#47 top-3.8beta1 improper use of free() on Solaris

v3.8beta
open
nobody
5
2010-03-07
2010-03-07
Ian Donaldson
No

I found that top-3.8beta1 sometimes hung on Solaris.

This was tracked to malloc arena corruption due to improper use of
free() in the thread handling code.

This shows up immediately when debugging when using libumem...

eg: on Solaris 9/x86...

$ env LD_PRELOAD=/usr/lib/libumem.so.1 UMEM_DEBUG=guards,verbose ./top
free(807de00): invalid or corrupted buffer
stack trace:
libumem.so.1'?? (0xceb42f20)
libumem.so.1'free+0x4c
top'getptable+0x22f
top'get_process_info+0x5c
top'main+0x43f
top'_start+0x5d
Abort

free() was being handed a pointer that wasn't at the start
of the malloc()'d block.

I attach a patch to fix this.

Discussion

  • Ian Donaldson
    Ian Donaldson
    2010-03-07

    free() fix for Solaris

     
    Attachments