#14376: Heap corruption after AreaTest is run
-----------------------+------------------------------
Reporter: KapiX | Owner: nobody
Type: bug | Status: new
Priority: normal | Milestone: Unscheduled
Component: - General | Version: R1/Development
Keywords: | Blocked By:
Blocking: | Has a Patch: 0
Platform: All |
-----------------------+------------------------------
AreaTest is part of our test suite for Media Kit. [1]
It's fairly simple but has disastrous effect on memory. BApplication tests
crash in hoard later. If it is disabled, everything is fine.
Minimal reproducer:
Add AreaTest contents to TBApplicationTester::BApplication1() at the
beginning and merge TBApplicationTester::BApplication2() with it so that
they are one test case. [2]
It can also be reproduced by running UnitTester with [3] applied (and
AreaTest enabled). It should crash in QuitTest or BApplicationTest.
I suspect it's a VM subsystem issue - `clone_area` is not used a lot in
Haiku (if GitHub search is to be believed only accelerants, BBitmaps and
Media Kit use it).
I tried to debug, but did not get very far:
the crash happens when hoard is traversed, for example here [4].
`chunk->next` is a bogus value (in my tests `0x09090808` - this one
surrounded by other bogus stuff, `0x22` or `0x2222222` - these look like
some memory write didn't go where it should).
[1] https://git.haiku-os.org/haiku/tree/src/tests/kits/media/AreaTest.cpp
[2] https://git.haiku-
os.org/haiku/tree/src/tests/kits/app/bapplication/BApplicationTester.cpp#n55
[3] https://review.haiku-os.org/c/haiku/+/465
[4] https://git.haiku-os.org/haiku/tree/src/system/libroot/posix/malloc
/arch-specific.cpp#n159
--
Ticket URL: <https://dev.haiku-os.org/ticket/14376>
Haiku <https://dev.haiku-os.org>
The Haiku operating system.
