On Wed, Dec 30, 2015 at 01:12:05AM -0500, Ted Unangst wrote:
> Long ago, malloc internally had two kinds of failures, warnings and errors.
> The 'A' option elevated warningst to errors, and has been the default for some
> time. But then warnings were effectively eliminated in favor of everything
> being an error, but then the 'a' flag turned errors into warnings!
>
> 1. This is bad because it means unconditional failures can now be made
> conditional.
> 2. If you are using 'X' (not recommended imo) then the 'a' option effectively
> disables that as well because of the merger.
> 3. Nobody should be running with 'a' anyway.
>
> We should remove the 'a' option. This diff does. There is now some redundant
> code left to handle wrterror() returning which can be removed next.
>
This seems to be the natural reaction to the bug reported by Michal and
the one you fixed earlier today.
ok tb@
>
> Index: lib/libc/stdlib/malloc.3
> ===================================================================
> RCS file: /cvs/src/lib/libc/stdlib/malloc.3,v
> retrieving revision 1.91
> diff -u -p -r1.91 malloc.3
> --- lib/libc/stdlib/malloc.3 14 Sep 2015 13:08:01 -0000 1.91
> +++ lib/libc/stdlib/malloc.3 30 Dec 2015 06:07:59 -0000
> @@ -345,10 +345,7 @@ or
> detect an error condition,
> a message will be printed to file descriptor
> 2 (not using stdio).
> -Errors will result in the process being aborted,
> -unless the
> -.Cm a
> -option has been specified.
> +Errors will result in the process being aborted.
> .Pp
> Here is a brief description of the error messages and what they mean:
> .Bl -tag -width Ds
> Index: lib/libc/stdlib/malloc.c
> ===================================================================
> RCS file: /cvs/src/lib/libc/stdlib/malloc.c,v
> retrieving revision 1.179
> diff -u -p -r1.179 malloc.c
> --- lib/libc/stdlib/malloc.c 30 Dec 2015 06:04:39 -0000 1.179
> +++ lib/libc/stdlib/malloc.c 30 Dec 2015 06:08:00 -0000
> @@ -177,7 +177,6 @@ struct chunk_info {
>
> struct malloc_readonly {
> struct dir_info *malloc_pool; /* Main bookkeeping information */
> - int malloc_abort; /* abort() on error */
> int malloc_freenow; /* Free quickly - disable chunk rnd */
> int malloc_freeunmap; /* mprotect free pages PROT_NONE? */
> int malloc_hint; /* call madvice on free pages? */
> @@ -280,8 +279,8 @@ wrterror(char *msg, void *p)
> #endif /* MALLOC_STATS */
>
> errno = saved_errno;
> - if (mopts.malloc_abort)
> - abort();
> +
> + abort();
> }
>
> static void
> @@ -485,7 +484,6 @@ omalloc_init(struct dir_info **dp)
> /*
> * Default options
> */
> - mopts.malloc_abort = 1;
> mopts.malloc_junk = 1;
> mopts.malloc_move = 1;
> mopts.malloc_cache = MALLOC_DEFAULT_CACHE;
> @@ -523,10 +521,8 @@ omalloc_init(struct dir_info **dp)
> mopts.malloc_cache >>= 1;
> break;
> case 'a':
> - mopts.malloc_abort = 0;
> break;
> case 'A':
> - mopts.malloc_abort = 1;
> break;
> case 'c':
> mopts.malloc_canaries = 0;
> Index: share/man/man5/malloc.conf.5
> ===================================================================
> RCS file: /cvs/src/share/man/man5/malloc.conf.5,v
> retrieving revision 1.2
> diff -u -p -r1.2 malloc.conf.5
> --- share/man/man5/malloc.conf.5 9 Dec 2015 14:09:50 -0000 1.2
> +++ share/man/man5/malloc.conf.5 30 Dec 2015 06:08:00 -0000
> @@ -35,14 +35,6 @@ and finally for the global variable
> and scan them for flags in that order.
> Flags are single letters, uppercase means on, lowercase means off.
> .Bl -tag -width indent
> -.It Cm A
> -.Dq Abort .
> -.Xr malloc 3
> -will coredump the process, rather than tolerate internal
> -inconsistencies or incorrect usage.
> -This is the default and a very handy debugging aid,
> -since the core file represents the time of failure,
> -rather than when the bogus pointer was used.
> .It Cm C
> .Dq Canaries .
> Add canaries at the end of allocations in order to detect
>
