View Issue Details

IDProjectCategoryView StatusLast Update
0000611LDMud 3.3Runtimepublic2009-03-12 17:08
Reporterzesstra Assigned Tozesstra  
PrioritynormalSeveritycrashReproducibilityalways
Status resolvedResolutionfixed 
Platformx86_64OSMacOS XOS Version10.5.x
Product Version3.3.718 
Target Version3.3.719Fixed in Version3.3.719 
Summary0000611: Crash in remove_from_free_list() during restore_object()
DescriptionWhen compiled for x86_64 (-m64 -mtune=core2), the driver crashes upon loading a specific savefile on my system. On a i386 platform or with a different savefile there is no problem.
It seems to be some kind of memory problem/corruption.

2009.03.10 20:44:37 Seeding PRNG from /dev/urandom.
2009.03.10 20:44:37 LDMud 3.3.718 (Build $Revision$) (stable)
2009.03.10 20:44:37 Hostname 'phoenix' address '192.168.178.28'
2009.03.10 20:44:37 UDP port 4246 already bound!
2009.03.10 20:44:37 No simul_efun
2009.03.10 20:45:00 remove_from_free_list: block 0x101be2100, magic match failed: expected 3752850158, found 0
2009.03.10 20:45:00 Current object was secure/errord
2009.03.10 20:46:51 LDMud aborting on fatal error.

I have prepared a stripped mudlib and the savefile as test case, but I would not like to publish the savefile at this point as there may be some private data in it.
The problem occurs also in older versions (tested 100 revisions back) of the driver but not with standard configure settings, therefore I will attach my machine.h and config.h as well for the record.
Steps To Reproduceexport CFLAGS="-m64 -mtune=core2 -ggdb3 -O0"
export LDFLAGS="-m64 -mtune=core2 -ggdb3 -O0"
export EXTRA_CFLAGS=$CFLAGS

