Updated to fedora-glibc-20090409T1422
[glibc/history.git] / malloc / mallocbug.c
blob84a6387954ad2a137ad23e988ee59f4f4de5b91e
1 /* Reproduce a GNU malloc bug. */
2 #include <malloc.h>
3 #include <stdio.h>
4 #include <string.h>
6 #define size_t unsigned int
8 int
9 main (int argc, char *argv[])
11 char *dummy0;
12 char *dummy1;
13 char *fill_info_table1;
14 char *over_top;
15 size_t over_top_size = 0x3000;
16 char *over_top_dup;
17 size_t over_top_dup_size = 0x7000;
18 char *x;
19 size_t i;
21 /* Here's what memory is supposed to look like (hex):
22 size contents
23 3000 original_info_table, later fill_info_table1
24 3fa000 dummy0
25 3fa000 dummy1
26 6000 info_table_2
27 3000 over_top
30 /* mem: original_info_table */
31 dummy0 = malloc (0x3fa000);
32 /* mem: original_info_table, dummy0 */
33 dummy1 = malloc (0x3fa000);
34 /* mem: free, dummy0, dummy1, info_table_2 */
35 fill_info_table1 = malloc (0x3000);
36 /* mem: fill_info_table1, dummy0, dummy1, info_table_2 */
38 x = malloc (0x1000);
39 free (x);
40 /* mem: fill_info_table1, dummy0, dummy1, info_table_2, freexx */
42 /* This is what loses; info_table_2 and freexx get combined unbeknownst
43 to mmalloc, and mmalloc puts over_top in a section of memory which
44 is on the free list as part of another block (where info_table_2 had
45 been). */
46 over_top = malloc (over_top_size);
47 over_top_dup = malloc (over_top_dup_size);
48 memset (over_top, 0, over_top_size);
49 memset (over_top_dup, 1, over_top_dup_size);
51 for (i = 0; i < over_top_size; ++i)
52 if (over_top[i] != 0)
54 printf ("FAIL: malloc expands info table\n");
55 return 0;
58 for (i = 0; i < over_top_dup_size; ++i)
59 if (over_top_dup[i] != 1)
61 printf ("FAIL: malloc expands info table\n");
62 return 0;
65 printf ("PASS: malloc expands info table\n");
66 return 0;