Date: Wed, 28 Jan 2009 13:53:50 +0100 From: =?ISO-8859-1?Q?S=F8ren_Schmidt?= <sos@freebsd.org> To: Channa <channa.kad@gmail.com> Cc: freebsd-current@freebsd.org Subject: Re: Jemalloc SEGV for 1MB chunk Message-ID: <E1A13940-217F-4C61-B3E0-766F36709322@freebsd.org> In-Reply-To: <515c64960901280445l1ab33256sae2e69df30efe502@mail.gmail.com> References: <515c64960901280339m17fa9309v2e1bc3f55454ab@mail.gmail.com> <49804597.6040303@gmx.de> <515c64960901280401w1e1d08bfx29adc124bc749c4a@mail.gmail.com> <E1LS9Pa-000NBW-Ct@kabab.cs.huji.ac.il> <515c64960901280425y642a190ka31409cfc2a2fd8f@mail.gmail.com> <49804FCE.7090405@gmx.de> <515c64960901280445l1ab33256sae2e69df30efe502@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 28Jan, 2009, at 13:45 , Channa wrote:
> Hi,
> "This really does not belong on freebsd-current@." by this you mean to
> say in FreeBSD current this problem is not seen.
>
> Are you referring to FreeBSD current jemalloc version which is =20
> "1.183".
> Since i am using the same Version of jemalloc to test the code.
>
> Could you please elaborate more if my understanding on your statment =20=
> is correct?
You are using strlen() on a string that is not NULL terminated. That =20
is a violation of how strlen() works, and the result is undefined. =20
That means anything can happen including killing you dog, eating your =20=
first born child etc etc.
To be brutally honest with you, this is one of the most important =20
things you (should) learn when using strings in 'C', that is why it =20
doesn't belong here on the list.
-S=F8ren
>
>
> Thanks in Advance,
> Channa
>
>
> On 28/01/2009, Christoph Mallon <christoph.mallon@gmx.de> wrote:
>> Channa schrieb:
>>
>>> Hi,
>>> Thanks for the reply.
>>>
>>> I understand , after terminating the string with NULL character no =20=
>>> SEGV is
>> seen.
>>>
>>> But if i change the request size to a value less than 1MB for eg: =20=
>>> 4096
>> Bytes,
>>>
>>> As in the below test code:
>>>
>>> #include <stdio.h>
>>> #include <stdlib.h>
>>> #include <string.h>
>>>
>>> int main()
>>> {
>>> int i;
>>> char *buf;
>>> size_t size =3D 4096 ;
>>>
>>> buf =3D malloc(size);
>>> for (i =3D 0; i < size; i++)
>>> buf[i] =3D 'a';
>>> printf("The length of buff is : %d\n",strlen(buf));
>>> free(buf);
>>> return 0;
>>> }
>>>
>>> I dont see any issues, without terminating the string with NULL
>>> character the test code works fine. The issue is seen only for size
>>> 1MB exactly.
>>>
>>> Can anyone explain this behaviour?
>>>
>>
>> Undefined behaviour and (bad) luck. You are reading random garbage =20=
>> from
>> memory. For a large allocation like 1MB you get page aligned memory =20=
>> and the
>> page after the allocation is very likely not mapped, so you get a =20
>> segfault
>> when you try to access it.
>> This really does not belong on freebsd-current@.
>>
> _______________________________________________
> freebsd-current@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to =
"freebsd-current-unsubscribe@freebsd.org=20
> "
>
-S=F8ren
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E1A13940-217F-4C61-B3E0-766F36709322>