(use attached machine.h and config.h)
make
./ldmud -m /path/to/test/case 4713
Additional Information(gdb) bt full
#0 fatal (fmt=0x10011a950 "remove_from_free_list: block %p, magic match failed: expected %lu, found %lu\n") at simulate.c:651
    va = {{
    gp_offset = 48,
    fp_offset = 48,
    overflow_arg_area = 0x7fff5fbfb4a8,
    reg_save_area = 0x7fff5fbfb3d0
  }}
    ts = 0x1001406a0 "2009.03.10 20:46:51"
0000001 0x00000001000f9770 in remove_from_free_list (ptr=0x101be2100) at slaballoc.c:2309
    p = (struct free_block *) 0x101ba2000
    q = (struct free_block *) 0x7fff5fbfb560
    r = (struct free_block *) 0x40100
    s = (struct free_block *) 0x101ba1ff8
    t = (struct free_block *) 0x101be20c8
0000002 0x00000001000faa39 in add_large_free (ptr=0x101ba2000, block_size=32800) at slaballoc.c:3037
No locals.
0000003 0x00000001000fae4a in large_malloc (size=1749, force_more=false) at slaballoc.c:3293
    chunk_size = 262400
    block_size = 32800
    extra = 64
    real_size = 4323311736
    ptr = (word_t *) 0x101ba2000
    orig_size = 13968
    mess = "HARD_MALLOC_LIMIT reached.\n"
0000004 0x00000001000f89b2 in mem_alloc (size=96) at slaballoc.c:1719
    numObjects = 145
    slabSize = 13968
    slab = (mslab_t *) 0x7fff5fbfb7a0
    block = (word_t *) 0x0
    ix = 3
0000005 0x00000001000fc795 in xalloc_traced (size=80, malloc_trace_file=0x100111b30 "mapping.c", malloc_trace_line=335) at xalloc.c:565
    p = (word_t *) 0x101b5d8a0
0000006 0x0000000100086d09 in new_map_chain (m=0x101b48f60) at mapping.c:335
    rc = (map_chain_t *) 0xb
0000007 0x00000001000868c1 in _get_map_lvalue (m=0x101b48f60, map_index=0x7fff5fbfb7a0, need_lvalue=true, check_size=false) at mapping.c:1007
    mc = (map_chain_t *) 0x0
    hm = (mapping_hash_t *) 0x101b0dbb8
    entry = (svalue_t *) 0x0
    idx = -1
    local_const0 = {
  type = 0,
  x = {
    exponent = 0,
    closure_type = 0,
    quotes = 0,
    num_arg = 0,
    extern_args = 0,
    generic = 0
  },
  u = {
    str = 0x0,
    charp = 0x0,
    number = 0,
    ob = 0x0,
    vec = 0x0,
    strct = 0x0,
    map = 0x0,
    lambda = 0x0,
    mantissa = 0,
    cb = 0x0,
    generic = 0x0,
    lvalue = 0x0,
    protected_lvalue = 0x0,
    protected_char_lvalue = 0x0,
    protected_range_lvalue = 0x0,
    error_handler = 0
  }
}
0000008 0x00000001000a27e5 in restore_mapping (svp=0x101b41e40, str=0x7fff5fbfbc68) at object.c:7416
    z = (mapping_t *) 0x101b48f60
    key = {
  type = 3,
  x = {
    exponent = 32352,
    closure_type = 32352,
    quotes = 32352,
    num_arg = 32352,
    extern_args = 32352,
    generic = 32352
  },
  u = {
    str = 0x101023f30,
    charp = 0x101023f30 "?",
    number = 4311891760,
    ob = 0x101023f30,
    vec = 0x101023f30,
    strct = 0x101023f30,
    map = 0x101023f30,
    lambda = 0x101023f30,
    mantissa = 4311891760,
    cb = 0x101023f30,
    generic = 0x101023f30,
    lvalue = 0x101023f30,
    protected_lvalue = 0x101023f30,
    protected_char_lvalue = 0x101023f30,
    protected_range_lvalue = 0x101023f30,
    error_handler = 0x101023f30
  }
}
    data = (svalue_t *) 0x101b41970
    i = 1
    tmp_par = {
  str = 0x101b5d957 ",]),\"GUILD.magie_sp\":([\"2ab8fcc56cf505567837f5a565c51760\":([\"F_UID\":\"GUILD.magie_sp\",\"F_CLI\":\"konzentriere\",\"F_MSG\":\"Numeric overflow: 1235742139 + 1235742515\\n\",\"F_OBJ\":\"spellbooks/magie_sp\",\"F_TYPE\""...,
  num_values = 1
}
    siz = 4
0000009 0x00000001000a15b4 in restore_svalue (svp=0x101b41e40, pt=0x7fff5fbfbc68, delimiter=44 ',') at object.c:8330
