>Number:         8986
>Category:       lib
>Synopsis:       Asking malloc(3) for too much memory causes a segfault.
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    lib-bug-people (Library Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Dec 12 15:54:01 1999
>Last-Modified:
>Originator:     Nathan J. Williams
>Organization:
	Massachvsetts Institvte of Technology
>Release:        NetBSD-current of 1999/12/12
>Environment:
System: NetBSD daffy-duck.putnam 1.4P NetBSD 1.4P (DAFFY-DUCK) #11: Sat Nov 27 20:08:23 EST 1999 nathanw@daffy-duck.putnam:/u1/nbsd/src/sys/arch/alpha/compile/DAFFY-DUCK alpha


>Description:
Asking malloc(3) for too much memory causes a segmentation violation, 
even before the memory is accessed.

Without getting into the religious issue of whether malloc() should appear 
to succed or fail when asked for, say, 2^50 bytes of memory, the response
of segfaulting is clearly incorrect.

>How-To-Repeat:
Run the following code on a system with a 64-bit size_t and watch it
segfault; examine the core file and note the crash is inside of malloc(3).

#include <stdio.h>
#include <stdlib.h>

int main()
{

	size_t big;
	void *ptr;

	big = 1L << 50; /* Much too big */
	printf("Before malloc of %qd bytes.\n", (long long) big);
	ptr = malloc(big);
	printf("After malloc.\n");
	free(ptr);
}

>Fix:
	Unknown.
>Audit-Trail:
>Unformatted: