[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [MiNT] windom and gcc4

To: Henk Robbers <h.robbers@chello.nl>
Subject: Re: [MiNT] windom and gcc4
From: Miro Kropacek <miro.kropacek@gmail.com>
Date: Mon, 25 Jan 2010 23:39:08 +0100
Cc: mint@lists.fishpool.fi
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type; bh=4knHJL+6nHyL7KtKUtUHuHVvI/zvblkRxrIlK2mt9dY=; b=sx3HNdUZeOsaz1n67di2PV2VlH7MxAgrohgOz8knBa3kSvRt5/8KXtbeEm+/c46cTb FARUcGRxmMDrFwnK7dZrPMM1Ug4s1r/Fv3D4DLB2TYN3DlF0WJq1q+Scj7nLosBtzG0Q BjwSwnW8qvZx2B3NMphaKwLscwVNFDEeQRXTQ=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=sy/fVw4riihAhUCJI7ZMJOrzmjhwYUKNf3upF6skGOG4grGFBEX83RqiUjmq9HWwu6 Z0jVsIrljRdauB+5DYwWsRWyXGinowPrsLWbf51EDvb2xEo7OGHFHrhcJa5VslaPVZZN WsmEq51RAXN1Byvlfj9l9eRyHb/Snd0rG34iY=
In-reply-to: <4B5E1890.8080002@chello.nl>
List-help: <mailto:ecartis@lists.fishpool.fi?Subject=help>
List-id: <mint.lists.fishpool.fi>
List-owner: <mailto:tjhukkan@fishpool.fi>
List-post: <mailto:mint@lists.fishpool.fi>
List-subscribe: <mailto:mint-request@lists.fishpool.fi?Subject=subscribe>
List-unsubscribe: <mailto:mint-request@lists.fishpool.fi?Subject=unsubscribe>
References: <420195.6969.qm@web27401.mail.ukl.yahoo.com> <c6533ef61001240323m415be8b2oafae96cbdeb055fc@mail.gmail.com> <201001241235.58825.jflemaire@skynet.be> <4B5CB531.1010806@free.fr> <4B5CC2EB.5060603@lutece.net> <c6533ef61001241406v6fe556c8ra77daa930d0e575f@mail.gmail.com> <4B5E1890.8080002@chello.nl>
Sender: mint-bounce@lists.fishpool.fi

What if ldg points to something in the freed area?
Maybe ldg itself is the pointer the the Malloc'd area.
Maybe baspag is the first member of the struct.
In which case ldg and ldg->baspag point to the same address :-)

This is how it works (short version):

LDG* ldg = NULL;
BASPAG* module = NULL;
char offsetxt[24];
sprintf(offsetxt,"OFFSETLDG=%ld%c%c",(long)&ldg,'\0','\0');

module = (BASPAG *)Pexec( 3, path, NULL, offsetxt);
Pexec( 4, NULL, module, NULL);
ldg -> baspag = module

so, we pass pointer to LDG* to ldg module which should be loaded... second Pexec executes this code (between those two Pexec's is some code but unrelated to our problem), i.e. our NULL value in 'ldg' becomes some address as the part of executions is allocation of memory and storing the pointer to the given address.

Next, Compendium says parent process (caller) should free env and basepage space when exit, what is our code:

if( ldg->close) (*ldg->close)();
Mfree( ((BASPAG *)ldg->baspag)->p_env);
Mfree( ldg->baspag);
ldg->baspag = NULL;

as far as I understood, ldg->close() does nothing (it went down to libshare and there was empty body) and then we see what's next: freeing memory allocated by OS so this must be OK.

I think the only place (except some obscure situation) where the bug may be is the allocation routine inside ldg module -- but I didn't take a deep look yet.

--
MiKRO / Mystic Bytes
http://mikro.atari.org

Follow-Ups:
- Re: [MiNT] windom and gcc4
  - From: Vincent Rivière <vincent.riviere@freesbee.fr>

References:
- Re: [MiNT] windom and gcc4
  - From: Zorro <zorro270@yahoo.fr>
- Re: [MiNT] windom and gcc4
  - From: Miro Kropacek <miro.kropacek@gmail.com>
- Re: [MiNT] windom and gcc4
  - From: "J. F. Lemaire" <jflemaire@skynet.be>
- Re: [MiNT] windom and gcc4
  - From: Arnaud BERCEGEAY <arnaud.bercegeay@free.fr>
- Re: [MiNT] windom and gcc4
  - From: OL <o.l@lutece.net>
- Re: [MiNT] windom and gcc4
  - From: Miro Kropacek <miro.kropacek@gmail.com>
- Re: [MiNT] windom and gcc4
  - From: Henk Robbers <h.robbers@chello.nl>

Prev by Date: Re: [MiNT] windom and gcc4
Next by Date: Re: [MiNT] windom and gcc4
Previous by thread: Re: [MiNT] windom and gcc4
Next by thread: Re: [MiNT] windom and gcc4
Index(es):
- Date
- Thread