    cp = 0x101b5d507 "([F_UID"
0000010 0x00000001000a2868 in restore_mapping (svp=0x101b41ea0, str=0x7fff5fbfbc68) at object.c:7430
    z = (mapping_t *) 0x101b49040
    key = {
  type = 0,
  x = {
    exponent = -26192,
    closure_type = -26192,
    quotes = -26192,
    num_arg = -26192,
    extern_args = -26192,
    generic = -26192
  },
  u = {
    str = 0x10101ccd8,
    charp = 0x10101ccd8 "\003",
    number = 4311862488,
    ob = 0x10101ccd8,
    vec = 0x10101ccd8,
    strct = 0x10101ccd8,
    map = 0x10101ccd8,
    lambda = 0x10101ccd8,
    mantissa = 4311862488,
    cb = 0x10101ccd8,
    generic = 0x10101ccd8,
    lvalue = 0x10101ccd8,
    protected_lvalue = 0x10101ccd8,
    protected_char_lvalue = 0x10101ccd8,
    protected_range_lvalue = 0x10101ccd8,
    error_handler = 0x10101ccd8
  }
}
    data = (svalue_t *) 0x101b41e50
    i = 0
    tmp_par = {
  str = 0x101b5d95a ",\"GUILD.magie_sp\":([\"2ab8fcc56cf505567837f5a565c51760\":([\"F_UID\":\"GUILD.magie_sp\",\"F_CLI\":\"konzentriere\",\"F_MSG\":\"Numeric overflow: 1235742139 + 1235742515\\n\",\"F_OBJ\":\"spellbooks/magie_sp\",\"F_TYPE\":1,"...,
  num_values = 1
}
    siz = 0
0000011 0x00000001000a15b4 in restore_svalue (svp=0x101b41ea0, pt=0x7fff5fbfbc68, delimiter=44 ',') at object.c:8330
    cp = 0x101b5d4e2 "([8d0dafe4d88b33055fe33bf6444d2cb5"
0000012 0x00000001000a2868 in restore_mapping (svp=0x101028000, str=0x7fff5fbfbc68) at object.c:7430
    z = (mapping_t *) 0x101018aa0
    key = {
  type = 0,
  x = {
    exponent = 21232,
    closure_type = 21232,
    quotes = 21232,
    num_arg = 21232,
    extern_args = 21232,
    generic = 21232
  },
  u = {
    str = 0x101ae2978,
    charp = 0x101ae2978 "\005",
    number = 4323158392,
    ob = 0x101ae2978,
    vec = 0x101ae2978,
    strct = 0x101ae2978,
    map = 0x101ae2978,
    lambda = 0x101ae2978,
    mantissa = 4323158392,
    cb = 0x101ae2978,
    generic = 0x101ae2978,
    lvalue = 0x101ae2978,
    protected_lvalue = 0x101ae2978,
    protected_char_lvalue = 0x101ae2978,
    protected_range_lvalue = 0x101ae2978,
    error_handler = 0x101ae2978
  }
}
    data = (svalue_t *) 0x101b41eb0
    i = 0
    tmp_par = {
  str = 0x101b6064a ",2:([\"wurzel\":([\"c0241c77a1f505027d6d323292ad0e4f\":([\"F_UID\":\"wurzel\",\"F_MSG\":\"Call from destructed object 'players/wurzel/obj/aids#4828017' ignored.\\n\",\"F_OBJ\":\"/players/wurzel/obj/aids#4828017\",\"F_T"...,
  num_values = 1
}
    siz = 6
0000013 0x00000001000a15b4 in restore_svalue (svp=0x101028000, pt=0x7fff5fbfbc68, delimiter=44 ',') at object.c:8330
    cp = 0x101b5104b "([rimus"
#14 0x00000001000a2868 in restore_mapping (svp=0x1010240d0, str=0x7fff5fbfbc68) at object.c:7430
    z = (mapping_t *) 0x101018b10
    key = {
  type = 0,
  x = {
    exponent = 2,
    closure_type = 2,
    quotes = 2,
    num_arg = 2,
    extern_args = 2,
    generic = 2
  },
  u = {
    str = 0x1,
    charp = 0x1 <Address 0x1 out of bounds>,
    number = 1,
    ob = 0x1,
    vec = 0x1,
    strct = 0x1,
    map = 0x1,
    lambda = 0x1,
    mantissa = 1,
    cb = 0x1,
    generic = 0x1,
    lvalue = 0x1,
    protected_lvalue = 0x1,
    protected_char_lvalue = 0x1,
    protected_range_lvalue = 0x1,
    error_handler = 0x1
  }
}
    data = (svalue_t *) 0x101028010
    i = 0
    tmp_par = {
  str = 0x101ba1eb3 "\n",
  num_values = 1
}
    siz = 3
#15 0x00000001000a15b4 in restore_svalue (svp=0x1010240d0, pt=0x7fff5fbfbc68, delimiter=10 '\n') at object.c:8330
    cp = 0x101b51047 "([1:([rimus"
#16 0x00000001000a3b38 in f_restore_object (sp=0x100171000) at object.c:9004
    v = (svalue_t *) 0x1010240d0
    pt = 0x101b5d8ac "\"8d0dafe4d88b33055fe33bf6444d2cb5\",\"F_MODSTAMP\":1234487099,\"F_LOADNAME\":\"/d/wald/seleven/nelfen/npc/bewohner/fuerst\",\"F_READSTAMP\":1236199850,\"F_CREATESTAMP\":1234487099,]),]),\"GUILD.magie_sp\":([\"2ab8f"...
    restored_version = 1
    name = 0x101031ad8 "secure/ARCH/errord.o"
    file = 0x101018c7a "/secure/ARCH/errord"
    lineno = 2
    var = (string_t *) 0x101028108
    buff = 0x101b51040 "errors"
    cur = 0x101b51040 "errors"
    space = 0x101b51046 ""
    ob = (object_t *) 0x101b0ee88
    len = 18
    f = (FILE *) 0x7fff700754d8
    st = {
  st_dev = 234881029,
  st_ino = 13515213,
  st_mode = 33184,
  st_nlink = 1,
  st_uid = 1000,
  st_gid = 1000,
  st_rdev = 0,
  st_atimespec = {
    tv_sec = 1236713868,
    tv_nsec = 0
  },
  st_mtimespec = {
    tv_sec = 1236681948,
    tv_nsec = 0
  },
  st_ctimespec = {
    tv_sec = 1236708856,
    tv_nsec = 0
  },
  st_size = 331399,
  st_blocks = 648,
  st_blksize = 4096,
  st_flags = 0,
  st_gen = 0,
  st_lspare = 0,
  st_qspare = {0, 0}
}
    arg = (svalue_t *) 0x100170ff0
    var_rest = 3
    num_var = 3
    rover = (variable_t *) 0x101b0eda0
    rcp = (restore_cleanup_t *) 0x101018bf0
    ctx = (struct restore_context_s *) 0x101027f88
    nesting = 1
#17 0x0000000100055d9d in eval_instruction (first_instruction=0x101b0ed2a "?\003\034\003Q\\\n", initial_sp=0x100170fe0) at interpret.c:8103
    code = 68
    pc = (bytecode_p) 0x101b0ed34 "k\037\020?"
    fp = (svalue_t *) 0x100170ff0
    sp = (svalue_t *) 0x100170ff0
    num_arg = -1
    instruction = 296
    full_instr = 296
    expected_stack = (svalue_t *) 0x0
    ap = (svalue_t *) 0x100170ff0
    use_ap = false
    off_tab = {0, 8, 24, 56, 120, 248, 504, 1016, 2040, 4088, 8184, 16376, 32760, 65528, 131064, 262136, 524280, 1048568, 2097144, 4194296}
#18 0x000000010006e28f in apply_low (fun=0x101027088, ob=0x101b0ee88, num_arg=1, b_ign_prot=true, allowRefs=false) at interpret.c:16954
    flags = 24
    funstart = (fun_hdr_p) 0x101b0ed28 ""
    fx = 0
    progp = (program_t *) 0x101b0ec60
    save_csp = (struct control_stack *) 0x1001905c0
    ix = 29065
#19 0x000000010006e449 in int_apply (fun=0x101027088, ob=0x101b0ee88, num_arg=1, b_ign_prot=true, b_use_default=true) at interpret.c:17032
No locals.
#20 0x000000010006e901 in sapply_int (fun=0x101027088, ob=0x101b0ee88, num_arg=1, b_find_static=true, b_use_default=true) at interpret.c:17193
    expected_sp = (svalue_t *) 0x100170fe0
#21 0x000000010009606a in reset_object (ob=0x101b0ee88, arg=5) at object.c:899
No locals.
#22 0x00000001000dcef9 in load_object (lname=0x10042a980 "secure/errord", create_super=false, depth=0, isMasterObj=false, chain=0x0) at simulate.c:2152
    svp = (svalue_t *) 0x101024100
    j = -1
    save_current = (object_t *) 0x101ae4878
    fd = 5
    ob = (object_t *) 0x101b0ee88
    save_command_giver = (object_t *) 0x0
    i = 12
    c_st = {
  st_dev = 234881029,
  st_ino = 13515208,
  st_mode = 33188,
  st_nlink = 1,
  st_uid = 1000,
  st_gid = 1000,
  st_rdev = 0,
  st_atimespec = {
    tv_sec = 1236713853,
    tv_nsec = 0
  },
  st_mtimespec = {
    tv_sec = 1236710176,
    tv_nsec = 0
  },
  st_ctimespec = {
    tv_sec = 1236710176,
    tv_nsec = 0
  },
  st_size = 831,
  st_blocks = 8,
  st_blksize = 4096,
  st_flags = 0,
  st_gen = 0,
  st_lspare = 0,
  st_qspare = {0, 0}
}
    name_length = 13
