[BLACKBOX] Windows 7

From: [at]} <>
Date: Mon, 3 Sep 2012 15:41:20 +0800

n��u��.&�I8�������<�];
��z{mʗ�{�V�
��z{S���}�ĝ��xjǺHi Romiras,

  Yes, as you pointed, The trap in Kernel.Next.
  It read the empty block.tag(=0).size.
   
  Though the Kernel.root is HeapAlloc'ed at Kernel.Init, but it have not alloc
any typed block,when you alloc a big size array,the NewArr will call
FastCollect,then MarkLocals->CheckCandidates->Next .

   
  the simple solution is add a guard:
 
   IF S.VAL(INTEGER,blk.tag)DIV 4 * 4 =0 THEN RETURN END;
 after
   blk := S.VAL(Block, S.VAL(INTEGER, c) + 12);

 in CheckCandidates, Sweep proc;


another: if you dont modify Kernel,your can alloc a small array before alloc big, that will work.


Wish Marc give a completed solution


Regards

luowy

----- ?? -----
???: Romiras
? ?: Re: [BLACKBOX] FW: [BLACKBOX] Windows 7
? ?: 2012?9?3? 7:05:48

I still can reproduce a memory allocation bug with following code:

MODULE TestNewArr;
 
 PROCEDURE Do*;
  VAR ptr : POINTER TO ARRAY OF REAL;
 BEGIN

  NEW(ptr, 07FFCH);
 END Do;

BEGIN
 Do
END TestNewArr.

I have compiled a new Kernel and then builded test console application by command
DevLinker.Link dos testalloc.exe := Kernel$+ TestNewArr~

It failes in CheckCandidates. But if I use an original (CP) version of procedure Next, I get error from it: "illegal memory read [ad = 00000000]". Tested on Windows XP SP3 in both physical machine with 2GB and virtual machine with 384MB RAM. Same bug when running testalloc under Wine in Linux.

n��u��.&�I8�������<�];
��z{mʗ���bq�b��
��z{m���}�ޝ��xjǺ
��z{C��h�+b�v���!���~)^���{\rtf1\ansi\ansicpg1252\fromtext \fbidis \deff0{\fonttbl
{\f0\fswiss Arial;}
{\f1\fmodern Courier New;}
{\f2\fnil\fcharset2 Symbol;}
{\f3\fmodern\fcharset0 Courier New;}}
{\colortbl\red0\green0\blue0;\red0\green0\blue255;}
\uc1\pard\plain\deftab360 \f0\fs20 Hi Romiras,\par
\par
  Yes, as you pointed, The trap in Kernel.Next.\par
  It read the empty block.tag(=0).size.\par
   \par
  Though the Kernel.root is HeapAlloc'ed at Kernel.Init, but it have not alloc \par
any typed block,when you alloc a big size array,the NewArr will call\par
FastCollect,then MarkLocals->CheckCandidates->Next .\par
\par
   \par
  the simple solution is add a guard:\par
 \par
   IF S.VAL(INTEGER,blk.tag)DIV 4 * 4 =0 THEN RETURN END;\par
 after \par
   blk := S.VAL(Block, S.VAL(INTEGER, c) + 12); \par
\par
 in CheckCandidates, Sweep proc;\par
\par
\par
another: if you dont modify Kernel,your can alloc a small array before alloc big, that will work.\par
\par
\par
Wish Marc give a completed solution\par
\par
\par
Regards\par
\par
luowy\par
\par
----- ?? ----- \par
???: Romiras \par
? ?: Re: [BLACKBOX] FW: [BLACKBOX] Windows 7\par
? ?: 2012?9?3? 7:05:48\par
\par
I still can reproduce a memory allocation bug with following code:\par
\par
MODULE TestNewArr;\par
 \par
 PROCEDURE Do*;\par
  VAR ptr : POINTER TO ARRAY OF REAL;\par
 BEGIN\par
\par
  NEW(ptr, 07FFCH);\par
 END Do;\par
\par
BEGIN\par
 Do\par
END TestNewArr.\par
\par
I have compiled a new Kernel and then builded test console application by command\par
DevLinker.Link dos testalloc.exe := Kernel$+ TestNewArr~\par
\par
It failes in CheckCandidates. But if I use an original (CP) version of procedure Next, I get error from it: "illegal memory read [ad = 00000000]". Tested on Windows XP SP3 in both physical machine with 2GB and virtual machine with 384MB RAM. Same bug when running testalloc under Wine in Linux}}n��u��.&�I8�������<�];
Received on Mon Sep 03 2012 - 09:41:20 UTC