its contents, 
but the references inside aren't being updated. This is why it looked 
like malloc was returning the same pointer twice, I was still accessing 
the already freed pointer.

I haven't worked out how to solve this yet, but I'll figure something out.

Thanks for the help!

 > So, maybe you could try a v2.03 install?  You'll have to select the

 > older version files from a DJGPP mirror.  This may provide an additional

 > reference point to go on or a way to compare outcomes.  E.g., if your

 > application works correctly on v2.03, but not on v2.05, then v2.05 has

 > a problem ...  Since I never really used v2.04 and it seemed to always

 > be in beta, I may install v2.05 but not any time soon.

I did try this, but I was unable to build gcc 9.1 with djgpp 2.03 
headers. At first it seems only stdint.h is missing, but after copying 
that over from 2.05, more errors pop up. When I only link with libc from 
2.03 I get undefined references to 'vsnprintf' and 'writev', so 
recompiling gcc would be necessary for this to work. Anyway, it's 
probably not worth digging in to.

I also tried gcc options -fsanitize=undefined and -fstack-protector-all 
but those failed to detect anything. Too bad the address sanitizer is 
not available for djgpp, I think that could've really helped me out.