    name = 0x10100dee8 "/secure/errord"
    fname = 0x10100def8 "secure/errord.c"
    prog = (program_t *) 0x101b0ec60
    nlink = {
  prev = 0x0,
  name = 0x10100dee9 "secure/errord"
}
#23 0x00000001000dd7fc in lookfor_object (str=0x101ae0c38, bLoad=true) at simulate.c:2420
    ob = (object_t *) 0x0
    pName = 0x10042a980 "secure/errord"
    isMasterObj = false
#24 0x00000001000e1a0e in f_load_object (sp=0x100170fd0) at simulate.c:4493
    ob = (object_t *) 0x200000000
#25 0x0000000100055d9d in eval_instruction (first_instruction=0x101b0c5c6 "\036", initial_sp=0x100170fc0) at interpret.c:8103
    code = 36
    pc = (bytecode_p) 0x101b0c5ca "?b\\\031"
    fp = (svalue_t *) 0x100170fb0
    sp = (svalue_t *) 0x100170fd0
    num_arg = -1
    instruction = 264
    full_instr = 264
    expected_stack = (svalue_t *) 0x0
    ap = (svalue_t *) 0x100170fb0
    use_ap = false
    off_tab = {0, 8, 24, 56, 120, 248, 504, 1016, 2040, 4088, 8184, 16376, 32760, 65528, 131064, 262136, 524280, 1048568, 2097144, 4194296}
#26 0x00000001000d9484 in catch_instruction (flags=0, offset=5, i_sp=0x10046f350, i_pc=0x101b0c5c6 "\036", i_fp=0x100170fb0, reserve_cost=4000, i_context=0x0) at simulate.c:449
    rc = false
    old_out_of_memory = false
    new_pc = (bytecode_p) 0x101b0c5cb "b\\\031"
#27 0x00000001000582f1 in eval_instruction (first_instruction=0x101b0c5c2 "a\037", initial_sp=0x100170fb0) at interpret.c:9511
    offset = 5
    flags = 0
    reserve_cost = 4000
    pc = (bytecode_p) 0x101b0c5c6 "\036"
    fp = (svalue_t *) 0x100170fb0
    sp = (svalue_t *) 0x100170fc0
    num_arg = -1
    instruction = 31
    full_instr = 31
    expected_stack = (svalue_t *) 0x0
    ap = (svalue_t *) 0x100170fd0
    use_ap = false
    off_tab = {0, 8, 24, 56, 120, 248, 504, 1016, 2040, 4088, 8184, 16376, 32760, 65528, 131064, 262136, 524280, 1048568, 2097144, 4194296}
#28 0x000000010006e28f in apply_low (fun=0x101004898, ob=0x101ae4878, num_arg=1, b_ign_prot=true, allowRefs=false) at interpret.c:16954
    flags = 16777392
    funstart = (fun_hdr_p) 0x101b0c5c0 "\001"
    fx = 8
    progp = (program_t *) 0x101b0c460
    save_csp = (struct control_stack *) 0x1001904c0
    ix = 18842
#29 0x000000010006e449 in int_apply (fun=0x101004898, ob=0x101ae4878, num_arg=1, b_ign_prot=true, b_use_default=false) at interpret.c:17032
No locals.
#30 0x000000010006e901 in sapply_int (fun=0x101004898, ob=0x101ae4878, num_arg=1, b_find_static=true, b_use_default=false) at interpret.c:17193
    expected_sp = (svalue_t *) 0x100170fa0
#31 0x000000010006f326 in apply_master_ob (fun=0x101004898, num_arg=1, external=false) at interpret.c:17503
    reserve_used = false
    error_recovery_info = {
  rt = {
    last = 0x100140700,
    type = 2
  },
  flags = 1606413488,
  con = {
    text = {1511344, 1, 1606413664, 32767, 1606413424, 32767, 0, 0, 0, 0, 0, 0, 0, 0, 455262, 1, 530, 0, 8112, 1606353791, 0, 32767, 1, 1572864, 1, 0, 0, 28199032, 1, 1606413712, 32767, 28199032, 1, 16904192, 1, 1606413632, 32767}
  }
}
    save_sp = (svalue_t *) 0x100170fb0
    save_csp = (struct control_stack *) 0x100190440
    result = (svalue_t *) 0x10000e6fb
    eval_cost_reserve = 1024
#32 0x000000010000e65e in preload_objects (eflag=0) at backend.c:1293
    prefiles = (vector_t *) 0x1010249c0
    ret = (svalue_t *) 0x100136e00
    ix = 0
    ix0 = 0
    num_prefiles = 1
#33 0x0000000100082333 in main (argc=4, argv=0x7fff5fbff250) at main.c:630
    i = 5
    p = 0x7fff5fbff1f4 "\005"
    set = 8192
    rc = 0


