On Sat, Nov 07, 2015 at 05:56:36PM +0100, Baptiste Daroussin wrote: > On Sat, Nov 07, 2015 at 07:49:42PM +0300, Andrey Chernov wrote: > > On 07.11.2015 19:22, Baptiste Daroussin wrote: > > > Author: bapt > > > Date: Sat Nov 7 16:22:29 2015 > > > New Revision: 290499 > > > URL: https://svnweb.freebsd.org/changeset/base/290499 > > > > > > Log: > > > Workaround an issue on i386 to unbreak the build until the real issue > > > is tracked > > > down > > > - large = calloc(sizeof (collate_large_t) * n, 1); > > > + large = malloc(sizeof (collate_large_t) * n); > > > + memset(large, 0, sizeof (collate_large_t) * n); > > > > Should be calloc(n, sizeof (collate_large_t)) according to calloc usage > > and to prevent size_t overflow. Is it calloc() bug? > > I have tried all combinaison with calloc before committing the workaround, all > fails the same way on i386: > <jemalloc>: jemalloc_arena.c:353: Failed assertion: "p[i] == 0" > > So yes I'm thinking about a calloc bug (Jason CCed) > > FYI sizeof(collate_large_t) is 44 there and n is 1145 > > Best regards, > Bapt
Issue found by dim@ using the Address Sanitizer Guilty was me through a bug I introduced during conversion from avl(3) to tree(3). Best regards, Bapt
signature.asc
Description: PGP signature
