[bug #22567] malloc() can occasionally run into an infinite loop

View: New views

6 Messages — Rating Filter: Alert me

	[bug #22567] malloc() can occasionally run into an infinite loop by Sebastian Gerhardt-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message URL: <http://savannah.nongnu.org/bugs/?22567> Summary: malloc() can occasionally run into an infinite loop Project: AVR C Runtime Library Submitted by: joerg_wunsch Submitted on: Wednesday 03/12/2008 at 10:54 Category: None Severity: 4 - Important Priority: 5 - Normal Item Group: None Status: None Percent Complete: 0% Assigned to: None Originator Email: Open/Closed: Open Discussion Lock: Any _______________________________________________________ Details: I've seen two reports so far where malloc() eventually ran into an infinite loop. This is caused by the freelist becoming cyclically linked. So far, there's no test case that would reliably reproduce this situation, but it should be investigated what might cause that behaviour so it can be fixed (and hopefully, a regression test could be written as well for it). _______________________________________________________ Reply to this item at: <http://savannah.nongnu.org/bugs/?22567> _______________________________________________ Message sent via/by Savannah http://savannah.nongnu.org/ _______________________________________________ AVR-libc-dev mailing list AVR-libc-dev@... http://lists.nongnu.org/mailman/listinfo/avr-libc-dev
	[bug #22567] malloc() can occasionally run into an infinite loop by Sebastian Gerhardt-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Update of bug #22567 (project avr-libc): Category: None => Library _______________________________________________________ Reply to this item at: <http://savannah.nongnu.org/bugs/?22567> _______________________________________________ Message sent via/by Savannah http://savannah.nongnu.org/ _______________________________________________ AVR-libc-dev mailing list AVR-libc-dev@... http://lists.nongnu.org/mailman/listinfo/avr-libc-dev
	[bug #22567] malloc() can occasionally run into an infinite loop by Sebastian Gerhardt-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Update of bug #22567 (project avr-libc): Release: None => Any _______________________________________________________ Reply to this item at: <http://savannah.nongnu.org/bugs/?22567> _______________________________________________ Message sent via/by Savannah http://savannah.nongnu.org/ _______________________________________________ AVR-libc-dev mailing list AVR-libc-dev@... http://lists.nongnu.org/mailman/listinfo/avr-libc-dev
	[bug #22567] malloc() can occasionally run into an infinite loop by Sebastian Gerhardt-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Update of bug #22567 (project avr-libc): Status: None => Duplicate Assigned to: None => joerg_wunsch Open/Closed: Open => Closed Fixed Release: None => 1.6.5 _______________________________________________________ Follow-up Comment #1: After talking with one of the people whose reports made me file this bug, I'm now reasonably convinced this has been the same thing as bug #25723. _______________________________________________________ Reply to this item at: <http://savannah.nongnu.org/bugs/?22567> _______________________________________________ Message sent via/by Savannah http://savannah.nongnu.org/ _______________________________________________ AVR-libc-dev mailing list AVR-libc-dev@... http://lists.nongnu.org/mailman/listinfo/avr-libc-dev
	[bug #22567] malloc() can occasionally run into an infinite loop by Sebastian Gerhardt-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Follow-up Comment #2, bug #22567 (project avr-libc): Hi, I'm using the cvs head. Is the fix supposed to be applied? In case not, here's a test case to reproduce the bug (see attachment) I'm using a mega128, default memory layout. The addresses won't fit, these are from my real application. Thank you for this precious library. I'm willing to help further. (file #18325) _______________________________________________________ Additional Item Attachment: File name: main.cpp Size:1 KB _______________________________________________________ Reply to this item at: <http://savannah.nongnu.org/bugs/?22567> _______________________________________________ Message sent via/by Savannah http://savannah.nongnu.org/ _______________________________________________ AVR-libc-dev mailing list AVR-libc-dev@... http://lists.nongnu.org/mailman/listinfo/avr-libc-dev
	[bug #22567] malloc() can occasionally run into an infinite loop by Sebastian Gerhardt-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Follow-up Comment #3, bug #22567 (project avr-libc): Yet another testcase, I found out the first was because I freed a ptr twice. I think free should be robust to that but I don't know what ANSI-C specified in that case. The first <<bugAcc()>> trigger the double free bug (infinite loop in malloc) the second <<bugTim>> triggers the another infinite loop, quite possibly because of bug #25723. Yet, I still don't know the current cvs head includes the patch, I checked with the most recent branches (1.6-6) and haven't found significant differences with my version (v 1.5 2009/03/04) (file #18338) _______________________________________________________ Additional Item Attachment: File name: main.cpp Size:3 KB _______________________________________________________ Reply to this item at: <http://savannah.nongnu.org/bugs/?22567> _______________________________________________ Message sent via/by Savannah http://savannah.nongnu.org/ _______________________________________________ AVR-libc-dev mailing list AVR-libc-dev@... http://lists.nongnu.org/mailman/listinfo/avr-libc-dev

	[bug #22567] malloc() can occasionally run into an infinite loop by Sebastian Gerhardt-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message URL: <http://savannah.nongnu.org/bugs/?22567> Summary: malloc() can occasionally run into an infinite loop Project: AVR C Runtime Library Submitted by: joerg_wunsch Submitted on: Wednesday 03/12/2008 at 10:54 Category: None Severity: 4 - Important Priority: 5 - Normal Item Group: None Status: None Percent Complete: 0% Assigned to: None Originator Email: Open/Closed: Open Discussion Lock: Any _______________________________________________________ Details: I've seen two reports so far where malloc() eventually ran into an infinite loop. This is caused by the freelist becoming cyclically linked. So far, there's no test case that would reliably reproduce this situation, but it should be investigated what might cause that behaviour so it can be fixed (and hopefully, a regression test could be written as well for it). _______________________________________________________ Reply to this item at: <http://savannah.nongnu.org/bugs/?22567> _______________________________________________ Message sent via/by Savannah http://savannah.nongnu.org/ _______________________________________________ AVR-libc-dev mailing list AVR-libc-dev@... http://lists.nongnu.org/mailman/listinfo/avr-libc-dev
	[bug #22567] malloc() can occasionally run into an infinite loop by Sebastian Gerhardt-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Update of bug #22567 (project avr-libc): Category: None => Library _______________________________________________________ Reply to this item at: <http://savannah.nongnu.org/bugs/?22567> _______________________________________________ Message sent via/by Savannah http://savannah.nongnu.org/ _______________________________________________ AVR-libc-dev mailing list AVR-libc-dev@... http://lists.nongnu.org/mailman/listinfo/avr-libc-dev
	[bug #22567] malloc() can occasionally run into an infinite loop by Sebastian Gerhardt-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Update of bug #22567 (project avr-libc): Release: None => Any _______________________________________________________ Reply to this item at: <http://savannah.nongnu.org/bugs/?22567> _______________________________________________ Message sent via/by Savannah http://savannah.nongnu.org/ _______________________________________________ AVR-libc-dev mailing list AVR-libc-dev@... http://lists.nongnu.org/mailman/listinfo/avr-libc-dev
	[bug #22567] malloc() can occasionally run into an infinite loop by Sebastian Gerhardt-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Update of bug #22567 (project avr-libc): Status: None => Duplicate Assigned to: None => joerg_wunsch Open/Closed: Open => Closed Fixed Release: None => 1.6.5 _______________________________________________________ Follow-up Comment #1: After talking with one of the people whose reports made me file this bug, I'm now reasonably convinced this has been the same thing as bug #25723. _______________________________________________________ Reply to this item at: <http://savannah.nongnu.org/bugs/?22567> _______________________________________________ Message sent via/by Savannah http://savannah.nongnu.org/ _______________________________________________ AVR-libc-dev mailing list AVR-libc-dev@... http://lists.nongnu.org/mailman/listinfo/avr-libc-dev
	[bug #22567] malloc() can occasionally run into an infinite loop by Sebastian Gerhardt-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Follow-up Comment #2, bug #22567 (project avr-libc): Hi, I'm using the cvs head. Is the fix supposed to be applied? In case not, here's a test case to reproduce the bug (see attachment) I'm using a mega128, default memory layout. The addresses won't fit, these are from my real application. Thank you for this precious library. I'm willing to help further. (file #18325) _______________________________________________________ Additional Item Attachment: File name: main.cpp Size:1 KB _______________________________________________________ Reply to this item at: <http://savannah.nongnu.org/bugs/?22567> _______________________________________________ Message sent via/by Savannah http://savannah.nongnu.org/ _______________________________________________ AVR-libc-dev mailing list AVR-libc-dev@... http://lists.nongnu.org/mailman/listinfo/avr-libc-dev
	[bug #22567] malloc() can occasionally run into an infinite loop by Sebastian Gerhardt-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Follow-up Comment #3, bug #22567 (project avr-libc): Yet another testcase, I found out the first was because I freed a ptr twice. I think free should be robust to that but I don't know what ANSI-C specified in that case. The first <<bugAcc()>> trigger the double free bug (infinite loop in malloc) the second <<bugTim>> triggers the another infinite loop, quite possibly because of bug #25723. Yet, I still don't know the current cvs head includes the patch, I checked with the most recent branches (1.6-6) and haven't found significant differences with my version (v 1.5 2009/03/04) (file #18338) _______________________________________________________ Additional Item Attachment: File name: main.cpp Size:3 KB _______________________________________________________ Reply to this item at: <http://savannah.nongnu.org/bugs/?22567> _______________________________________________ Message sent via/by Savannah http://savannah.nongnu.org/ _______________________________________________ AVR-libc-dev mailing list AVR-libc-dev@... http://lists.nongnu.org/mailman/listinfo/avr-libc-dev