Trace dump:
secure/master secure/master.c line 144
0x101b0c87a: 10 0 cstring0 (0: -1) line 144
0x101b0c87c: 24 return (1: 0)
0x101b0c52a: 10 0 cstring0 (0: 0) line 8
0x101b0c52c: 309 81 seteuid (1: 1)
0x101b0c52e: 92 pop_value (1: 1)
0x101b0c52f: 18 19 clit (0: 0) line 9
0x101b0c531: 10 1 cstring0 (1: 1)
0x101b0c533: 366 36 set_driver_hook (2: 2) line 16
0x101b0c535: 18 12 clit (0: 0) line 17
0x101b0c537: 10 2 cstring0 (1: 1)
0x101b0c539: 10 3 cstring0 (2: 2)
0x101b0c53b: 10 4 cstring0 (3: 3)
0x101b0c53d: 166 3 aggregate (4: 4)
0x101b0c540: 366 36 set_driver_hook (2: 2)
0x101b0c542: 18 6 clit (0: 0) line 18
0x101b0c544: 10 5 cstring0 (1: 1)
0x101b0c546: 366 36 set_driver_hook (2: 2)
0x101b0c548: 18 5 clit (0: 0) line 19
0x101b0c54a: 10 5 cstring0 (1: 1)
0x101b0c54c: 366 36 set_driver_hook (2: 2)
0x101b0c54e: 18 4 clit (0: 0) line 20
0x101b0c550: 10 6 cstring0 (1: 1)
0x101b0c552: 366 36 set_driver_hook (2: 2)
0x101b0c554: 18 2 clit (0: 0) line 21
0x101b0c556: 184 no_warn_deprecated (1: 1)
0x101b0c557: 22 2 closure (1: 1)
0x101b0c55c: 366 36 set_driver_hook (2: 2)
0x101b0c55e: 97 save_arg_frame (0: 0) line 23
0x101b0c55f: 10 7 cstring0 (1: 1)
0x101b0c561: 292 64 quote (2: 2)
0x101b0c563: 15 const0 (2: 2)
0x101b0c564: 374 44 symbol_function (3: 3)
0x101b0c566: 10 8 cstring0 (2: 2)
0x101b0c568: 411 21 funcall (3: 3)
0x101b0c56a: 98 restore_arg_frame (2: 2)
0x101b0c56b: 106 branch_when_zero (1: 1)
0x101b0c57e: 25 return0 (0: 0) line 24
secure/master program deallocated line 0
0x7fff5fbfecf0: 392 0 allocate (1: 0) line 0
0x7fff5fbfecf2: 24 return (1: 0)
secure/master secure/master.c line 29
0x101b0c59a: 10 0 cstring0 (0: 0) line 29
0x101b0c59c: 309 81 seteuid (1: 1)
0x101b0c59e: 92 pop_value (1: 1)
0x101b0c59f: 10 10 cstring0 (0: 0) line 31
0x101b0c5a1: 166 1 aggregate (1: 1)
0x101b0c5a4: 24 return (1: 1)
0x101b0c5c2: 97 save_arg_frame (0: 0) line 35
0x101b0c5c3: 31 1280 catch (1: 1)
0x101b0c5c6: 30 0 local (1: 1)
0x101b0c5c8: 264 load_object (2: 2)
0x101b0c8e2: 97 save_arg_frame (0: 5) line 150
0x101b0c8e3: 30 0 local (1: 6)
0x101b0c8e5: 171 previous_object0 (2: 7)
0x101b0c8e6: 110 call_function (3: 8)
0x101b0c7e2: 96 514 clear_locals (0: 10) line 114
0x101b0c7e5: 30 0 local (0: 10) line 117
0x101b0c7e7: 201 stringp (1: 11)
0x101b0c7e8: 60 ! (1: 11)
0x101b0c7e9: 39 4 || (1: 11)
0x101b0c7eb: 30 1 local (0: 10)
0x101b0c7ed: 196 objectp (1: 11)
0x101b0c7ee: 60 ! (1: 11)
0x101b0c7ef: 106 branch_when_zero (1: 11)
0x101b0c7f3: 97 save_arg_frame (0: 10) line 120
0x101b0c7f4: 30 0 local (1: 11)
0x101b0c7f6: 110 call_function (2: 12)
0x101b0c5ea: 96 769 clear_locals (0: 16) line 39
0x101b0c5ed: 30 0 local (0: 16) line 42
0x101b0c5ef: 196 objectp (1: 17)
0x101b0c5f0: 106 branch_when_zero (1: 17)
0x101b0c601: 30 0 local (0: 16) line 44
0x101b0c603: 201 stringp (1: 17)
0x101b0c604: 106 13 branch_when_zero (1: 17)
0x101b0c606: 97 save_arg_frame (0: 16) line 45
0x101b0c607: 30 0 local (1: 17)
0x101b0c609: 15 const0 (2: 18)
0x101b0c60a: 110 call_function (3: 19)
secure/master secure/master/file_access.c line 6
0x10103f9f2: 96 514 clear_locals (0: 22) line 6
0x10103f9f5: 30 0 local (0: 22) line 9
0x10103f9f7: 107 branch_when_non_zero (1: 23)
0x10103f9fe: 30 0 local (0: 22) line 11
0x10103fa00: 15 const0 (1: 23)
0x10103fa01: 184 no_warn_deprecated (2: 24)
0x10103fa02: 61 index (2: 24)
0x10103fa03: 28 switch (1: 23)
0x10103faaa: 30 1 local (0: 22) line 29
0x10103faac: 38 -12543 && (1: 23)
0x10103faaf: 38 && (1: 23)
