netbsd-bugs: lib/8295: libc realloc SEGV

Subject: lib/8295: libc realloc SEGV
To: None <gnats-bugs@gnats.netbsd.org>
From: None <prlw1@cam.ac.uk>
List: netbsd-bugs
Date: 08/30/1999 17:06:14
>Number:         8295
>Category:       lib
>Synopsis:       SEGV in realloc
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    lib-bug-people (Library Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Aug 30 17:05:01 1999
>Last-Modified:
>Originator:     Patrick Welche
>Organization:
	
>Release:        kernel of 25 August 1999
>Environment:
	
System: NetBSD-1.4K/i386


>Description:
Possibly inaccurate conclusion:
  something broke realloc in libc 12.44 between 3 July 1999 and 23 August 1999

Evidence:
I have 3 animations (normal modes of cordierite) to be found at
http://www.newn.cam.ac.uk/prlw/NetBSD/ called

           size/bytes
small.miff 4936878
med.miff   6462793
big.miff   8238807

I try to view them with a freshly compiled (not pkgsrc) animate from
ImageMagick versions 4.2.7 and 4.2.8 (configure --enable-shared --without-perl).
small.miff works, but med.miff and big.miff don't => size effect. med.miff
and big.miff cause a core dump as per posting to current-users of 23 August
(quote):

Program terminated with signal 11, Segmentation fault.
(gdb) bt
#0  0x48393b6c in memcpy ()
#1  0xa5d1000 in ?? ()
#2  0x483931db in realloc (ptr=0xb8fd000, size=1843200)
    at /usr/src/lib/libc/stdlib/malloc.c:1135
#3  0x48118519 in ReallocateMemory (memory=0xb8fd000, size=1843200)

No segmentation fault occurs viewing big.miff with
ImageMagick	NetBSD	libc			RAM/swap in Mbytes
4.0.4		1.4	12.40  7 May		24/56
4.2.8		1.4	12.40  7 May		24/56
4.0.4		current	12.44  3 Jul aout emul	128/356
4.2.8		current	12.44 25 Aug +efence	128/356
but does occur with
4.2.8		current	12.44 25 Aug		128/356

The conclusion is that ImageMagick 4.0.4 works on the current machine because
it is using aout emulation and so is using the older libc 12.44 of 3 July,
whereas ImageMagick 4.2.8 on the current machine is using the current
libc 12.44 of 25 August, and ImageMagick isn't at fault as 4.2.8 runs on the
1.4 machine, again with the older libc. Brett Lymn suggested using electric
fence. The astounding outcome is that no segmentation fault occurs at all
when efence is linked in. Question: does it replace malloc? Suspicion points
at libc.
>How-To-Repeat:
View http://www.newn.cam.ac.uk/prlw/NetBSD/big.miff using animate with a libc
more recent than 23 August. If others could repeat to reduce the time interval
(3 Jul,23 Aug) it would help!
>Fix:
	
>Audit-Trail:
>Unformatted: