This is the mail archive of the glibc-bugs@sources.redhat.com mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug libc/617] New: malloc(10396) actually allocates 4 less bytes


o. Howto reproduce the bug:
=========================================================
my OS:
 $cat /etc/redhat-release
 Red Hat Linux release 8.0 (Psyche)

CPU:    $cat /proc/cpuinfo
        ...
        model name:    Intel(R) Pentium(R) 4 CPU 2.60GHz
        ...

the libc:
 $rpm -qa | grep libc
         glibc-2.2.93-5
         glibc-devel-2.2.93-5
         glibc-common-2.2.93-5

======================================================
o. The symptom

 As far as I know, the internal management data structure 
of malloc is called "malloc_chunk"(see bellow). The fields 
<prev_size> and <size> are the space overhead of management. 
They are 8 bytes in total. the least sig bit of <size> is not the 
part of encoding of the "size" of the chunk, it indicates the 
"previous chunk is in use". 

glibc-2.2.5/malloc/malloc.c
1028 struct malloc_chunk
1029 {
1030   INTERNAL_SIZE_T prev_size; /* Size of previous chunk (if free). */
1031   INTERNAL_SIZE_T size;      /* Size in bytes, including overhead. */
1032   struct malloc_chunk* fd;   /* double links -- used only if free. */
1033   struct malloc_chunk* bk;
1034 };

      Assume statement is "char* p = (char*)malloc(10396)",  and the <p>,
after return from malloc, is 0x804958c. in gdb, we can see the <size> 
fields of the malloc_chunk corresponding to <p> is 0x28a1, see bellow.  
 (gdb)x/4b p-4
        0x804958c:   0xa1   0x28   0x00   0x00
Where, the "0x28a1" means the size of chunk is 0x28a1&~1 = 0x28a0 = 10400, so
the capacity of user data is (10400 - 8-byte-overhead) = 10392 which is 4 bytes 
less than the required.

-- 
           Summary: malloc(10396) actually allocates 4 less bytes
           Product: glibc
           Version: 2.2.5
            Status: NEW
          Severity: normal
          Priority: P2
         Component: libc
        AssignedTo: gotom at debian dot or dot jp
        ReportedBy: sxyang_2004 at hotmail dot com
                CC: glibc-bugs at sources dot redhat dot com


http://sources.redhat.com/bugzilla/show_bug.cgi?id=617

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]