On Mon, Jun 16, 2014 at 17:50, Stuart Henderson wrote: > On 2014/06/16 11:35, Ted Unangst wrote: >> On Mon, Jun 16, 2014 at 10:57, Stuart Henderson wrote: >> > #0 0x00001746a7f112b4 in strlen ( >> > str=0x1746a5b74ff8 "ÐÐÐÐÐÐÐÐ" <Address 0x1746a5b75000 out of >> > bounds>) >> > at /usr/src/lib/libc/string/strlen.c:39 >> > 39 for (s = str; *s; ++s) >> > (gdb) x/16x str >> > 0x1746a5b74ff8: 0xd0d0d0d0 0xd0d0d0d0 Cannot access memory at >> > address
>> So you are running with J as well? The first crash might go away >> without J, but the second will only go away now with little j. Of >> course, we don't want to do that. >> >> The first bug seems a little simpler. Based on the trace, cmTarget >> should initialize config to empty string, not just memory. Harder to >> tell where the free is in the second case. >> > > IIRC both these were with no malloc.conf. That's a little strange. The d0d0 pattern is only written when J is enabled. By default, you should only be seeing dfdf patterns in freed memory.