[openbeosnetteam] Re: Another crash...

• From: "David Reid" <dreid@xxxxxxxxxxxx>
• To: <openbeosnetteam@xxxxxxxxxxxxx>
• Date: Tue, 19 Mar 2002 13:36:35 -0000

Thanks! I was coming to the same conclusion.

I'm off out shopping and then I'll give it a try. We don't use malloc/free
much so it shouldn't be too hard.

BTW, first packets sent in reply to a ping request just sent :)

Of course when it crashes after about 3 packets it's not really fun!

david

----- Original Message -----
From: "Marcus Overhagen" <dos4gw@xxxxxx>
To: <openbeosnetteam@xxxxxxxxxxxxx>
Sent: Tuesday, March 19, 2002 1:31 PM
Subject: [openbeosnetteam] Re: Another crash...


> "David Reid" <dreid@xxxxxxxxxxxx> wrote:
> >OK, so any ideas about what would be casuing this??? The server ran like
a
> >banshee until this point :)
>
> >00000000  0016bbcf  _malloc_internal+014b
> >fd005cb4  0016ca24  _malloc+002c
> >fd005cd8  00133c4a  malloc+0016
>
> This *must* be a buffer over- or underrun. Somehow you managed to corrupt
> memory before or after a allocated piece of memory, containing memory
> management data used by malloc/free.
> Solution:
> Write your own malloc/free functions, allocating a unused area before and
> after each memory block, fill it with something useful, like 0xDEADC0DE
> and each time malloc/free gets used, check if its unchanged.
>
> An other way to trap this (needs much more memory, but will detect the
fault imediately):
> Find a large unused address space first.
> Now, each time that malloc is called, allocate always a full memory page
or more for the buffer,
> and make sure that the next byte after the buffer is an unmapped memory
page.
>
> char * startadr=0x12345678; file://needs to be determined first!
>
> char *malloc (int size)
> {
> int realsize = (size + 4 + B_PAGE_SIZE - 1) & B_PAGE_SIZE;
> char *adr = startadr;
> create_area(adr,newsize,B_EXACT_ADRESS);
> *(uint32*)adr = 0xDEADC0DE;
> startadr += realsize + B_PAGE_SIZE;
> adr += realsize - size;
> return adr;
> }
>
> free(void *ptr)
> {
> char *staradr = ((char *)ptr - 4) & B_PAGE_SIZE;
> if (*(uint32*)startadr != 0xDEADC0DE)
> *(char*)0 = 0; // crash into debugger
> delete_area(area_for(startadr));
> }
>
>
> This may still contain some bugs, but should be a way to fault on a buffer
overrun
> immediately.
>
> regards
> Marcus
>
>

• References:
  • [openbeosnetteam] Re: Another crash...
    • From: Marcus Overhagen

Other related posts:

• » [openbeosnetteam] Another crash...
• » [openbeosnetteam] Re: Another crash...
• » [openbeosnetteam] Re: Another crash...
• » [openbeosnetteam] Re: Another crash...
• » [openbeosnetteam] Re: Another crash...
• » [openbeosnetteam] Re: Another crash...

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page

• » View list details
• » Manage your subscription