Bug #2344

dmalloc assertion: (*bmp & (1LU << bno)) == 0 in memfree

Added by xbit over 2 years ago. Updated over 2 years ago.

Status:ClosedStart date:04/07/2012
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:-
Target version:-

Description

When running zsh an assertion is shown each time zsh is closed.

DragonFly version is v3.0.2.23.g17720-RELEASE an X86_64.

History

#1 Updated by xbit over 2 years ago

I found an example that can be used to reproduce this error: https://bugs.dragonflybsd.org/pastes/29.

When realloc() is called with the new size (8), then in dmalloc.c the memalloc() function returns a new object and the old one is removed with memfree() which runs into this assertion.

#2 Updated by vsrinivas over 2 years ago

Hi,

I believe the test program posted above is wrong. Specifically, after realloc(), it checks if the original pointer, not the new return from realloc, is nonzero, and then free()s. This is not okay -- after a nonzero return from realloc, the original pointer has been released and is no longer valid.

Thanks,

#3 Updated by xbit over 2 years ago

Thanks for pointing this out. You are right. Unfortunately I didn't look close enough on the code.

I guess then the zsh core dump might be also a double free problem and I have to look at the zsh code.

#4 Updated by xbit over 2 years ago

Sorry for the noise. This seems to be zsh problem. When using zsh-current from pkgsrc (version 4.3.12), this error does not occur.

#5 Updated by xbit over 2 years ago

  • Status changed from New to Closed

As this is not a DragonFly problem, close this issue.

Also available in: Atom PDF