Discussion:
amd64 :: SIGABRT in malloc()
B S Srinidhi
2006-03-16 10:28:50 UTC
Permalink
Hi,

I'm new to this list, but I've searched the archives (a little bit) to
find a solution to my problem and haven't found anything.

I've an application running on an amd64 machine. This app crashes while
allocating memory of size 300:

suffix = malloc(sizeof(char) * 300);

When run under GDB, I get the following bt:

*** glibc detected *** malloc(): memory corruption: 0x00000000005343f0 ***

Program received signal SIGABRT, Aborted.
0x0000002a96214de0 in raise () from /lib/libc.so.6
(gdb) where
#0 0x0000002a96214de0 in raise () from /lib/libc.so.6
#1 0x0000002a96216290 in abort () from /lib/libc.so.6
#2 0x0000002a9624b06e in __fsetlocking () from /lib/libc.so.6
#3 0x0000002a962518fa in free () from /lib/libc.so.6
#4 0x0000002a96252d4b in malloc () from /lib/libc.so.6
<snipped>

Any ideas as to why this could be happening? How can I debug this
problem? And why is malloc() calling free()?

Any help or pointers would be of great help.

Srinidhi.
--
ASCII ribbon campaign ( ) B S Srinidhi
- against HTML email X http://srinidhi.deeproot.co.in
& vCards / \ DeepRoot Linux

-
To unsubscribe from this list: send the line "unsubscribe linux-c-programming" in
the body of a message to ***@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Mihai Dontu
2006-03-16 10:38:25 UTC
Permalink
Post by B S Srinidhi
Hi,
I'm new to this list, but I've searched the archives (a little bit) to
find a solution to my problem and haven't found anything.
I've an application running on an amd64 machine. This app crashes while
suffix = malloc(sizeof(char) * 300);
*** glibc detected *** malloc(): memory corruption: 0x00000000005343f0 ***
Program received signal SIGABRT, Aborted.
0x0000002a96214de0 in raise () from /lib/libc.so.6
(gdb) where
#0 0x0000002a96214de0 in raise () from /lib/libc.so.6
#1 0x0000002a96216290 in abort () from /lib/libc.so.6
#2 0x0000002a9624b06e in __fsetlocking () from /lib/libc.so.6
#3 0x0000002a962518fa in free () from /lib/libc.so.6
#4 0x0000002a96252d4b in malloc () from /lib/libc.so.6
<snipped>
Any ideas as to why this could be happening? How can I debug this
problem? And why is malloc() calling free()?
Any help or pointers would be of great help.
Srinidhi.
Since you managed to get a stack trace (thus using a program
that malloc()-s on its own) you can conclude there is nothing
wrong with malloc(). But there might be a heap corruption in
your program. Depends on what your program was doing before
this.

M.D.
--
This message was scanned for spam and viruses by BitDefender.
For more information please visit http://www.bitdefender.com/

-
To unsubscribe from this list: send the line "unsubscribe linux-c-programming" in
the body of a message to ***@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
B S Srinidhi
2006-03-16 10:52:27 UTC
Permalink
Hi,

Thanks alot for the quick reply. :)
Post by Mihai Dontu
Since you managed to get a stack trace (thus using a program
that malloc()-s on its own) you can conclude there is nothing
wrong with malloc(). But there might be a heap corruption in
your program. Depends on what your program was doing before
this.
Even I thought so, but this program has stopped working after a recent
(a couple of months back) update of libc6. So was wondering if that
could have caused this problem. I had no issues running this same
program in the older libc (sorry I don't remember the version of the
older libc).

The current version of libc is: 2.3.6-3.

Srinidhi.
--
ASCII ribbon campaign ( ) B S Srinidhi
- against HTML email X http://srinidhi.deeproot.co.in
& vCards / \ DeepRoot Linux

-
To unsubscribe from this list: send the line "unsubscribe linux-c-programming" in
the body of a message to ***@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
k***@wipro.com
2006-03-16 10:53:35 UTC
Permalink
Is it failing while allocating or while trying to use the allocated
memory ??

Because if it fails it is supposed to return NULL,

The kind of error usually signifies the heap corruption(from the man of
malloc), can u tell us wht is the value of MALLOC_CHECK_ environment
variable value, please set it to 1 and run the program again..

-Vamsi

-----Original Message-----
From: linux-c-programming-***@vger.kernel.org
[mailto:linux-c-programming-***@vger.kernel.org] On Behalf Of B S
Srinidhi
Sent: Thursday, March 16, 2006 3:59 PM
To: linux-c-***@vger.kernel.org
Subject: amd64 :: SIGABRT in malloc()


Hi,

I'm new to this list, but I've searched the archives (a little bit) to
find a solution to my problem and haven't found anything.

