Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 15 Jul 1995 12:42:15 -0400 (EDT)
From:      John Capo <jc@irbs.com>
To:        freebsd-current@freefall.cdrom.com (freebsd-current)
Subject:   Possible Bogus free()'s in ypserv
Message-ID:  <199507151642.MAA02357@irbs.irbs.com>

next in thread | raw e-mail | index | archive | help
As an experiment, I built a system linked with gnu malloc.  The
only hitch so far is in ypserv.

In server.c:read_database() there are several places where the data
obtained from db->get() is being freed.  In my case it crashes in
free() from the calls at line 369 and 401.  ckey.data is an odd
value for one thing.  The normal libc free() silently returns due
to the magic check.  Gnu free() wanders off on a bogus linked list.

>From libc/stdlib/malloc.c:free()

        op = (union overhead *)((caddr_t)cp - sizeof (union overhead));
#ifdef DEBUG
        ASSERT(op->ov_magic == MAGIC);          /* make sure it was in use */
#else
        if (op->ov_magic != MAGIC)
                return;                         /* sanity */
#endif

So, should the data obtained from db->get() be freed and if so,
why is it not malloced memory?

-- 
John Capo



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199507151642.MAA02357>