0x10103fab7: 38 && (1: 23)
0x10103fac1: 106 branch_when_zero (1: 23)
0x10103fae2: 30 0 local (0: 22) line 32
0x10103fae4: 10 0 cstring0 (1: 23)
0x10103fae6: 341 11 explode (2: 24)
0x10103fae8: 10 1 cstring0 (1: 23)
0x10103faea: 10 2 cstring0 (2: 24)
0x10103faec: 166 2 aggregate (3: 25)
0x10103faef: 43 - (2: 24)
0x10103faf0: 123 2 push_local_variable_lvalue (1: 23)
0x10103faf2: 41 (void)= (2: 24) line 33
0x10103faf3: 27 break (0: 22)
0x10103fb1a: 105 branch (0: 22) line 34
0x10103fb30: 97 save_arg_frame (0: 22)
0x10103fb31: 30 2 local (1: 23)
0x10103fb33: 10 7 cstring0 (2: 24)
0x10103fb35: 427 37 member (3: 25)
0x10103fb37: 98 restore_arg_frame (2: 24)
0x10103fb38: 123 3 push_local_variable_lvalue (1: 23)
0x10103fb3a: 40 = (2: 24)
0x10103fb3b: 17 nconst1 (1: 23)
0x10103fb3c: 52 != (2: 24)
0x10103fb3d: 109 34 bbranch_when_non_zero (1: 23)
0x10103fb3f: 30 2 local (0: 22) line 36
0x10103fb41: 24 return (1: 23)
secure/master secure/master.c line 45
0x101b0c60d: 98 restore_arg_frame (2: 18) line 45
0x101b0c60e: 123 1 push_local_variable_lvalue (1: 17)
0x101b0c610: 41 (void)= (2: 18)
0x101b0c611: 105 403376643 branch (0: 16) line 46
0x101b0c616: 30 1 local (0: 16) line 48
0x101b0c618: 200 sizeof (1: 17)
0x101b0c619: 123 3 push_local_variable_lvalue (1: 17)
0x101b0c61b: 41 (void)= (2: 18)
0x101b0c61c: 30 3 local (0: 16) line 49
0x101b0c61e: 18 2 clit (1: 17)
0x101b0c620: 49 < (2: 18)
0x101b0c621: 106 403376643 branch_when_zero (1: 17)
0x101b0c626: 30 1 local (0: 16) line 51
0x101b0c628: 15 const0 (1: 17)
0x101b0c629: 184 no_warn_deprecated (2: 18)
0x101b0c62a: 61 index (2: 18)
0x101b0c62b: 28 switch (1: 17)
0x101b0c6ed: 10 0 cstring0 (0: 16) line 78
0x101b0c6ef: 24 return (1: 17) line 82
0x101b0c7f9: 98 restore_arg_frame (2: 12) line 120
0x101b0c7fa: 123 2 push_local_variable_lvalue (1: 11)
0x101b0c7fc: 40 = (2: 12)
0x101b0c7fd: 107 branch_when_non_zero (1: 11)
0x101b0c801: 30 0 local (0: 10) line 123
0x101b0c803: 15 const0 (1: 11)
0x101b0c804: 18 2 clit (2: 12)
0x101b0c806: 66 .. (3: 13)
0x101b0c807: 10 39 cstring0 (1: 11)
0x101b0c809: 51 == (2: 12)
0x101b0c80a: 39 9 || (1: 11)
0x101b0c80c: 30 0 local (0: 10)
0x101b0c80e: 15 const0 (1: 11)
0x101b0c80f: 18 3 clit (2: 12)
0x101b0c811: 66 .. (3: 13)
0x101b0c812: 10 40 cstring0 (1: 11)
0x101b0c814: 51 == (2: 12)
0x101b0c815: 106 branch_when_zero (1: 11)
0x101b0c819: 30 2 local (0: 10) line 126
0x101b0c81b: 10 0 cstring0 (1: 11)
0x101b0c81d: 51 == (2: 12)
0x101b0c81e: 38 4 && (1: 11)
0x101b0c820: 30 1 local (0: 10)
0x101b0c822: 206 this_object (1: 11)
0x101b0c823: 51 == (2: 12)
0x101b0c824: 106 3 branch_when_zero (1: 11)
0x101b0c826: 10 0 cstring0 (0: 10)
0x101b0c828: 24 return (1: 11)
0x101b0c8e9: 98 restore_arg_frame (2: 7) line 150
0x101b0c8ea: 24 return (1: 6)
secure/errord secure/errord.c line 23
0x101b0ed2a: 206 this_object (0: 3) line 23
0x101b0ed2b: 256 28 getuid (1: 4)
0x101b0ed2d: 309 81 seteuid (1: 4)
0x101b0ed2f: 92 pop_value (1: 4)
0x101b0ed30: 10 0 cstring0 (0: 3) line 24
0x101b0ed32: 296 restore_object (1: 4)
secure/master secure/master/file_access.c line 41
0x10103fb62: 30 0 local (0: 9) line 41
0x10103fb64: 24 return (1: 10)
0x101b0ed34: 107 31 16 168 0 1 18 2
       3 ' preload' in ' secure/master.c' (' secure/master') line 35
    4120 ' CATCH' in (' secure/master')
    4129 ' create' in ' secure/errord.c' (' secure/errord') line 24
TagsNo tags attached.
Attached Files
config.h (20,629 bytes)   
machine.h (13,611 bytes)   

