malloc segfaults

malloc segfaults

[Juergen Bohn]

Tested with cygwin1.dll 1.5.3-1 and 1.3.22-1 on Win2000-SP4, malloc() does 
not (always)
return NULL if there is no more memory available.  Try, for example, simple 
loops like:

   x = malloc(10000);
   for (i=0; x != NULL; i++)
   {
       x = malloc(10000);
       if (x == NULL)    printf("x is NULL\n");
   }

My application terminates with a segmentation violation, but all attempts 
to handle this by signal() or atexit() fail.  Unfortunately, also sysconf() 
does not work to get the number of available pages (_SC_AVPHYS_PAGES, I get 
always the same but wrong value).

While testing, I detected that errno is set to 12 ("Not enough memory") 
after enough iterations through the for-loop above, while variable x still 
is not zero.  But still my application crashes even when I break the loop 
at errno!=0.

Is there any secure way to find out, how much memory is available (or hope 
that the malloc() problems will be solved)?

Many thanks,
Juergen



--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: malloc segfaults

[Bill C. Riemers]

Definitely looks like a cygwin1.dll bug to me.  I see consistently the
traceback either terminates in
strdup() called from mmap64(), or mktime() called from strdup().  There are
a number of hacks you
can do to work around the bug.  i..e.:

void *malloc_wrapper(size_t t)
{
        static const size_t reserved_size=32768;
        static void *reserved=NULL;
        void *retval=NULL;
        printf("reserved=%x,%x\n",reserved,t+reserved_size);
        if(reserved != NULL)
        {
                free(reserved);
        }
        reserved = malloc(t+reserved_size);
        unsigned int w=(unsigned int)reserved;
        if(!(0xff800000&(unsigned int)reserved))
        {
                free(reserved);
        }
        else if(reserved != NULL)
        {
                free(reserved);
                retval=malloc(t);
        }
        reserved=malloc(reserved_size);
        return retval;
}

However, none are really satifactory.

                                Bill


----- Original Message ----- 
From: "Juergen Bohn" <bohn@osc-es.de>
To: <cygwin@cygwin.com>
Sent: Tuesday, September 02, 2003 9:35 AM
Subject: malloc segfaults


> Tested with cygwin1.dll 1.5.3-1 and 1.3.22-1 on Win2000-SP4, malloc() does
> not (always)
> return NULL if there is no more memory available.  Try, for example,
simple
> loops like:
>
>    x = malloc(10000);
>    for (i=0; x != NULL; i++)
>    {
>        x = malloc(10000);
>        if (x == NULL)    printf("x is NULL\n");
>    }
>
> My application terminates with a segmentation violation, but all attempts
> to handle this by signal() or atexit() fail.  Unfortunately, also
sysconf()
> does not work to get the number of available pages (_SC_AVPHYS_PAGES, I
get
> always the same but wrong value).
>
> While testing, I detected that errno is set to 12 ("Not enough memory")
> after enough iterations through the for-loop above, while variable x still
> is not zero.  But still my application crashes even when I break the loop

> at errno!=0.
>
> Is there any secure way to find out, how much memory is available (or hope
> that the malloc() problems will be solved)?
>
> Many thanks,
> Juergen
>
>
>
> --
> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
> Problem reports:       http://cygwin.com/problems.html
> Documentation:         http://cygwin.com/docs.html
> FAQ:                   http://cygwin.com/faq/
>



--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: malloc segfaults

[Christopher Faylor]

On Tue, Sep 02, 2003 at 04:50:40PM -0400, Bill C. Riemers wrote:
>Definitely looks like a cygwin1.dll bug to me.  I see consistently the
>traceback either terminates in
>strdup() called from mmap64(), or mktime() called from strdup().

Do you see a strdup anywhere in mmap64 or a call to mktime() (?) from
strdup?

I don't.  That would indicate that your traceback is highly suspect.

cgf

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: malloc segfaults

[Juergen Bohn]

Thanks for the hints.

gdb and strace show the buggy behavior on my machine.

Starting program: /cygdrive/e/verify/malloc/malltest.exe

Program received signal SIGSEGV, Segmentation fault.
0x61042e26 in strdup () from /usr/bin/cygwin1.dll
(gdb) bt
#0  0x61042e26 in strdup () from /usr/bin/cygwin1.dll
#1  0x6104326b in mmap64 () from /usr/bin/cygwin1.dll
#2  0x61043849 in mmap () from /usr/bin/cygwin1.dll
#3  0x610401bc in mktime () from /usr/bin/cygwin1.dll
#4  0x61040413 in mktime () from /usr/bin/cygwin1.dll
#5  0x610413e6 in malloc () from /usr/bin/cygwin1.dll
#6  0x004010e7 in main (argc=1, argv=0xa042630) at malltest.c:10

and

   448 1192931 [main] malltest 1472 mmap64: 630000 = mmap() succeeded
   249 1193180 [main] malltest 1472 mmap64: addr 0, len 1048576, prot 3,
flags 22, fd -1, off 0
   202 1193382 [main] malltest 1472 handle_exceptions: In
cygwin_except_handler exc 0xC0000005 at 0x61042E26 sp 0x22FCB4
   123 1193505 [main] malltest 1472 handle_exceptions: In
cygwin_except_handler sig = 11 at 0x61042E26
   118 1193623 [main] malltest 1472 handle_exceptions: In
cygwin_except_handler calling 0x0
1193743 [main] malltest 1472 handle_exceptions: Exception:
STATUS_ACCESS_VIOLATION
   120 1193743 [main] malltest 1472 handle_exceptions: Exception:
STATUS_ACCESS_VIOLATION

The wrapper from Bill Riemer's reply works, at least when I wrap my own 
malloc() calls.

More tips are still appreciated.

Best regards,
Juergen

Ronald Landheer-Cieslak wrote:
> Your code may have an unexpected side-effect: printf allocates memory as well.
> Try using this:
> 
> #include <stdlib.h>
> 
> int main(void)
> {
>    void * x;
> 
>    x = malloc(1000000);
>    while (x != NULL)
>    {
>       x = malloc(1000000);
>       if (x == NULL)
>          write(2, "malloc returned NULL\n", 21);
>    }
>                   
>    return(0);
> }
> 
> I've tested it under gdb and with strace, both say "malloc returned NULL". OTOH,
> when simply run from the command-line, I do get a segmentation fault.
> 
> HTH
> 
> rlc
> 
> On Tue, Sep 02, 2003 at 03:35:04PM +0200, Juergen Bohn wrote:
> 
>>Tested with cygwin1.dll 1.5.3-1 and 1.3.22-1 on Win2000-SP4, malloc() does 
>>not (always)
>>return NULL if there is no more memory available.  Try, for example, simple 
>>loops like:
>>
>>  x = malloc(10000);
>>  for (i=0; x != NULL; i++)
>>  {
>>      x = malloc(10000);
>>      if (x == NULL)    printf("x is NULL\n");
>>  }
>>
>>My application terminates with a segmentation violation, but all attempts 
>>to handle this by signal() or atexit() fail.  Unfortunately, also sysconf() 
>>does not work to get the number of available pages (_SC_AVPHYS_PAGES, I get 
>>always the same but wrong value).
>>
>>While testing, I detected that errno is set to 12 ("Not enough memory") 
>>after enough iterations through the for-loop above, while variable x still 
>>is not zero.  But still my application crashes even when I break the loop 
>>at errno!=0.
>>
>>Is there any secure way to find out, how much memory is available (or hope 
>>that the malloc() problems will be solved)?
>>
>>Many thanks,
>>Juergen
>>
>>
>>
>>--
>>Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
>>Problem reports:       http://cygwin.com/problems.html
>>Documentation:         http://cygwin.com/docs.html
>>FAQ:                   http://cygwin.com/faq/
> 
> 




--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: malloc segfaults

[Corinna Vinschen]

On Tue, Sep 02, 2003 at 03:35:04PM +0200, Juergen Bohn wrote:
> Tested with cygwin1.dll 1.5.3-1 and 1.3.22-1 on Win2000-SP4, malloc() does 
> not (always)
> return NULL if there is no more memory available.  Try, for example, simple 
> loops like:
> 
>   x = malloc(10000);
>   for (i=0; x != NULL; i++)
>   {
>       x = malloc(10000);
>       if (x == NULL)    printf("x is NULL\n");
>   }
> 
> My application terminates with a segmentation violation, but all attempts 

I've applied a patch to cygwin which solves this problem.  You should
get NULL at one point instead.

> to handle this by signal() or atexit() fail.  Unfortunately, also sysconf() 
> does not work to get the number of available pages (_SC_AVPHYS_PAGES, I get 
> always the same but wrong value).

I've changed sysconf to return a more accurate value for _SC_AVPHYS_PAGES.
However, this is not a value you can rely on.  Cygwin processes might run
out of memory even though there are still a lot of physical pages available.
This is related to the fact that small allocations (less than 1 Meg) are
taken from the applications heap which might be unraisable for some reason.

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin@cygwin.com
Red Hat, Inc.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/