While chasing bug #635 I made a patch to MemPools.c that placed
page-sized objects on page boundary and chunks allocated by mmap.
Then I used mprotect() to mark freed objects as no-write pages.
This straight away catched 1-byte buffer overrun bug that used to
corrupt mempools, which was very difficult to find otherwise, as
it popped up in completely unrelated sections of code and much later.
mprotect appears to be quite fast and suitable for running on
even production caches, which is how I got it without knowing how
to reproduce the bug manually.
Now I wonder if it makes sense to wrap it up into some form of
ifdef'ed debug option into mempools, or would that clutter source
needlessly? It isn't perfectly portable I guess, so, I don't know.
------------------------------------
Andres Kroonmaa <andre@online.ee>
CTO, Microlink Data AS
Tel: 6501 731, Fax: 6501 725
Pärnu mnt. 158, Tallinn
11317 Estonia
Received on Fri Dec 19 2003 - 04:32:03 MST
This archive was generated by hypermail pre-2.1.9 : Wed Dec 24 2003 - 12:00:29 MST