From mboxrd@z Thu Jan 1 00:00:00 1970 From: Timur Tabi Date: Thu, 25 Oct 2007 17:35:19 -0500 Subject: [U-Boot-Users] Bug in malloc()? Message-ID: <47211A27.1080703@freescale.com> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: u-boot@lists.denx.de I'm trying to get the very latest U-Boot running on an MPC8323E MDS, and U-Boot hangs in the code to initialize the environment. Specifically, env_relocate() calls malloc(), but malloc() never returns. Before I try to debug the malloc() code, I was hoping someone would have a clue as to what the problem is. I put a bunch of printfs() in the malloc() code, as well as a sanity check: for (victim = last(bin); victim != bin; victim = victim->bk) { printf("%s:%u victim=%p\n", __FILE__, __LINE__, victim); victim_size = chunksize(victim); printf("%s:%u victim_size=%u nb=%u\n", __FILE__, __LINE__, victim_size, nb); if (victim_size > max_total_mem) { printf("%s:%u\n", __FILE__, __LINE__); return 0; } remainder_size = victim_size - nb; printf("%s:%u remainder_size=%u\n", __FILE__, __LINE__, remainder_size); if (remainder_size >= (long)MINSIZE) /* too big */ { printf("%s:%u\n", __FILE__, __LINE__); --idx; /* adjust to rescan below after checking last remainder */ break; } else if (remainder_size >= 0) /* exact fit */ { printf("%s:%u\n", __FILE__, __LINE__); unlink(victim, bck, fwd); set_inuse_bit_at_offset(victim, victim_size); check_malloced_chunk(victim, nb); printf("%s:%u\n", __FILE__, __LINE__); return chunk2mem(victim); } printf("%s:%u\n", __FILE__, __LINE__); } and I get this: dlmalloc.c:2153 dlmalloc.c:2158 dlmalloc.c:2192 dlmalloc.c:2198 victim=fe02d138 dlmalloc.c:2200 victim_size=4261597488 nb=8200 dlmalloc.c:2202 env_relocate[217] malloced ENV at 00000000 Look at the value of victim_size. This can't be right. Without the "if (victim_size > max_total_mem)" sanity check, this code loops indefinitely. Can anyone tell me what's going on? I don't think there's a bug in malloc() per se, but something has corrupted the heap. What could do that?