This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/12140] New: mallopt(M_PERTURB) free() anomaly
- From: "mtk.manpages at gmail dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sources dot redhat dot com
- Date: Wed, 20 Oct 2010 02:39:56 +0000
- Subject: [Bug libc/12140] New: mallopt(M_PERTURB) free() anomaly
- Auto-submitted: auto-generated
http://sourceware.org/bugzilla/show_bug.cgi?id=12140
Summary: mallopt(M_PERTURB) free() anomaly
Product: glibc
Version: 2.12
Status: NEW
Severity: normal
Priority: P2
Component: libc
AssignedTo: drepper.fsp@gmail.com
ReportedBy: mtk.manpages@gmail.com
If mallopt() is used to set M_PERTURB, then, as expected, the bytes of
allocated memory are allocated to the complement of the byte in the 'value'
argument.
When that memory is freed, then the bytes of the region are initialized to the
byte specified in 'value'. However, there is an off-by-sizeof(size_t) error in
the code: instead of initializing precisely the block of memory being freed,
the block starting at p+sizeof(size_t) is initialized.
It looks like the two lines of this form in malloc/malloc.c
free_perturb (chunk2mem(p), size - SIZE_SZ);
should instead be
free_perturb (p, size);
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.