On 2004-09-28, at 17:00:16 +0100, Steve Hay wrote: > What does "chunk's tail overwrite" overwrite mean? > > It comes from malloc.c line 2074 (perl-5.8.5). An XS module of mine > keeps crashing with the message: > > assertion botched (chunk's tail overwrite?): ((unsigned int > *)((caddr_t)ovp + nbytes))[-1] == 0x55555555 (..\malloc.c:2074) > > when run under a DEBUGGING perl with perl's malloc. The software > apparently runs OK under a release-mode perl, and under perls with the > system malloc (both release and DEBUGGING), but I suspect that all is > not really well in light of the above. > > The Safefree() call is freeing up the SV's PV slot, which was earlier > assigned to the SV (and realloc()'ed) via sv_usepvn(). I haven't made > the mistake of attempting to free the space given to the SV as its PV > slot separately, so I'm at a loss as to what the problem is. > > Any ideas what this assertion failure might indicate?
Without looking at the malloc code in detail, the assertion seems to indicate that the tail of an allocated memory block has been overwritten. Each block (chunk) is protected by a magic number (0x55555555) right before (head) and right after (tail) the block. At free time, both are checked to see if the block was overwritten in any direction. Is this reproducible on any OS? Which module is is? Marcus -- BOFH Excuse #244: Your cat tried to eat the mouse.