I've an application running on an amd64 machine. This app crashes while
allocating memory of size 300:

suffix = malloc(sizeof(char) * 300);

When run under GDB, I get the following bt:

*** glibc detected *** malloc(): memory corruption: 0x00000000005343f0
***

Program received signal SIGABRT, Aborted.
0x0000002a96214de0 in raise () from /lib/libc.so.6
(gdb) where
#0 0x0000002a96214de0 in raise () from /lib/libc.so.6
#1 0x0000002a96216290 in abort () from /lib/libc.so.6
#2 0x0000002a9624b06e in __fsetlocking () from /lib/libc.so.6 #3
0x0000002a962518fa in free () from /lib/libc.so.6 #4 0x0000002a96252d4b
in malloc () from /lib/libc.so.6 <snipped>

Any ideas as to why this could be happening? How can I debug this
problem? And why is malloc() calling free()?

Any help or pointers would be of great help.

Srinidhi.
--
ASCII ribbon campaign ( ) B S Srinidhi
- against HTML email X http://srinidhi.deeproot.co.in
& vCards / \ DeepRoot Linux

-
To unsubscribe from this list: send the line "unsubscribe
linux-c-programming" in the body of a message to
***@vger.kernel.org More majordomo info at
http://vger.kernel.org/majordomo-info.html
-
To unsubscribe from this list: send the line "unsubscribe linux-c-programming" in
the body of a message to ***@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Glynn Clements
2006-03-16 10:55:57 UTC
Permalink
Post by B S Srinidhi
I'm new to this list, but I've searched the archives (a little bit) to
find a solution to my problem and haven't found anything.
I've an application running on an amd64 machine. This app crashes while
suffix = malloc(sizeof(char) * 300);
*** glibc detected *** malloc(): memory corruption: 0x00000000005343f0 ***
Program received signal SIGABRT, Aborted.
0x0000002a96214de0 in raise () from /lib/libc.so.6
(gdb) where
#0 0x0000002a96214de0 in raise () from /lib/libc.so.6
#1 0x0000002a96216290 in abort () from /lib/libc.so.6
#2 0x0000002a9624b06e in __fsetlocking () from /lib/libc.so.6
#3 0x0000002a962518fa in free () from /lib/libc.so.6
#4 0x0000002a96252d4b in malloc () from /lib/libc.so.6
<snipped>
Any ideas as to why this could be happening?
The heap has been corrupted, e.g. due to a buffer overrun.
Post by B S Srinidhi
How can I debug this problem?
Tracking down heap corruption can be awkward, as the error won't
usually occur until some time later. There are some hints in the glibc
Info file regarding the use of mprobe(). Another possibility is
Electric Fence (libefence).
Post by B S Srinidhi
And why is malloc() calling free()?
I don't know about that. It may just indicate incomplete debugging
information in libc.
--
Glynn Clements <***@gclements.plus.com>
-
To unsubscribe from this list: send the line "unsubscribe linux-c-programming" in
the body of a message to ***@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
B S Srinidhi
2006-03-17 06:14:23 UTC
Permalink
Hi,
Post by Glynn Clements
The heap has been corrupted, e.g. due to a buffer overrun.
Thanks a lot for the tip-off. :) After reading this and a suggestion
from one of my friends, I ran the program in valgrind.

/me still wondering why didn't he think of that earlier.
Post by Glynn Clements
Post by B S Srinidhi
How can I debug this problem?
Tracking down heap corruption can be awkward, as the error won't
usually occur until some time later. There are some hints in the glibc
You are absolutely right. Such a crash occurs much later the culprit
have left the scene. Policing such a thing is quite difficult.
Post by Glynn Clements
Info file regarding the use of mprobe(). Another possibility is
Electric Fence (libefence).
mcheck() and mprobe() didn't help me much (or I didn't know what to
infer from their output :D)

I used valgrind instead, and it pointed out a specific error that caught
my attention:

Address 0x6BE0300 is 0 bytes after a block of size 432 alloc'd

This error was being generated at a place where I was allocating a
structure (much before the actual crash) and without checking the return
value of malloc(), data was written into the structure. Which caused all
the problem.

Now I'm trying to analyze the output of valgrind and doing some more
checks on the code.

Thanks a lot everyone who responded to my post. :D

Srinidhi.
--
ASCII ribbon campaign ( ) B S Srinidhi
- against HTML email X http://srinidhi.deeproot.co.in
& vCards / \ DeepRoot Linux

-
To unsubscribe from this list: send the line "unsubscribe linux-c-programming" in
the body of a message to ***@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Loading...