X-Authentication-Warning: delorie.com: mail set sender to djgpp-bounces using -f From: Rod Pemberton Newsgroups: comp.os.msdos.djgpp Subject: Re: malloc() returns pointer to already allocated memory Date: Mon, 17 Jun 2019 01:05:38 -0400 Organization: Aioe.org NNTP Server Lines: 58 Message-ID: References: <158e5d20-0a90-4beb-de48-da328379d8fb AT gmail DOT com> NNTP-Posting-Host: +15yR2JuBIwiofOqK4kSZw.user.gioia.aioe.org Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Complaints-To: abuse AT aioe DOT org X-Notice: Filtered by postfilter v. 0.9.2 Bytes: 3577 To: djgpp AT delorie DOT com DJ-Gateway: from newsgroup comp.os.msdos.djgpp Reply-To: djgpp AT delorie DOT com On Mon, 17 Jun 2019 02:27:18 +0200 "J.W. Jagersma (jwjagersma AT gmail DOT com) [via djgpp AT delorie DOT com]" wrote: > I ran into this issue with malloc(). It seems that, given enough > allocations, malloc() will eventually return a pointer into already > allocated memory. > > The attached program is able to reproduce this rather consistently, > but only under cwsdpmi. It also only happens if the memory has > previously been written to (suggesting a paging issue?). However the > code that first led me to investigate this also exhibits the same > problem under hdpmi. As such, I'm still not entirely convinced that > this initial issue wasn't caused by my own code. I also find it hard > to believe that no one else noticed this rather obvious problem > before me. Still, the attached program demonstrates this clobbering > issue, and I think this would warrant further investigation. > > Any insight is much appreciated. > First problem is trivial. The code doesn't compile with older DJGPP v1.3. The declaration of 'i' within the for() loop errors, but other C99 declarations only warn. Second problem is you don't call memset() prior to using memory, nor free() after you're done using it. Of course, calling memset() would prevent your method of "clobber" detection from working. But, not calling memset() means you don't know if the magic clobber value is: a) from you setting it within your program, or b) from some random garbage values in memory. Third problem is you apparently didn't test the program without the "p[i] = magic;" line. If you had, you would've noticed that your program clobbers even without setting memory to magic values. In other words, memory is filled with random values, since it wasn't cleared by memset(). Also, some of those random values happen to match your program's random magic value used to detect clobbered memory. Fourth problem is that you can't actually confirm if memory is being clobbered from within a C program for two reasons: inability to distinguish a magic value from an identical random value in memory which hasn't been cleared, and the inability in C to allocate, clear, and free memory, prior to the re-use of the exact same memory for a clobber test. To test this issue properly requires a modified version of the memory allocator, i.e., CWSDPMI in this case. Finally, you didn't report which version of DJGPP, or CWSDPMI, and whether or not your code is operating in a Windows 98/SE/ME/XP etc console. When operating in a Windows console, CWSDPMI is not being used. The Windows DPMI host is being used. Rod Pemberton -- Once upon a time, many decades ago in a place far away, humble people sought their freedom, and lost. "Ideas are bulletproof."