Bug#473812: libc6: calloc returns non-zero memory areas when mlockall is being used
Hi,
I just want to point that the bug is still there in debian 5.0.4. It is
a bit annoying because any application using libjack is concerned since
jack calls mlockall().
Here is an ugly but small test program that triggers the bug:
#include <sys/mman.h>
#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
#include <string.h>
#include <assert.h>
#include <pthread.h>
int amnt = 0;
void test(int n) {
printf("test , n=%d\n", n);
int i, j;
char *chunk[n];
int sz[n];
/* alloc */
for (i=0; i < n; ++i) {
sz[i] = 3000;
chunk[i] = calloc(sz[i], 1);
for (j=0; j< sz[i]; ++j) {
assert(chunk[i][j]==0);
chunk[i][j] = 0x88;
}
amnt += sz[i];
}
/* lock */
int ret = mlockall(MCL_CURRENT|MCL_FUTURE);
if (ret != 0) {
fprintf(stderr, "mlockall failed: %s\n", strerror(errno));
exit(1);
}
printf("Memory locked\n");
/* free */
for (i=n-1; i>=0; --i) {
for (j=0; j < sz[i]; ++j) chunk[i][j] = 0xee;
free(chunk[i]); chunk[i] = 0;
}
/* alloc again */
for (i=0; i < n; ++i) {
sz[i] = 3000;
chunk[i] = calloc(sz[i], 1);
for (j=0; j< sz[i]; ++j) {
assert(chunk[i][j]==0); // or calloc bug..
chunk[i][j] = 0x88;
}
amnt += sz[i];
}
}
void *do_test(void *arg) {
test((int)(long)arg);
printf("test finished\n");
return 0;
}
int main(int argc, char **argv) {
printf("test the calloc bug..\n");
int n = (argc > 1 ? atoi(argv[1]) : 1000);
int i;
pthread_t t;
for (i=0; i < 10; ++i) {
pthread_create(&t, 0, &do_test, (void*)(long)n);
}
pthread_join(t, 0);
printf("allocated %d bytes\n", amnt);
return 0;
}
output with with libc6 2.7-18lenny2 on a x86_64 installation:
> gcc ./clbug.c -pthread && ./a.out 1000
test the calloc bug..
test , n=1000
test , n=1000
test , n=1000
test , n=1000
test , n=1000
test , n=1000
test , n=1000
test , n=1000
test , n=1000
test , n=1000
Memory locked
Memory locked
Memory locked
Memory locked
Memory locked
a.out: ./clbug.c:46: test: Assertion `chunk[i][j]==0' failed.
Aborted
I believe it has been fixed in newer glibc releases ( see
https://bugzilla.redhat.com/show_bug.cgi?id=405781 )
Reply to: