[openbeosnetteam] Re: Another crash...

"David Reid" <dreid@xxxxxxxxxxxx> wrote:
>OK, so any ideas about what would be casuing this??? The server ran like a
>banshee until this point :)

>00000000  0016bbcf  _malloc_internal+014b
>fd005cb4  0016ca24  _malloc+002c
>fd005cd8  00133c4a  malloc+0016

This *must* be a buffer over- or underrun. Somehow you managed to corrupt
memory before or after a allocated piece of memory, containing memory
management data used by malloc/free.
Solution:
Write your own malloc/free functions, allocating a unused area before and 
after each memory block, fill it with something useful, like 0xDEADC0DE
and each time malloc/free gets used, check if its unchanged.

An other way to trap this (needs much more memory, but will detect the fault 
imediately):
Find a large unused address space first.
Now, each time that malloc is called, allocate always a full memory page or 
more for the buffer,
and make sure that the next byte after the buffer is an unmapped memory page.

char * startadr=0x12345678; //needs to be determined first!

char *malloc (int size)
{
        int realsize = (size + 4 + B_PAGE_SIZE - 1) & B_PAGE_SIZE;
        char *adr = startadr;
        create_area(adr,newsize,B_EXACT_ADRESS);
        *(uint32*)adr = 0xDEADC0DE;
        startadr += realsize + B_PAGE_SIZE;
        adr += realsize - size;
        return adr;
}

free(void *ptr)
{
        char *staradr = ((char *)ptr - 4) & B_PAGE_SIZE;
        if (*(uint32*)startadr != 0xDEADC0DE)
                *(char*)0 = 0; // crash into debugger
        delete_area(area_for(startadr));
}


This may still contain some bugs, but should be a way to fault on a buffer 
overrun
immediately.

regards
Marcus

Other related posts: