Front page | perl.perl5.porters |
Postings from June 2003
Re: your malloc patches
Thread Previous
|
Thread Next
From:
Ilya Zakharevich
Date:
June 20, 2003 05:51
Subject:
Re: your malloc patches
Message ID:
20030620125112.GA1092@math.berkeley.edu
On Fri, Jun 20, 2003 at 01:37:13PM +0300, Jarkko Hietaniemi wrote:
> Looking at the expansion of the FILLCHECK_DEADBEEF(), the number
> of bytes passed down to cmp_pat_4bytes() is:
>
> ((1 << (((ovp)->ovu.ovu_index) >> 0)) - (sizeof(union overhead) + sizeof (unsigned int)) + (((ovp)->ovu.ovu_index >= 15 * 1) ? 4096 : 0)) - (nbytes - sizeof (unsigned int) + sizeof(unsigned int))
>
> Which evaluates to -12. This is what the ovp looks like:
>
> (dbx) p *ovp
> union {
> ov_next = 0x55555555000dff04
> strut = 1.1945302445456924e+103
> ovu = struct {
> ovu_index = '^D'
> ovu_magic = '\377'
> ovu_size = 13
> ovu_rmagic = 1431655765
> }
> }
Looks like somebody tried to put 13 bytes into a 16=2**4-bytes bucket
(^D means 4); taking into account that the bucket contains at least 12
bytes of overhead, it should not contain more than 4 bytes.
So the FILLCHECK_DEADBEEF()'s complaint is legitimate. But of course,
we should have detected this situation earlier than this...
Hope this helps,
Ilya
Thread Previous
|
Thread Next