Subject: bin/3848: [dM] malloc-buffer overrun in make
To: None <gnats-bugs@gnats.netbsd.org>
From: der Mouse <mouse@Rodents.Montreal.QC.CA>
List: netbsd-bugs
Date: 07/09/1997 12:35:05
>Number: 3848
>Category: bin
>Synopsis: [dM] malloc-buffer overrun in make
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: bin-bug-people (Utility Bug People)
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Wed Jul 9 09:50:02 1997
>Last-Modified:
>Originator: der Mouse
>Organization:
Dis-
>Release: -current supped 1997-07-08 AM
>Environment:
SPARC IPC (though I suspect it doesn't matter)
>Description:
With a source tree supped July 8th AM, I started to move from
slightly-post-1.2 to -current on this IPC. I installed
<sys/cdefs.h> by hand, rebuilt make, rebuilt config, rebuilt
and installed a new kernel, and rebooted. So far so good.
Then I did a "make build"...and make cored in lib/libkvm doing
"make includes". This was repeatable; if I ran a make includes
in that directory by hand, I got another core from make.
gdb reported a traceback indicating it cored in malloc.
Suspecting a buffer overrun, I did the following to
usr.bin/make/main.c:
--- /sources/latest-usr-src/usr.bin/make/main.c Tue Jul 8 11:34:55 1997
+++ /usr/src/usr.bin/make/main.c Wed Jul 9 12:19:32 1997
@@ -1177,8 +1177,16 @@
size_t len;
{
void *p;
+ static int slop = -1;
- if ((p = malloc(len)) == NULL)
+ if (slop < 0)
+ { char *v;
+ v = getenv("MALLOC_SLOP");
+ if (v) slop = atoi(v);
+ if (slop < 1) slop = 0;
+ }
+
+ if ((p = malloc(len+slop)) == NULL)
enomem();
return(p);
}
With this hack in place, setting MALLOC_SLOP to 1 in the
environment made the coredump in lib/libkvm go away, hence my
belief that it's a buffer overrun somewhere in make. (I also
rebuilt make with -g instead of -O, which did not change
anything.) Note make was being (dynamically) linked with my
slightly-post-1.2 libc's version of malloc, though that
shouldn't make any difference.
I do not currently know more. If and when I discover more, I
will send in an addendum to this PR.
I'll be glad to send any relevant files' revision numbers to
anyone who asks.
>How-To-Repeat:
Run "make includes" in /usr/src/lib/libkvm on callisto. :-)
>Fix:
Unknown as yet - see above. As a workaround, apply the above
patch and setenv MALLOC_SLOP 1. :-(
der Mouse
mouse@rodents.montreal.qc.ca
7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
>Audit-Trail:
>Unformatted: