[Bug libc/1349] New: malloc_usable_size() incorrect when MALLOC_CHECK_>0

[Bug libc/1349] New: malloc_usable_size() incorrect when MALLOC_CHECK_>0

[jkearney at endeca dot com]

When MALLOC_CHECK_>0, an extra byte is added to each allocation for checking. 
malloc_usable_size() doesn't take this extra byte off the return value in this
case.  Try the following with MALLOC_CHECK_=2:

    void* p = malloc(7);
    size_t usable = malloc_usable_size(p);
    memset(p, 0, usable);
    p = realloc(p, 7);

-- 
           Summary: malloc_usable_size() incorrect when MALLOC_CHECK_>0
           Product: glibc
           Version: 2.3.5
            Status: NEW
          Severity: normal
          Priority: P2
         Component: libc
        AssignedTo: gotom at debian dot or dot jp
        ReportedBy: jkearney at endeca dot com
                CC: glibc-bugs at sources dot redhat dot com


http://sourceware.org/bugzilla/show_bug.cgi?id=1349

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

[Bug libc/1349] malloc_usable_size() incorrect when MALLOC_CHECK_>0

[drepper at redhat dot com]

------- Additional Comments From drepper at redhat dot com  2005-09-28 22:45 -------
You are misusing malloc_usable_size().  The function gives you information on
how much memory a really call can provide you in place.  It does not
automagically extends the memory block.  The realloc call is needed.

Admittedly, the information returned by malloc_usable_size() doesn't take the
magic byte into account and therefore a really call, which would normally be
extended in place, can require a repositioning.  But this is no big issue and
not worth changing.

In summary: your test code is wrong and deserves to crash.

-- 
           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |INVALID


http://sourceware.org/bugzilla/show_bug.cgi?id=1349

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

[Bug libc/1349] malloc_usable_size() incorrect when MALLOC_CHECK_>0

[jkearney at endeca dot com]

------- Additional Comments From jkearney at endeca dot com  2005-09-29 01:22 -------
Subject: RE:  malloc_usable_size() incorrect when MALLOC_CHECK_>0

Ulrich, I'm not sure that we're communicating here.  The comment for malloc_usable_size() says:

  Returns the number of bytes you can actually use in
  an allocated chunk, which may be more than you requested (although
  often not) due to alignment and minimum size constraints.
  You can use this many bytes without worrying about
  overwriting other allocated objects.

The code sample given conforms to this contract, and works fine when MALLOC_CHECK_=0.  When MALLOC_CHECK_ is not 0, the magic byte is overwritten because it is not accounted for.  Therefore, *any* operation that checks the magic bytes after the memset() will report an error and/or abort.  Change realloc() to free() and the same thing will happen.  It has nothing to do with "extension" or "repositioning".

Granted, it's a usage which is not very nice, but I don't think it's "misusing malloc_usable_size()".

-----Original Message-----
From: drepper at redhat dot com
[mailto:sourceware-bugzilla@sourceware.org]
Sent: Wednesday, September 28, 2005 6:46 PM
To: Jim Kearney
Subject: [Bug libc/1349] malloc_usable_size() incorrect when
MALLOC_CHECK_>0



------- Additional Comments From drepper at redhat dot com  2005-09-28 22:45 -------
You are misusing malloc_usable_size().  The function gives you information on
how much memory a really call can provide you in place.  It does not
automagically extends the memory block.  The realloc call is needed.

Admittedly, the information returned by malloc_usable_size() doesn't take the
magic byte into account and therefore a really call, which would normally be
extended in place, can require a repositioning.  But this is no big issue and
not worth changing.

In summary: your test code is wrong and deserves to crash.

-- 
           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |INVALID


http://sourceware.org/bugzilla/show_bug.cgi?id=1349

------- You are receiving this mail because: -------
You reported the bug, or are watching the reporter.

This email message and any attachments are confidential to Endeca. If you are not the intended recipient, please notify Endeca immediately -- by replying to this message or by sending an email to: legal@endeca.com -- and destroy all copies of this message and any attachments. Thank you.




-- 


http://sourceware.org/bugzilla/show_bug.cgi?id=1349

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.