Sample example program to get the malloc consolida

2020-07-23 03:36发布

I want to test the mcheck functionality on my PC first to detect the malloc consolidate error. This way, i will be sure that this will help to figure out a similar crash on embedded-linux box. Unfortunately, the crash takes atleast 3-4 days. Thus, I am looking for a sample program that will generate the similar kind of crash as shown below.

 Program terminated with signal 6, Aborted.
#0  0x2c73ebb8 in __syscall_kill (pid=900, sig=6) at kill.c:15
15  static inline _syscall2(int, __syscall_kill, __kernel_pid_t, pid,
int, sig);
Current language:  auto; currently c
#0  0x2c73ebb8 in __syscall_kill (pid=900, sig=6) at kill.c:15
    __res = 716485696
    __err = 16
#1  0x2c73eb5c in kill (pid=900, sig=6) at kill.c:19
No locals.
#2  0x2aafb2e0 in pthread_kill (thread=900, signo=6) at signals.c:73
    handle = (pthread_handle) 0x2ab3f2e0
    pid = 900
#3  0x2aafbbb8 in raise (sig=6) at signals.c:241
    retcode = 6
#4  0x2c730a5c in abort () at abort.c:94
    sigset = {__val = {32, 0 <repeats 31 times>}}
#5  0x2c738054 in __malloc_consolidate (av=0x2c798860) at free.c:227
    fb = (mfastbinptr *) 0x2c798864
    maxfb = (mfastbinptr *) 0x2c798880
    p = (mchunkptr) 0x2c798894
    nextp = (mchunkptr) 0x4a2b2948
    unsorted_bin = (mchunkptr) 0x2c798894
    first_unsorted = (mchunkptr) 0x4a22f7e0
    nextchunk = (mchunkptr) 0x2c798894
    size = 0
    nextsize = 0
    prevsize = 0
    nextinuse = 1
    bck = (mchunkptr) 0x4a2b2948
    fwd = (mchunkptr) 0x4a2b2948
#6  0x2c735ff0 in __malloc_inner (bytes=300) at malloc.c:912
    av = (mstate) 0x2c798860
    nb = 304
    idx = 32
    bin = (mbinptr) 0x2ac0dab4
    fb = (mfastbinptr *) 0x2ae11e50
    victim = (mchunkptr) 0x2ac0d9a4
    size = 719396432
    victim_index = 718311332
    remainder = (mchunkptr) 0x49759b58
    remainder_size = 40000
    block = 719396432
    bit = 718500504
    map = 719396432
    fwd = (mchunkptr) 0x1
    bck = (mchunkptr) 0x4a2164ac
    sysmem = (void *) 0x4975c9ac
#7  0x2c736c18 in malloc (bytes=300) at malloc.c:1172

4条回答
▲ chillily
2楼-- · 2020-07-23 04:06

That's because your program destroyed the data structure of memory management used by libc malloc/free. malloc/free has its own data residents in user program space to keep track on the list of allocated/freed space in different chunk size. Somehow, maybe your program has buffer overrun or unsafe random access that modified the data or pointer of memory management. And at the time point of your program calling malloc/free, it uses wrong address and cause the segfault or abort.

Running valgrind is extremely slow. Maybe you can try setenv MALLOC_CHECK_ to 1 and run your program to see any diagnosis message first.

查看更多
相关推荐>>
3楼-- · 2020-07-23 04:22

Is this what you are asking for?

#include <stdio.h>
#include <stdlib.h>

int main(int argc, char **argv)
{
    int *num = malloc(sizeof(int));
    int *num2 = num;
    free(num);
    free(num2);
    printf("End\n");
    return 0;
}
查看更多
Rolldiameter
4楼-- · 2020-07-23 04:23

Example if you create a heap named *txt with size 100 char.

char *txt = malloc(100*sizeof(char));

Then by mistake reasign smaller variable to that pointer:

char a;
txt = a;

Then trying to assign a normal text into the faulty heap;

strcpy ("text",txt);

Could be that you need to trace the variable (pointer) and check every reassignment.

查看更多
啃猪蹄的小仙女
5楼-- · 2020-07-23 04:25
#include <stdio.h>
#include <stdlib.h>

int main(int argc, char **argv)
{
    int *num1 = malloc(sizeof(int));
    int *num2 = malloc(sizeof(int));
    int *num3 = malloc(sizeof(int));
    int *num4 = malloc(sizeof(int));
    int *num5 = malloc(sizeof(int));

    free(num1);
    free(num3);
    free(num4);
    free(num2);
    free(num5);
    printf("End\n");
    return 0;
}
查看更多
登录 后发表回答