[A K KARTIK <akkartik@mailcity.com>] libc/1158: glibc: segmentation fault within malloc

[Andreas Jaeger <aj@arthur.rhein-neckar.de>]

Could anybody with c++ knowledge look into the appended bug report and
tell us what's wrong?  I get the same error with glibc 2.1.1.

Thanks,
Andreas

---

• Subject: libc/1158: glibc: segmentation fault within malloc
• From: A K KARTIK <akkartik@mailcity.com>
• Date: Sat Jun 12 08:35:35 1999

Topics:
   libc/1158: glibc: segmentation fault within malloc


----------------------------------------------------------------------

Date: Fri, 11 Jun 1999 09:19:40 +0530
From: A K KARTIK <akkartik@mailcity.com>
To: bugs@gnu.org
Subject: libc/1158: glibc: segmentation fault within malloc
Message-Id: <37608753.10BF@mailcity.com>


>Number:         1158
>Category:       libc
>Synopsis:       segmentation fault occurs within malloc. Sample program given.
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    libc-gnats
>State:          open
>Class:          sw-bug
>Submitter-Id:   unknown
>Arrival-Date:   Fri Jun 11 21:10:01 EDT 1999
>Last-Modified:
>Originator:     A K Kartik
>Organization:
>Release:        libc-2.0.7
>Environment:
Host type: i586-pc-linux-gnu
System: Linux agaram 2.0.34 #2 Thu Jul 9 10:57:48 EST 1998 i486 unknown
Architecture: i486
	(Cyrix 5x86)
RAM: 16MB
Hard Disk: 540MB
Linux Partition Size: 100MB
Linux Distribution: debian 2.0.2

G++ version: egcs-2.90.29 980515 (egcs-1.0.3 release)
GNU binutils: 2.9.1
	as: 2.9.1
	gasp: 1.2
	ld: 2.9.1
cpp: 2.7.2.3
gdb: 4.17
ldso: 1.9.9
libc6: 2.0.7t-1
libg++272: 2.7.2.8	libc6 version
libstdc++2.8: 2.90.29 egcs version

Addons: crypt linuxthreads localedata
Build CFLAGS: -g -O2
Build CC: gcc -B$(common-objpfx)
Build shared: yes
Build profile: yes
Build omitfp: no
Stdio: libio

>Description:
	the following program causes a segmentation fault within malloc:
	a sample run through the debugger is also shown.
	I suspect there is some problem in memory allocation, though the 
amount being allocated is not much. However, IMO, malloc should 	be able
to simply return NULL, instead of crashing.

>How-To-Repeat:
	To observe the bug, do the following ('$' denotes the prompt) :

	$ vim temp.cc
////temp.cc
# include <math.h>
# include <stdio.h>
# include <stdlib.h>

class node {
	int d ;
	int c ;
	int k ;
	int t ;
	int n ;
	int o ;
	int o2 ;
 
	node* ty ;
	int locality ;
	node** ngh ;
	node** input ;

  public:
	~node () ;
	void init (int d, int conn) ;
} ;

node :: ~node () {
	if (ngh) free (ngh) ;
	if (input) free (input) ;
}

void node :: init (int d, int conn) {
	locality = (int) pow ((double)2, (double)d) ;
	printf ("Entering malloc - allocating %d pointers\n", locality) ;
	fflush (stdout) ;
	ngh = (node**) malloc (locality * sizeof(node*)) ;
	input = (node**) malloc (conn * sizeof (node*)) ;
	printf ("Exitting malloc - pointers: %x %x\n", ngh, input) ;
	fflush (stdout) ;
}

const int MAX_DIM = 8 ;

class network {
	int size [MAX_DIM] ;		//Array holding the sizes of the various dims
	int total_size ;			//total size of the entire multidim array
	node* actnode ;
		
  public:
	~network () ;
	void init (int dim, int conn, int sz [MAX_DIM]) ;
} ;

network :: ~network () {
	if (actnode) free (actnode) ;
}

void network :: init (int d, int conn, int sz [MAX_DIM]) {
	int i ;

