Bug#473812: libc6: calloc returns non-zero memory areas when mlockall is being used

To: 473812@bugs.debian.org
Subject: Bug#473812: libc6: calloc returns non-zero memory areas when mlockall is being used
From: Julien Pommier <pommier@pianoteq.com>
Date: Fri, 19 Feb 2010 11:19:02 +0100
Message-id: <1266574742.4960.914.camel@quadbuntu>
Reply-to: Julien Pommier <pommier@pianoteq.com>, 473812@bugs.debian.org

Hi,

I just want to point that the bug is still there in debian 5.0.4. It is
a bit annoying because any application using libjack is concerned since
jack calls mlockall(). 

Here is an ugly but small test program that triggers the bug:

#include <sys/mman.h>
#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
#include <string.h>
#include <assert.h>
#include <pthread.h>
int amnt = 0;

void test(int n) {
  printf("test , n=%d\n", n);
  int i, j;
  char *chunk[n]; 
  int sz[n];

  /* alloc */
  for (i=0; i < n; ++i) {
    sz[i] = 3000;
    chunk[i] = calloc(sz[i], 1);
    for (j=0; j< sz[i]; ++j) {
      assert(chunk[i][j]==0);
      chunk[i][j] = 0x88;
    }
    amnt += sz[i];
  }

  /* lock */
  int ret = mlockall(MCL_CURRENT|MCL_FUTURE);
  if (ret != 0) {
     fprintf(stderr, "mlockall failed: %s\n", strerror(errno));
     exit(1);
  }
  printf("Memory locked\n");

  /* free */
  for (i=n-1; i>=0; --i) {
    for (j=0; j < sz[i]; ++j) chunk[i][j] = 0xee; 
    free(chunk[i]); chunk[i] = 0; 
  }

  /* alloc again */
  for (i=0; i < n; ++i) {
    sz[i] = 3000;
    chunk[i] = calloc(sz[i], 1);
    for (j=0; j< sz[i]; ++j) {
      assert(chunk[i][j]==0); // or calloc bug..
      chunk[i][j] = 0x88;
    }
    amnt += sz[i];
  }
}

void *do_test(void *arg) {
  test((int)(long)arg);
  printf("test finished\n");
  return 0;
}

int main(int argc, char **argv) {
  printf("test the calloc bug..\n");
  int n = (argc > 1 ? atoi(argv[1]) : 1000);
  int i;
  pthread_t t;
  for (i=0; i < 10; ++i) { 
    pthread_create(&t, 0, &do_test, (void*)(long)n);
  }
  pthread_join(t, 0);
  printf("allocated %d bytes\n", amnt);
  return 0;
}



output with with libc6 2.7-18lenny2 on a x86_64 installation:
> gcc ./clbug.c -pthread && ./a.out 1000

test the calloc bug..
test , n=1000
test , n=1000
test , n=1000
test , n=1000
test , n=1000
test , n=1000
test , n=1000
test , n=1000
test , n=1000
test , n=1000
Memory locked
Memory locked
Memory locked
Memory locked
Memory locked
a.out: ./clbug.c:46: test: Assertion `chunk[i][j]==0' failed.
Aborted

I believe it has been fixed in newer glibc releases ( see
https://bugzilla.redhat.com/show_bug.cgi?id=405781 )

Reply to:

Prev by Date: Teacher Appreciation Week is coming - How are you celebrating?
Next by Date: Bug#570603: libc6: fallocate and posix_fallocate do weird system calls
Previous by thread: Teacher Appreciation Week is coming - How are you celebrating?
Next by thread: Bug#473812: libc6: calloc returns non-zero memory areas when mlockall is being used
Index(es):
- Date
- Thread