Subject: lib/8986: Asking malloc(3) for too much memory causes a segfault
To: None <gnats-bugs@gnats.netbsd.org>
From: None <nathanw@mit.edu>
List: netbsd-bugs
Date: 12/12/1999 15:55:16
>Number: 8986
>Category: lib
>Synopsis: Asking malloc(3) for too much memory causes a segfault.
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: lib-bug-people (Library Bug People)
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sun Dec 12 15:54:01 1999
>Last-Modified:
>Originator: Nathan J. Williams
>Organization:
Massachvsetts Institvte of Technology
>Release: NetBSD-current of 1999/12/12
>Environment:
System: NetBSD daffy-duck.putnam 1.4P NetBSD 1.4P (DAFFY-DUCK) #11: Sat Nov 27 20:08:23 EST 1999 nathanw@daffy-duck.putnam:/u1/nbsd/src/sys/arch/alpha/compile/DAFFY-DUCK alpha
>Description:
Asking malloc(3) for too much memory causes a segmentation violation,
even before the memory is accessed.
Without getting into the religious issue of whether malloc() should appear
to succed or fail when asked for, say, 2^50 bytes of memory, the response
of segfaulting is clearly incorrect.
>How-To-Repeat:
Run the following code on a system with a 64-bit size_t and watch it
segfault; examine the core file and note the crash is inside of malloc(3).
#include <stdio.h>
#include <stdlib.h>
int main()
{
size_t big;
void *ptr;
big = 1L << 50; /* Much too big */
printf("Before malloc of %qd bytes.\n", (long long) big);
ptr = malloc(big);
printf("After malloc.\n");
free(ptr);
}
>Fix:
Unknown.
>Audit-Trail:
>Unformatted: