Bug #2344
closed
dmalloc assertion: (*bmp & (1LU << bno)) == 0 in memfree
0%
Description
When running zsh an assertion is shown each time zsh is closed.
DragonFly version is v3.0.2.23.g17720-RELEASE an X86_64.
Updated by xbit about 12 years ago
I found an example that can be used to reproduce this error: https://bugs.dragonflybsd.org/pastes/29.
When realloc() is called with the new size (8), then in dmalloc.c the memalloc() function returns a new object and the old one is removed with memfree() which runs into this assertion.
Updated by vsrinivas about 12 years ago
Hi,
I believe the test program posted above is wrong. Specifically, after realloc(), it checks if the original pointer, not the new return from realloc, is nonzero, and then free()s. This is not okay -- after a nonzero return from realloc, the original pointer has been released and is no longer valid.
Thanks,
Updated by xbit about 12 years ago
Thanks for pointing this out. You are right. Unfortunately I didn't look close enough on the code.
I guess then the zsh core dump might be also a double free problem and I have to look at the zsh code.
Updated by xbit about 12 years ago
Sorry for the noise. This seems to be zsh problem. When using zsh-current from pkgsrc (version 4.3.12), this error does not occur.
Updated by xbit about 12 years ago
- Status changed from New to Closed
As this is not a DragonFly problem, close this issue.