when allocating memory with malloc, malloc may currupt previously allocated memory Reproducible: Always Steps to Reproduce: #include <stdint.h> #include <stdio.h> #include <stdlib.h> #include <unistd.h> #include <inttypes.h> #define COUNTMEM_STEP 100 typedef uint16_t lattice_point; uint64_t nclusters_max = COUNTMEM_STEP; uint64_t x; uint64_t y; lattice_point *lattice; int main(int argc, char **argv) { x = atoll(argv[1]); y = atoll(argv[2]); lattice = (lattice_point*)malloc(sizeof(uint8_t) * (x+1) * (y+1)); malloc(sizeof(uint64_t)*nclusters_max); return 1; } Actual Results: (gdb) b 22 Breakpoint 1 at 0x4005a5: file 4.c, line 22. (gdb) run 5 5 Starting program: /mnt/store/home/space/4 5 5 Breakpoint 1, main (argc=3, argv=0x7fffe1bd9f78) at 4.c:22 22 malloc(sizeof(uint64_t)*nclusters_max); (gdb) watch lattice[20] Hardware watchpoint 2: lattice[20] (gdb) c Continuing. Hardware watchpoint 2: lattice[20] Old value = 4049 New value = 817 0x00007f98d96e7729 in ?? () from /lib/libc.so.6 Expected Results: the memory from lattice should not change content I see the same memory corruption on 32 bit linux, only the address at which it happens changes. Seems like a glibc issue, it doesn't happen on a FreeBSD box. glibc 2.9_p20081201-r2 Portage 2.1.6.13 (default/linux/amd64/10.0/desktop, gcc-4.1.2, glibc-2.9_p20081201-r2, 2.6.25-gentoo-r7 x86_64) ================================================================= System uname: Linux-2.6.25-gentoo-r7-x86_64-Intel-R-_Core-TM-2_Duo_CPU_T8300_@_2.40GHz-with-gentoo-1.12.11.1 Timestamp of tree: Tue, 03 Nov 2009 09:30:02 +0000 app-shells/bash: 4.0_p28 dev-java/java-config: 1.3.7-r1, 2.1.9-r1 dev-lang/python: 2.5.4-r3, 2.6.2-r1 dev-python/pycrypto: 2.0.1-r8 dev-util/cmake: 2.6.4-r3 sys-apps/baselayout: 1.12.11.1 sys-apps/sandbox: 1.6-r2 sys-devel/autoconf: 2.13, 2.63-r1 sys-devel/automake: 1.4_p6, 1.5, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10.2 sys-devel/binutils: 2.18-r3 sys-devel/gcc-config: 1.4.1 sys-devel/libtool: 2.2.6a virtual/os-headers: 2.6.27-r2 ACCEPT_KEYWORDS="amd64" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=nocona -O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/config /var/lib/hsqldb" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/splash /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c /etc/udev/rules.d" CXXFLAGS="-march=nocona -O2 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="distlocks fixpackages parallel-fetch protect-owned sandbox sfperms strict unmerge-orphans userfetch" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo" LANG="bg_BG.UTF-8" LC_ALL="bg_BG.UTF-8" LDFLAGS="-Wl,-O1" LINGUAS="bg en en_US" MAKEOPTS="-j 4" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY=" " SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="3dnow X Xaw3d a52 aac acl acpi aim alsa amd64 apm arts bash-completion berkdb bluetooth branding bzip2 cairo calendar cddb cdr cli consolekit cracklib crypt cscope ctype cups curl curlwrappers d dbus dga directfb djvu dri dts dvd dvdr eds emboss encode evo exif expat fam fbcon ffmpeg firefox flac fontconfig fortran gd gdbm gif gimp gnome gnome-keyring gnuplot gnutls gpm gstreamer gtk gtk2 hal iconv icq imagemagick imap ipod jabber jack java jpeg jpeg2k kde kpathsea lame laptop latex ldap libffi libnotify lirc lm_sensors lzo mad mailwrapper mikmod mime mmx modules mozilla mp3 mp4 mpeg mplayer msn mtp mudflap multilib multislot mysql nas ncurses nls nptl nptlonly objc objc++ objc-gc ogg openct opengl openmp pam pcmcia pcre pcsc-lite pdf perl png ppds pppd python qt3support qt4 quicktime rdesktop readline reflection samba sdl session sockets sox spell spl sqlite sse sse2 ssl startup-notification subversion svg sysfs tcpd thunar tiff tk truetype unicode usb v4l v4l2 visualization vnc vorbis wifi x264 xine xinerama xml xmlrpc xorg xulrunner xv xvid yahoo zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="edev keyboard mouse synaptics" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="bg en en_US" USERLAND="GNU" VIDEO_CARDS="nv nvidia vesa" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
> lattice = (lattice_point*)malloc(sizeof(uint8_t) * (x+1) * (y+1)); is wrong, lattice is of type uint16_t. In your example you are requesting 6*6=36 bytes and lattice[20] points to the bytes after the requested memory region.
ah, fuck, thanks. Sorry for waisting your time, I obviously need some sleep.
