[Serdev] f_malloc.c crash

[Andrei Pelinescu-Onciul]

On Sep 08, 2005 at 10:13, Chuck Ramirez <chuck_ramirez at yahoo.com> wrote:
> Hello all,
> 
> I am using SER 0.8.11-r1 and I am currently facing
> some crashes on f_malloc.c (as you can below).
> 
> #0  0x08071cd5 in fm_malloc (qm=0x80b7400, size=32) at
> mem/f_malloc.c:191
> 191                             if ((*f)->size>=size)
> goto found;
> (gdb) bt
> #0  0x08071cd5 in fm_malloc (qm=0x80b7400, size=32) at
> mem/f_malloc.c:191
> #1  0x08073b26 in parse_headers (msg=0x81206b0,
> flags=256, next=0) at parser/msg_parser.c:271
> #2  0x4419b012 in find_first_route (_m=0x81206b0) at
> loose.c:65
> #3  0x4419ae68 in loose_route (_m=0x81206b0, _s1=0x0,
> _s2=0x0) at loose.c:720
> #4  0x0804de3e in do_action (a=0x80b8f08,
> msg=0x81206b0) at action.c:581
> #5  0x0804f31c in run_actions (a=0x4419f208,
> msg=0x80b8f08) at action.c:632
> 
> Looking at the changes made on this file on CVS I
> noticed that there was a bug fix:
> 
> 2004-07-19  bug fix: s/>/>=/ in fm_insert_free
> (andrei)
> 
> Could this bug fix be related to the crashes I'm
> facing?

No, that had to do with memory fragmentation (in the worst case
 you would run out of memory).

This is most likely not a fm_malloc problem (the code is _very_ stable).
What probably happens is someone overwrites some of the malloc
structures (e.g.: buffer overflow: someone writes more than it has
allocated).

Try re-compiling ser without -DF_MALLOC and with -DDBG_QM_MALLOC (edit
Makefile.defs, make proper; make all). This will use a different malloc
which keeps some debugging info and which tries to checks for possible
buffer overflows, double frees a.s.o.


You should also consider upgrading.

Andrei