[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[MiNT] Freeing child's base page

To: MiNT Mailing List <mint@lists.fishpool.fi>
Subject: [MiNT] Freeing child's base page
From: Miro Kropacek <miro.kropacek@gmail.com>
Date: Wed, 27 Jan 2010 00:01:51 +0100
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type; bh=XJ3HaUEPfIF7E0KXRJN0kiMbc0vdceTIQFGY5J+lgPQ=; b=TgFaRjvhYUv+VQc+l4ZHngMgNPJwww+rCiMukTtkw3R6FkwxRjAHf7hWLzVWZimRW5 AoISAKLc64loOM6VNEpM1gCrQoc8HJesKLhbJio3X7XYDM6aXmlQd+/iJ0d2b109/5xg nlIP3Uvq4NtX84gdCRO2KX7acZFOGvF3cNBx4=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=wyDwutRZg8Q7dl9Jw7kbVDPKzXSTK7zPIySd2ln3KPTXYXOn45rMb3JKTeSSMjQzIO cCrz4wumfhUjQD+YhMRRutMqzGFqs1J1HFXSKIa28JuK3gpqELH/nFPSsoOiSeddMuMi Q4UoWez+HmfcuOxMXYRU1QNp4EGAZaFcS2Euo=
List-help: <mailto:ecartis@lists.fishpool.fi?Subject=help>
List-id: <mint.lists.fishpool.fi>
List-owner: <mailto:tjhukkan@fishpool.fi>
List-post: <mailto:mint@lists.fishpool.fi>
List-subscribe: <mailto:mint-request@lists.fishpool.fi?Subject=subscribe>
List-unsubscribe: <mailto:mint-request@lists.fishpool.fi?Subject=unsubscribe>
Sender: mint-bounce@lists.fishpool.fi

Hi,

I was able to isolate the problem with zView, zWeather & friends when crashing on exit. It has nothing to do with stack/memory corruption, it's quite simple, I tempted to write "it's a feature" :)

I attached three files as test case, I hope I didn't mess something in such rush. From this you can see very simple scheme:

- proc1 passes pointer to pointer via cmd line to proc 2
- proc2 has one static variable and it stores its address into pointer which he got on command line (i.e. from proc 1)
- proc1 can do anything he likes with this new piece of memory
- as soon as we call Mfree() on proc2's basepage, our new pointer becomes illegal

Now, easy answer would be "freeing child's basepage invalidates also its data" but I doubt this makes any sense. I'm unsure about one thing and that is what happens when proc 2 reaches terminating point (return 0) -- it's still in memory, ready for another Pexec (4, ...) ? What about its variables? Because if it is intact then I'm out if ideas what is happening here, any OS guru's comment welcomed ;)

--
MiKRO / Mystic Bytes
http://mikro.atari.org

#include "shared.h"
#include <stdio.h>
#include <stdlib.h>

static volatile struct xxx XXX;

int main(int argc, char* argv[] )
{
		struct xxx** pXXX;

		if( argc != 2 )
		{
				printf( "proc2: no pointer supplied\n" );
				return 1;
		}
		printf( "argv[1]: %s\n", argv[1] );

		pXXX = (struct xxx**)atoi( argv[1] );
		printf( "proc2: pointer from proc1 is %ld\n", (long)pXXX );
		*pXXX = &XXX;
		printf( "proc2: XXX is on address %p\n", &XXX );

		return 0;
}

struct xxx
{
		void* p;
		int a;
};

#include "shared.h"
#include <mint/basepage.h>
#include <mint/osbind.h>
#include <stdio.h>

int main( int argc, char* argv[] )
{
		struct xxx* pXXX = NULL;
		BASEPAGE* pBP = NULL;
		char cmdline[100];

		sprintf( &cmdline[1], "%ld%c%c", (long)&pXXX, '\0', '\0' );
		printf( "command line for proc2: %s\n", &cmdline[1] );
		cmdline[0] = strlen( &cmdline[1] );
		pBP = (BASEPAGE*)Pexec( 3, "./proc2", cmdline, NULL );
		if( (long)pBP < 0 )
		{
				printf( "error by pexec\n" );
				return 1;
		}

		Pexec( 4, NULL, pBP, NULL );	// exec
		printf( "proc1: we got pointer %p\n", pXXX );

		pXXX->p = pBP;

		// exit
		Mfree( pXXX->p );
		pXXX->p = NULL;

		return 0;
}

Follow-Ups:
- Re: [MiNT] Freeing child's base page
  - From: Vincent Rivière <vincent.riviere@freesbee.fr>
- Re: [MiNT] Freeing child's base page
  - From: "Jo Even Skarstein" <joska@online.no>
- [MiNT] Re : Freeing child's base page
  - From: Zorro <zorro270@yahoo.fr>

Prev by Date: Re: [MiNT] Re : windom and gcc4
Next by Date: Re: [MiNT] Freeing child's base page
Previous by thread: Re: [MiNT] Chatwin
Next by thread: Re: [MiNT] Freeing child's base page
Index(es):
- Date
- Thread