Board index Solaris

deadbeef malloc corrupted heap, etc.

deadbeef malloc corrupted heap, etc.

Post by cmcnau.. » Fri, 13 May 2005 22:15:28



Been trying to track down corrupted malloc'd area on an old application
running under Solaris 2.6 and using xview. The application Bus Errors
with an invalid address alignment when a pointer in a malloc'd area
used by a trusted area of the code is corrupted by (I think) 3rd party
map generation software in another part of the application.
Using WATCHMALLOC I have found and corrected 10 coding errors which
could have caused the problem (writing outside the malloc'd area) but
on the latest run got all the way back to the same Bus Error without
being trapped by WATCHMALLOC. The core file shows the hex value
0xdeadbeef in the corrupted pointer (and other memory locations)
although previous to the coding error fixes I've seen a 0x1 in the
corrupted area. I'm looking for some advice on what to do next. No
reference to 'deadbeef' in the application code. Any idea on where it
may originate or any advice on further debugging?
BTW each run under WATCHMALLOC takes about 6 hours.
Colin McNaught
 
 
 
Top

deadbeef malloc corrupted heap, etc.

Post by Thomas Maier-Komo » Fri, 13 May 2005 22:38:55



> Been trying to track down corrupted malloc'd area on an old application
> running under Solaris 2.6 and using xview. The application Bus Errors
> with an invalid address alignment when a pointer in a malloc'd area
> used by a trusted area of the code is corrupted by (I think) 3rd party
> map generation software in another part of the application.
> Using WATCHMALLOC I have found and corrected 10 coding errors which
> could have caused the problem (writing outside the malloc'd area) but
> on the latest run got all the way back to the same Bus Error without
> being trapped by WATCHMALLOC. The core file shows the hex value
> 0xdeadbeef in the corrupted pointer (and other memory locations)
> although previous to the coding error fixes I've seen a 0x1 in the
> corrupted area. I'm looking for some advice on what to do next. No
> reference to 'deadbeef' in the application code. Any idea on where it
> may originate or any advice on further debugging?
> BTW each run under WATCHMALLOC takes about 6 hours.
> Colin McNaught

0xdeadbeef means the block has already been free'ed. Did you consider
running the application on a Solaris 9 machine with libumem. AFAIK
it is faster and offers more functionality than watchmalloc. See man
umem_debug for an explanation.

Tom

 
 
 
Top

deadbeef malloc corrupted heap, etc.

Post by cmcnau.. » Sat, 14 May 2005 00:05:58


Thanks, I should read the man pages more carefully....
Solaris 9 is not an option at this time unfortunately. Ploughing on...
Colin
 
 
 
Top

1. malloc, linux heap corrupt

I keep getting a sigsegv when running an application.  I am converting an
app from windows to linux and have a lot of code already written and pretty
much all of my objects are created using malloc.  I am assuming that I am
messing up the heap.  But how would I pinpoint the error.  I have a lot of
structs that at times have 70 members in them of mixed types , float, int,
bool.  And then I do a malloc to create objects like these.  Should this be
giving me trouble? or is it something else?  Should I shrink my structs.

typedef struct Obj1 {
    float a;
   int b;
    ...
    bool c;

Obj *x = (Obj *)malloc(sizeof(Obj));

Hmm...

Berlin Brown

2. What is the fucntion of /etc/networks (In Debian 1.3.0) ?

3. AIX malloc heap fragmentation

4. Diff between grep, egrep, fgrep

5. malloc and heap limit

6. Just to let you know

7. BUG: malloc heap corruption in rpc.nisd_resolv

8. how do I request/verify 4M shared memory pages

9. S10_b63 malloc heap corruption in pkg utilities (pkginstall)

10. Corrupted heap storage after function call

11. FS corrupt..etc...etc..

12. Kernel Heap & Pinned Heap

13. should malloc.h include ansidecl.h? u_long, etc.


All times are UTC
Board index