DWB tbl bug!! HELP
Head UNIX Hacquer
clyde at ut-ngp.UUCP
Thu Feb 6 01:16:05 AEST 1986
> The problem arises when something scribbles 4 bytes into the input
> buffer of (FILE *)tabin.
> It occurs during the call to frearr() after the first table
> finishes printing when the alloc'd memory is freed.
> I think the problem is caused by the allocation at line 291 of t4.c
> in routine garray() and the problem seems to have gone away by increasing
> the allocation to 'sep' by one int.:
> sep = (int *) getcore(qcol+2, sizeof(int));
==> sep++; /* sep[-1] must be legal */
The actual problem is in freearr() on line 321:
cfree(sep);
--- should be
cfree(--sep);
Because of the 'sep++;' (pointed to above). Malloc stores the size of
the chunk allocated in the previous word and if you don't free()
(which is all that cfree() really is) the SAME memory address that
you are given by malloc()/calloc(), free() does not get the proper
size of the memory chunk being freed.
This ends up corrupting malloc's allocation arena. If you are lucky,
causes buffering problems and if you are not lucky, segmentation faults
or bus errors.
--
Shouter-To-Dead-Parrots @ Univ. of Texas Computation Center; Austin, Texas
"If you can't say something nice, say something surrealistic"
- Zippy the Pinhead
clyde at ngp.UTEXAS.EDU, clyde at sally.UTEXAS.EDU
...!ihnp4!ut-ngp!clyde, ...!allegra!ut-ngp!clyde
More information about the Net.bugs
mailing list