[Sheflug] Re: Segfaults & ld.so wierditude

[Bob Ham <nospam [at] dcs.shef.ac.uk>]

On Wed, 3 May 2000, Matthew John Palmer wrote:

> On Tue, 2 May 2000, Bob Ham wrote:
> 
> > I was under the impression that a segfault was given when an instruction
> > tries to write to a piece of memory it's not allowed to. Surely I'm not
> 
> Technically, no.  The segfault occurs when a memory address can't be
> resolved to a physical address in memory, even after checking swapped out
> pages.

I see.  Learn something every day :)

> > allowed to write over malloc()'s hosuekeeping data?
> 
> Where else is malloc() going to keep it's data?  You've got to remember that
> malloc() is within the purvue of the process, and doesn't have access to any
> memory that any code that you write doesn't have access to (mprotect not
> withstanding).

I assumed the heap was a system-wide thing, with blocks being allocated
all over the heap to processes, as opposed to each process having a
heap.  I'm not that well versed in low-level OS stuff :)


> > >     >> Have you tried Electric Fence and cousins?
> > > 
> > >     Bob> Never heard of it; care to expand on that?
> 
> Immediately segfaults on any access to a memory area not allocated to the
> process' data area.  This is useful because a process can usually fiddle
> with data that it hasn't allocated, but is still in the current memory page.

Is that implemented as a library with its own version of malloc(), or
does it replace glibc's malloc() somehow?

> With this you can determine the instruction that is writing somewhere it
> shouldn't, because running the program in a debugger, the segfault will
> allow you to do a bt and find out the call chain.

Indeed useful; as I say, I assumed that was what you got a segfault for.
If my programs in fact are allowed to write to bits in its page that
aren't allocated to it, that would indeed be helpful.

I have fixed the bug now; it was a double free().  I'd modified a
function to use realloc() instead of a static char array, and assign it
to a char ** arguement, but for some reason I put a free() in there
(yes, I am stupid :)

Many thanks to those who offered advice.

I'll put the fixed code up if anyone is interested in what I'm working
on.  It's a chat-bot system thingy.  It's only got an IRC frontend at
the moment, but when that's finished I'll be working on an infobot type
program to help with IRC meetings.  It is, of course, GPLed :)  It's 
also got a quite a cool (IMHO) typo simulation thing in there.

Many thanks,

Bob

--
Bob Ham:  bob [at] timecity.org   http://flux.mentaltempt.org/~node/
IRC: 'Bob' on irc.openprojects.net: #Slashdot #TimeCity
ICQ: 4396425 'The Tek' & 27699423 'The Tek.'

Time City Level Designer
Time City: http://www.timecity.org/
My work: http://flux.mentaltempt.org/~node/tc/

This email is Copyright (C) 2000 Robert Ham.  Copyright is protected in law
in the UK and by treaty in other countries. Permission to reproduce is
strictly forbidden.  If you wish to reproduce this email's content, please
apply by email to bob [at] timecity.org.


---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word 
 "unsubscribe" in the body of the message. 

  GNU the choice of a complete generation.