Return to BSD News archive
Newsgroups: comp.bugs.2bsd Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!news.rmit.EDU.AU!news.unimelb.EDU.AU!munnari.OZ.AU!news.hawaii.edu!ames!usenet.kornet.nm.kr!usenet.etri.re.kr!news.kreonet.re.kr!usenet.seri.re.kr!news.cais.net!news.mathworks.com!news.kei.com!nntp.coast.net!oleane!jussieu.fr!math.ohio-state.edu!uwm.edu!lll-winken.llnl.gov!enews.sgi.com!sgigate.sgi.com!news.msfc.nasa.gov!europa.chnt.gtegsc.com!wlbr!moe!sms From: sms@moe.2bsd.com (Steven M. Schultz) Subject: mkfs MAXFN too small, malloc(3) debug mode broken (#318) Organization: 2BSD, Simi Valley CA USA Message-ID: <Dr4DuD.8yC@moe.2bsd.com> Date: Thu, 9 May 1996 04:01:24 GMT Lines: 234 Subject: mkfs MAXFN too small, malloc(3) debug mode broken (#318) Index: etc/mkfs.c,lib/libc/gen/malloc.c 2.11BSD Description: 1) The maximum freelist modulus limit of 500 is too small. 2) If malloc(3) is compiled with the 'debug' option on the 'botch' macro can recursively be called causing a stack underflow. Repeat-By: 1) Have a disk with 68 sectors per track and 15 heads. The freelist modulus should be 510 (68 * 15 / 2) but is instead being limited to 500. 2) Run a program which corrupts the malloc arena and then calls malloc. Note that you do not see the 'assertion failed' message just before the program dumps core. Further note that the stack has been pushed down immediately adjacent to the data segment. Fix: The two problems are unrelated. The fixes were lumped together in one patch because they are both small. The C library does *not* need to be recompiled at this time. The change to malloc.c is intended for those cases where a copy of malloc.c is made for local compilation when debugging a program. The comments at the top of malloc.c provide additional information. A small correction (removal of an obsolete comment) was made to the man page for mkfs(8). To apply the update below first cut where indicated and save to a file (/tmp/318). Then: patch -p0 < /tmp/318 cd /usr/src/etc make mkfs install -s -m 755 mkfs /etc/mkfs cd /usr/src/man/man8 /usr/man/manroff mkfs.8 > /usr/man/cat8/mkfs.0 The standalone version of mkfs is affected by the change to mkfs.c so it might be a good idea to recreate boot floppies or tapes whenever it is convenient. This and previous updates are available via anonymous FTP to either FTP.IIPO.GTEGSC.COM or MOE.2BSD.COM in the directory /pub/2.11BSD. ==========================cut here========================= *** /usr/src/etc/mkfs.c.old Fri Apr 12 22:57:21 1996 --- /usr/src/etc/mkfs.c Wed May 8 20:15:30 1996 *************** *** 1,5 **** #if !defined(lint) && defined(DOSCCS) ! char *sccsid = "@(#)mkfs.c 2.8 (2.11BSD) 1996/04/11"; #endif /* --- 1,5 ---- #if !defined(lint) && defined(DOSCCS) ! char *sccsid = "@(#)mkfs.c 2.9 (2.11BSD) 1996/5/8"; #endif /* *************** *** 34,40 **** #endif #define UMASK 0755 ! #define MAXFN 500 time_t utime; --- 34,40 ---- #endif #define UMASK 0755 ! #define MAXFN 750 time_t utime; *** /usr/src/man/man8/mkfs.8.old Fri Apr 12 21:30:04 1996 --- /usr/src/man/man8/mkfs.8 Wed May 8 20:22:10 1996 *************** *** 2,10 **** .\" All rights reserved. The Berkeley software License Agreement .\" specifies the terms and conditions for redistribution. .\" ! .\" @(#)mkfs.8 2.0 (2.11BSD) 1996/4/12 .\" ! .TH MKFS 8 "April 12, 1996" .UC 2 .SH NAME mkfs \- construct a file system --- 2,10 ---- .\" All rights reserved. The Berkeley software License Agreement .\" specifies the terms and conditions for redistribution. .\" ! .\" @(#)mkfs.8 2.1 (2.11BSD) 1996/5/8 .\" ! .TH MKFS 8 "May 8, 1996" .UC 2 .SH NAME mkfs \- construct a file system *************** *** 81,88 **** mkproto(8) newfs(8) .SH BUGS - There should be some way to specify links. - .PP The .I lost+found directory is created but the boot block is left uninitialized (see --- 81,86 ---- *** /usr/src/lib/libc/gen/malloc.c.old Mon Dec 26 14:24:35 1988 --- /usr/src/lib/libc/gen/malloc.c Thu Apr 11 21:13:28 1996 *************** *** 1,20 **** ! /* @(#)malloc.c 2.1 SCCS id keyword */ #ifdef debug ! # define ASSERT(p) if(!(p))botch("p");else ! botch(s) ! char *s; ! { ! printf("assertion botched: %s\n",s); ! abort(); ! } ! #else ! # define ASSERT(p) ! #endif /* * The origins of the following ifdef are lost. The only comment attached --- 1,41 ---- ! /* @(#)malloc.c 2.2 (2.11BSD) 1996/4/11 */ ! ! #include <unistd.h> ! #ifdef debug + #include <sys/types.h> + #include <sys/uio.h> ! #define ASSERT(p) if(!(p))botch("p") ! /* ! * Can't use 'printf' below because that can call malloc(). If the malloc ! * arena is corrupt malloc() calls botch() which calls printf which calls malloc ! * ... result is a recursive loop which underflows the stack. ! */ ! static botch(s) ! char *s; ! { ! struct iovec iov[3]; ! register struct iovec *v = iov; ! char *ab = "assertion botched: "; ! v->iov_base = ab; ! v->iov_len = strlen(ab); ! v++; ! v->iov_base = s; ! v->iov_len = strlen(s); ! v++; ! v->iov_base = "\n"; ! v->iov_len = 1; ! writev(STDOUT_FILENO, iov, 3); ! abort(); ! } ! #else ! #define ASSERT(p) ! #endif /* debug */ /* * The origins of the following ifdef are lost. The only comment attached *************** *** 53,59 **** #define BLOCK 1024 /* a multiple of WORD */ #define BUSY 1 - #define NULL 0 #define testbusy(p) ((INT)(p)&BUSY) #define setbusy(p) (union store *)((INT)(p)|BUSY) --- 74,79 ---- *************** *** 188,195 **** return((char *)q); } ! #ifdef debug ! allock() { #ifdef longdebug register union store *p; --- 208,215 ---- return((char *)q); } ! #ifdef debug ! static allock() { #ifdef longdebug register union store *p; *************** *** 205,208 **** return(1); #endif } ! #endif --- 225,228 ---- return(1); #endif } ! #endif /* debug */ *** /VERSION.old Thu May 2 21:17:40 1996 --- /VERSION Wed May 8 20:23:50 1996 *************** *** 1,4 **** ! Current Patch Level: 317 2.11 BSD ============ --- 1,4 ---- ! Current Patch Level: 318 2.11 BSD ============