Bug #2344
closed
dmalloc assertion: (*bmp & (1LU << bno)) == 0 in memfree
Added by xbit about 12 years ago.
Updated about 12 years ago.
Description
When running zsh an assertion is shown each time zsh is closed.
DragonFly version is v3.0.2.23.g17720-RELEASE an X86_64.
I found an example that can be used to reproduce this error: https://bugs.dragonflybsd.org/pastes/29.
When realloc() is called with the new size (8), then in dmalloc.c the memalloc() function returns a new object and the old one is removed with memfree() which runs into this assertion.
Hi,
I believe the test program posted above is wrong. Specifically, after realloc(), it checks if the original pointer, not the new return from realloc, is nonzero, and then free()s. This is not okay -- after a nonzero return from realloc, the original pointer has been released and is no longer valid.
Thanks,
Thanks for pointing this out. You are right. Unfortunately I didn't look close enough on the code.
I guess then the zsh core dump might be also a double free problem and I have to look at the zsh code.
Sorry for the noise. This seems to be zsh problem. When using zsh-current from pkgsrc (version 4.3.12), this error does not occur.
- Status changed from New to Closed
As this is not a DragonFly problem, close this issue.
Also available in: Atom
PDF
Updated by 
Updated by