The end of the problem is that in malloc_bytes(), malloc.c line 981, the code enters the double for loop with a bp having the inconvenient property that in bp->bits, all sixteen entries are 0, causing the inner for loop to spin indefinitely.
I must admit, though, that i have no idea what that means, and where the problem starts leading to that ugly end: i clearly underestimated the difficulty of reading malloc.c ... :-o But maybe that rings a bell for somebody else. Carlin Bingham wrote on Fri, Jul 07, 2017 at 12:31:27PM +1200: >> Synopsis: when canaries are enabled `malloc(0)' sometimes hangs >> Category: system >> Environment: > System : OpenBSD 6.1 > Details : OpenBSD 6.1-current (GENERIC.MP) #88: Wed Jul 5 23:16:11 > MDT 2017 > > [email protected]:/usr/src/sys/arch/amd64/compile/GENERIC.MP > > Architecture: OpenBSD.amd64 > Machine : amd64 >> Description: > If malloc canaries are enabled in malloc.conf or MALLOC_OPTIONS > a call to malloc(3) with a size of 0 sometimes never returns. >> How-To-Repeat: > Call `malloc(0)' enough and it should eventually happen. > > In the wild, VLC seems to hang consistently at startup from > this. > > Synthetic example: > > $ cat stall.c && cc -o stall stall.c > #include <stdio.h> > #include <stdlib.h> > > int > main() > { > int i; > > printf("start\n"); > for (i = 0; i < 5000000; i++) { > malloc(0); > } > printf("done\n"); > } > > $ time ./stall > > start > done > 0m00.36s real 0m00.30s user 0m00.05s system > > $ MALLOC_OPTIONS="C" time ./stall > start > ^CCommand terminated abnormally. > 91.27 real 91.27 user 0.00 sys
