On Freitag 21 Dezember 2007, Daniel Jacobowitz wrote:
> On Fri, Dec 21, 2007 at 12:15:43PM -0500, Andreas Kloeckner wrote:
> > Breakpoint 1, mmap_resize (m=0x2b6a5b236010, oldp=0x2b6a5bdb4000,
> > nb=406784) at src/gklib/dlmalloc.c:2358
> > 2358 if (cp != CMFAIL) {
>
> So you're here...
>
> > 2356 char* cp = (char*)CALL_MREMAP((char*)oldp - offset,
> > 2357 oldmmsize, newmmsize, 1);
>
> Having just done this...
>
> > #define CALL_MREMAP(addr, osz, nsz, mv) ((void)(addr),(void)(osz), \
> > (void)(nsz), (void)(mv),MFAIL)
>
> Which you said expands to this...
>
> > (gdb) p cp
> > $3 = 0x5bdb4000 <Address 0x5bdb4000 out of bounds>
>
> So how can this possibly be true, and how does mremap have anything to
> do with your problem? Nowhere in this code are you calling it.
>
> I think we need a testcase for this problem, if you are convinced it
> has something to do with glibc. Also try strace.
Oops. I pasted the wrong line. CALL_MREMAP is
8< ------------------------------------------------------------
#define CALL_MREMAP(addr, osz, nsz, mv) mremap((addr), (osz), (nsz), (mv))
8< ------------------------------------------------------------
And there is indeed a call to mremap, and it is indeed the last thing the
process does. The strace return value looks ok, but the value that arrives in
C (at least according to gdb and the segfault) is not.
8< ------------------------------------------------------------
...
mremap(0x2ba79d9ef000, 573440, 409600, MREMAP_MAYMOVE) = 0x2ba79d9ef000
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV +++
8< ------------------------------------------------------------
And the code is not really mine--it's just dlmalloc.
Andreas
Attachment:
signature.asc
Description: This is a digitally signed message part.