Subject: lib/34602: Bug in malloc implementation contains dead code in free_pages()
To: None <lib-bug-people@netbsd.org, gnats-admin@netbsd.org,>
From: None <sushant.iet@gmail.com>
List: netbsd-bugs
Date: 09/25/2006 04:35:00
>Number: 34602
>Category: lib
>Synopsis: Bug in malloc implementation contains dead code in free_pages()
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: lib-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Mon Sep 25 04:35:00 +0000 2006
>Originator: sushant
>Release: netbsd-3.0
>Organization:
>Environment:
armv5tejl
>Description:
i come across one malloc() bug in netbsd-3.0 ... as in user program if
we does a free(). it goes to free_pages() and tries to move pointers
in free list.
But in the free_pages() there are some dead code that will never gets executed..
from the code segment in free_pages():
==============
free_pages() {
.....
......
/* Return something to OS ? */
if (!pf->next && /* If we're the last one, */
pf->size > malloc_cache && /* ..and the cache is full, */
pf->end == malloc_brk && /* ..and none behind us, */
malloc_brk == sbrk((intptr_t)0)) { /* ..and it's OK to do... */
/*
* Keep the cache intact. Notice that the '>' above guarantees that
* the pf will always have at least one page afterwards.
*/
pf->end = (char *)pf->page + malloc_cache;
pf->size = malloc_cache;
brk(pf->end);
malloc_brk = pf->end;
idx = ptr2idx(pf->end);
last_idx = idx - 1;
for(i=idx;i <= last_idx;)
page_dir[i++] = MALLOC_NOT_MINE;
/* XXX: We could realloc/shrink the pagedir here I guess. */
}
=============
In this code it is recalulating the idx from the increased break limit
and setting the last_idx=idx -1;
But in the for loop it is doing for(i=idx;i<=last_idx;) that can not be possible
so this loop will never gets executed.
So i want to confirm whether it is a bug in netbsd-3.0 or intensely
it's been put here...Because it is as good as putting that for loop in
#if 0 #endif.
Waiting for the quick response...
Please while replying do CC to me as i am not the member of the
mailing list...as i am a newbie...
>How-To-Repeat:
>Fix: