WinUAE
WinUAE copied to clipboard
Published
20 hours ago •
tonioni
tonioni
segfault when changing chipmemsize
happens in latest PUAE when changing chipmem size to 2048 kb from first call to gui_display
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7d659cc in free (p=0x7ffff5e9d020) at src/malloc/malloc.c:486
486 if (IS_MMAPPED(self)) {
(gdb) bt
#0 0x00007ffff7d659cc in free (p=0x7ffff5e9d020) at src/malloc/malloc.c:486
#1 0x00000000005659b6 in mapped_free (
p=0x7ffff5e9d020 <Address 0x7ffff5e9d020 out of bounds>)
at src/memory.c:1573
#2 0x0000000000565dbb in allocate_memory () at src/memory.c:1871
#3 0x0000000000566c63 in memory_reset () at src/memory.c:2176
#4 0x00000000005611a0 in reset_all_systems () at src/main.c:916
#5 0x0000000000483c2f in custom_reset (hardreset=true, keyboardreset=false)
at src/custom.c:7798
#6 0x000000000057cb92 in m68k_go (may_quit=1) at src/newcpu.c:4218
1869 if (bogomem_bank.allocated != currprefs.bogomem_size) {
1870 if (!(bogomem_bank.allocated == 0x200000 && currprefs.bogomem_size == 0x180000)) {
1871 mapped_free (bogomem_bank.baseaddr);
1872 bogomem_bank.baseaddr = NULL;
1873 bogomem_bank.allocated = 0;
memory.cpp around line 1750 does
chipmem_bank.allocated = memsize1 + memsize2;
mapped_malloc (&chipmem_bank);
chipmem_bank.allocated = currprefs.chipmem_size;
bogomem_bank.baseaddr = chipmem_bank.baseaddr + memsize1;
so bogomem gets an offset into the mem allocated for chipmem.
however other parts of the code malloc the memory for bogomem directly:
1881 if (bogomem_bank.allocated) {
1882 bogomem_bank.baseaddr = mapped_malloc (bogomem_bank.allocated, _T("bogo"));
1883 if (bogomem_bank.baseaddr == 0) {
so it seems that the code free'ing the bogomem cant be sure whether it deals with a chunk pointing into the middle of chipmem or a separate chunk. in the first case, calling free on the bogomem address is UB.
@frodesolheim mentioned that the issue could be related to bitrotted code in NATMEM_OFFSET ifdefs