current-users: Re: Can malloc return invalid memory?

Subject: Re: Can malloc return invalid memory?
To: Manuel Bouyer <bouyer@antioche.lip6.fr>
From: D'Arcy J.M. Cain <darcy@druid.net>
List: current-users
Date: 04/02/2000 22:42:19
Thus spake Manuel Bouyer
> On Sun, Apr 02, 2000 at 06:16:48AM -0400, D'Arcy J.M. Cain wrote:
> > I know it sounds like an odd question but I have a very weird problem
> > with Python running on -current (1.4X) as of a few days ago and, in
> > fact, I have been struggling with this for a few weeks.  Here is the
> > code from stringobject.c in Python.  For clarity I removed some code
> > that was ifdef'd out and even if it wasn't I'm pretty sure it never
> > got hit since I know it reached the code below.
> > 
> > PyObject *
> > PyString_FromStringAndSize(str, size)
> >     const char *str;
> >     int size;
> > {   
> >     register PyStringObject *op;
> >     op = (PyStringObject *)
> >         malloc(sizeof(PyStringObject) + size * sizeof(char));
> >     if (op == NULL)
> >         return PyErr_NoMemory();
> >     op->ob_type = &PyString_Type;
> > 
> > GDB tells me the following.
> > 
> > #0  PyString_FromStringAndSize (
> >     str=0x9164f47 "2000:04:01:13:57:10:EST 200 931 /images/refnews.gif",
> >     size=23) at stringobject.c:99
> > 
> > So I know that there is a string at least 23 characters and the size request
> > is 23.  At this point the string is irrelevant anyway.
> > 
> > The program crashes on that last line with:
> > 
> > Program terminated with signal 11, Segmentation fault.
> > 
> > The value of op is 0x9233000.  When I try to print op->ob_type I get
> > the following.
> > 
> > (gdb) p op->ob_type
> > Cannot access memory at address 0x9233004.
> > 
> > So malloc has not returned NULL but the space it does return seems to be
> > innaccessible to the program.  The only thing that is perhaps different
> > about my script is that it has huge memory requirements but malloc didn't
> > return an error so it isn't a matter of running out of memory.
> 
> How much memory does your program have when this happen ?

Well, when I say "huge" I mean in comparison to other programs.  It only
winds up being about 20 to 30 MB.  Swap never gets past 2 or 3% usage
while it runs.  It does go to the memory pool hundreds of thousands of
times though.

-- 
D'Arcy J.M. Cain <darcy@{druid|vex}.net>   |  Democracy is three wolves
http://www.druid.net/darcy/                |  and a sheep voting on
+1 416 425 1212     (DoD#0082)    (eNTP)   |  what's for dinner.