	total_size = 1 ;
	for (i = 0; i < MAX_DIM; i++) {
		if (sz [i] == 0) break ;
		size [i] = sz [i] ;
		total_size *= sz [i] ;
	}

	actnode = (node*) malloc (total_size * sizeof (actnode)) ;

	for (i = 0; i < total_size; i++) 
		actnode [i].init (d, conn) ;
}

void main () {
	int dimsize [MAX_DIM] = {70} ;
	network hop ;
	hop.init (1, 5, dimsize) ;
}
///////End of temp.cc
	$ g++ -g temp.cc
	$ a.out
	This results in a segmentation fault. The origin of the fault is seen
to
	be malloc by doing:
	$ gdb a.out
	(gdb) r
Entering malloc - allocating 2 pointers
Exitting malloc - pointers: 8049f70 8049f80
Entering malloc - allocating 2 pointers
Exitting malloc - pointers: 8049f98 8049fa8
Entering malloc - allocating 2 pointers
Exitting malloc - pointers: 8049fc0 8049fd0
Entering malloc - allocating 2 pointers
Exitting malloc - pointers: 8049fe8 8049ff8
Entering malloc - allocating 2 pointers
Exitting malloc - pointers: 804a010 804a020
Entering malloc - allocating 2 pointers
Exitting malloc - pointers: 804a038 804a048
Entering malloc - allocating 2 pointers
Exitting malloc - pointers: 804a060 804a070
Entering malloc - allocating 2 pointers
Exitting malloc - pointers: 804a088 804a098
Entering malloc - allocating 2 pointers
Exitting malloc - pointers: 804a0b0 804a0c0
Entering malloc - allocating 2 pointers
Exitting malloc - pointers: 804a0d8 804a0e8
Entering malloc - allocating 2 pointers
Exitting malloc - pointers: 804a100 804a110
Entering malloc - allocating 2 pointers
Exitting malloc - pointers: 804a128 804a138
Entering malloc - allocating 2 pointers
Exitting malloc - pointers: 804a150 804a160
Entering malloc - allocating 2 pointers
Exitting malloc - pointers: 804a178 804a188
Entering malloc - allocating 2 pointers
Exitting malloc - pointers: 804a1a0 804a1b0
Entering malloc - allocating 2 pointers
Exitting malloc - pointers: 804a1c8 804a1d8
Entering malloc - allocating 2 pointers
Exitting malloc - pointers: 804a1f0 804a200
Entering malloc - allocating 2 pointers
Exitting malloc - pointers: 804a218 804a228
Entering malloc - allocating 2 pointers
Exitting malloc - pointers: 804a240 804a250
Entering malloc - allocating 2 pointers
Exitting malloc - pointers: 804a268 804a278
Entering malloc - allocating 2 pointers
Exitting malloc - pointers: 804a290 804a2a0
Entering malloc - allocating 2 pointers
Exitting malloc - pointers: 804a2b8 804a2c8
Entering malloc - allocating 2 pointers
Exitting malloc - pointers: 804a2e0 804a2f0
Entering malloc - allocating 2 pointers
Exitting malloc - pointers: 804a308 804a318
Entering malloc - allocating 2 pointers
Exitting malloc - pointers: 804a330 804a340
Entering malloc - allocating 2 pointers
Exitting malloc - pointers: 804a358 804a368
Entering malloc - allocating 2 pointers
Exitting malloc - pointers: 804a380 804a390
Entering malloc - allocating 2 pointers
Exitting malloc - pointers: 804a3a8 804a3b8
Entering malloc - allocating 2 pointers
Exitting malloc - pointers: 804a3d0 804a3e0
Entering malloc - allocating 2 pointers
Exitting malloc - pointers: 804a3f8 804a408
Entering malloc - allocating 2 pointers
Exitting malloc - pointers: 804a420 804a430
Entering malloc - allocating 2 pointers
Exitting malloc - pointers: 804a448 804a458
Entering malloc - allocating 2 pointers
Exitting malloc - pointers: 804a470 804a480
Entering malloc - allocating 2 pointers
Exitting malloc - pointers: 804a498 804a4a8
Entering malloc - allocating 2 pointers
Exitting malloc - pointers: 804a4c0 804a4d0
Entering malloc - allocating 2 pointers
Exitting malloc - pointers: 804a4e8 804a4f8
Entering malloc - allocating 2 pointers
Exitting malloc - pointers: 804a510 804a520
Entering malloc - allocating 2 pointers
Exitting malloc - pointers: 804a538 804a548
Entering malloc - allocating 2 pointers
Exitting malloc - pointers: 804a560 804a570
Entering malloc - allocating 2 pointers
Exitting malloc - pointers: 804a588 804a598
Entering malloc - allocating 2 pointers
Exitting malloc - pointers: 804a5b0 804a5c0
Entering malloc - allocating 2 pointers
Exitting malloc - pointers: 804a5d8 804a5e8
Entering malloc - allocating 2 pointers
Exitting malloc - pointers: 804a600 804a610
Entering malloc - allocating 2 pointers
Exitting malloc - pointers: 804a628 804a638
Entering malloc - allocating 2 pointers
Exitting malloc - pointers: 804a650 804a660
Entering malloc - allocating 2 pointers
Exitting malloc - pointers: 804a678 804a688
Entering malloc - allocating 2 pointers
Exitting malloc - pointers: 804a6a0 804a6b0
Entering malloc - allocating 2 pointers
Exitting malloc - pointers: 804a6c8 804a6d8
Entering malloc - allocating 2 pointers
Exitting malloc - pointers: 804a6f0 804a700
Entering malloc - allocating 2 pointers
Exitting malloc - pointers: 804a718 804a728
Entering malloc - allocating 2 pointers
Exitting malloc - pointers: 804a740 804a750
Entering malloc - allocating 2 pointers
Exitting malloc - pointers: 804a768 804a778
Entering malloc - allocating 2 pointers
Exitting malloc - pointers: 804a790 804a7a0
Entering malloc - allocating 2 pointers
Exitting malloc - pointers: 804a7b8 804a7c8
Entering malloc - allocating 2 pointers
Exitting malloc - pointers: 804a7e0 804a7f0
Entering malloc - allocating 2 pointers
Exitting malloc - pointers: 804a808 804a818
Entering malloc - allocating 2 pointers
Exitting malloc - pointers: 804a830 804a840
Entering malloc - allocating 2 pointers
Exitting malloc - pointers: 804a858 804a868
Entering malloc - allocating 2 pointers
Exitting malloc - pointers: 804a880 804a890
Entering malloc - allocating 2 pointers
Exitting malloc - pointers: 804a8a8 804a8b8
Entering malloc - allocating 2 pointers
Exitting malloc - pointers: 804a8d0 804a8e0
Entering malloc - allocating 2 pointers
Exitting malloc - pointers: 804a8f8 804a908
Entering malloc - allocating 2 pointers
Exitting malloc - pointers: 804a920 804a930
Entering malloc - allocating 2 pointers

Program received signal SIGSEGV, Segmentation fault.
0x400a9c66 in free ()
Current language:  auto; currently c

	(gdb) bt
#0  0x400a9c66 in free ()
#1  0x400a935a in __malloc_check_init ()
#2  0x400a99a5 in malloc ()
#3  0x400a9435 in malloc ()
#4  0x8048816 in node::init (this=0x804a924, d=1, conn=5) at temp.cc:33
#5  0x80489a8 in network::init (this=0xbffffd98, d=1, conn=5,
sz=0xbffffdc0)
    at temp.cc:68
#6  0x8048a09 in main () at temp.cc:74
	
>Fix:
	Method 1: reducing the size of the array dimsize. 
	Method 2: removing the first 7 variables in class anode.
	Obviously, neither method is really any use.


>Audit-Trail:
>Unformatted:


------------------------------

End of forward6KA6xb Digest
***************************

---

-- 
 Andreas Jaeger   aj@arthur.rhein-neckar.de    jaeger@informatik.uni-kl.de
  for pgp-key finger ajaeger@aixd1.rhrk.uni-kl.de