View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0000368 | LDMud 3.3 | Runtime | public | 2005-02-21 04:09 | 2005-05-15 15:02 |
| Reporter | Gnomi | Assigned To | |||
| Priority | normal | Severity | crash | Reproducibility | always |
| Status | closed | Resolution | fixed | ||
| Platform | i686 | OS | Debian GNU/Linux | OS Version | 3.0 |
| Product Version | 3.3 | ||||
| Fixed in Version | 3.3 | ||||
| Summary | 0000368: large_malloc crashes when coalescing free blocks | ||||
| Description | Hi, the driver crashed with the message "remove_from_free_list: block 0x8276004, magic match failed: expected dfaff2ee, found 0" and the following backtrace: #0 0x080a5606 in collect_trace (sbuf=0xbfffe690, rvec=0x0) at interpret.c:18386 0000001 0x080a69d6 in dump_trace (how=1, rvec=0x0) at interpret.c:18679 0000002 0x080fe0be in fatal (fmt=0x8146040 "remove_from_free_list: block %p, magic m atch failed: expected %lx, found %lx\n") at simulate.c:625 0000003 0x081186b5 in remove_from_free_list (ptr=0x8276004) at slaballoc.c:2116 0000004 0x0811976f in large_malloc (size=33554440, force_more=0) at slaballoc.c:3109 0000005 0x081178b5 in mem_alloc (size=134217748) at slaballoc.c:1366 0000006 0x0811a948 in xalloc_traced (size=134217748, malloc_trace_file=0x8146418 "xa lloc.c", malloc_trace_line=1500) at xalloc.c:518 0000007 0x0811b937 in reserve_memory () at xalloc.c:1500 0000008 0x080b834d in main (argc=6, argv=0xbffffa14) at main.c:395 The immediate reason for the segfault is that the standard strings weren't initialized yet. But the fatal driver error occurs, because in large_malloc the call to add_large_free coalesced the block from esbrk with a previous block, but large_malloc didn't update its pointer. So large_malloc continues to work with the pointer from esbrk, but the management information including the magic word is at the beginning of the previous block. And thus remove_from_free_list rightfully complains about the missing magic word. Greetings, Gnomi. | ||||
| Tags | No tags attached. | ||||
|
2005-02-21 04:20
|
slaballoc.diff (1,029 bytes)
diff -aur 3-3.old/src/slaballoc.c 3-3/src/slaballoc.c
--- 3-3.old/src/slaballoc.c 2005-02-21 10:16:34.000000000 +0100
+++ 3-3/src/slaballoc.c 2005-02-21 10:17:45.000000000 +0100
@@ -2823,7 +2823,7 @@
} /* mark_block() */
/*-------------------------------------------------------------------------*/
-static void
+static word_t *
add_large_free (word_t *ptr, word_t block_size)
/* The large memory block <ptr> with size <block_size> is free:
@@ -2850,6 +2850,8 @@
/* Mark the block as free and add it to the freelist */
build_block(ptr, block_size);
add_to_free_list(ptr);
+
+ return ptr;
} /* add_large_free() */
/*-------------------------------------------------------------------------*/
@@ -3089,7 +3091,7 @@
block_size = chunk_size / SINT;
/* Add block to free memory. */
- add_large_free(ptr, block_size);
+ ptr = add_large_free(ptr, block_size);
} /* end of creating a new chunk */
/* ptr is now a pointer to a free block in the free list */
|
|
|
I have attached a simple diff for slaballoc which works for me. (Should be the same for smalloc, but I haven't tested.) |
|
|
Yep - once you know the error is there, it's kind of blindingly obvious. I didn't catch it before because on my machine this situation just didn't happen. It's now fixed in 3.3.678. Thanks! |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2005-02-21 04:09 | Gnomi | New Issue | |
| 2005-02-21 04:20 | Gnomi | File Added: slaballoc.diff | |
| 2005-02-21 04:22 | Gnomi | Note Added: 0000345 | |
| 2005-02-21 04:32 |
|
Status | new => resolved |
| 2005-02-21 04:32 |
|
Fixed in Version | => 3.3 |
| 2005-02-21 04:32 |
|
Resolution | open => fixed |
| 2005-02-21 04:32 |
|
Assigned To | => lars |
| 2005-02-21 04:32 |
|
Note Added: 0000346 | |
| 2005-05-15 15:02 |
|
Status | resolved => closed |