Activities

zesstra

2009-03-12 03:56

administrator   ~0000990

Gnomi and me traced this issue in some long debug session yesterday and found the bug. The size of word_t was not taken into account in several places in esbrk() in slaballoc.c and smalloc.c. ;-) I will provide a patch this evening.

Note: This is actually not a portability issue, it can happen on any platform where sizeof(word_t) == sizeof(void *) != 1.

zesstra

2009-03-12 15:24

administrator   ~0000991

Patches for slaballoc.c and smalloc.c containing the fixes for this bug are in r2528. Great to have at least one and possibly more memory related crashes less. :-)

Issue History

Date Modified Username Field Change
2009-03-10 15:03 zesstra New Issue
2009-03-10 15:05 zesstra File Added: config.h
2009-03-10 15:06 zesstra File Added: machine.h
2009-03-12 03:56 zesstra Note Added: 0000990
2009-03-12 03:56 zesstra Assigned To => zesstra
2009-03-12 03:56 zesstra Status new => assigned
2009-03-12 03:56 zesstra Category Portability => Runtime
2009-03-12 03:56 zesstra Target Version => 3.3.719
2009-03-12 03:57 zesstra Relationship added related to 0000553
2009-03-12 15:24 zesstra Note Added: 0000991
2009-03-12 15:24 zesstra Status assigned => resolved
2009-03-12 15:24 zesstra Fixed in Version => 3.3.719
2009-03-12 15:24 zesstra Resolution open => fixed
2009-03-12 17:08 zesstra Relationship deleted related to 0000553