From mint-bounce@lists.fishpool.fi  Wed Jan 27 02:32:49 2010
Message-ID: <1F55D94972D147B8A69EF89653073145@mercatus.local>
From: "Jo Even Skarstein" <joska@online.no>
To: "MiNT Mailing List" <mint@lists.fishpool.fi>
References: <c6533ef61001261501l44961b1bh146ba21ed071a6b3@mail.gmail.com>
In-Reply-To: <c6533ef61001261501l44961b1bh146ba21ed071a6b3@mail.gmail.com>
Subject: Re: [MiNT] Freeing child's base page
Date: Wed, 27 Jan 2010 08:29:57 +0100
MIME-Version: 1.0
Content-Type: text/plain;
	format=flowed;
	charset="iso-8859-1";
	reply-type=original
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
Importance: Normal
X-Mailer: Microsoft Windows Live Mail 14.0.8089.726
X-MimeOLE: Produced By Microsoft MimeOLE V14.0.8089.726
X-EsetScannerBuild: 6469
X-ecartis-version: Ecartis v1.0.0
Sender: mint-bounce@lists.fishpool.fi
Errors-to: mint-bounce@lists.fishpool.fi
X-original-sender: joska@online.no
Precedence: bulk
List-help: <mailto:ecartis@lists.fishpool.fi?Subject=help>
List-unsubscribe: <mailto:mint-request@lists.fishpool.fi?Subject=unsubscribe>
List-Id: <mint.lists.fishpool.fi>
X-List-ID: <mint.lists.fishpool.fi>
List-subscribe: <mailto:mint-request@lists.fishpool.fi?Subject=subscribe>
List-owner: <mailto:tjhukkan@fishpool.fi>
List-post: <mailto:mint@lists.fishpool.fi>

From: Miro Kropacek
Sent: Wednesday, January 27, 2010 12:01 AM
To: MiNT Mailing List
Subject: [MiNT] Freeing child's base page

> I attached three files as test case, I hope I didn't mess something in 
> such rush. From this you can see very simple scheme:

> - proc1 passes pointer to pointer via cmd line to proc 2
> - proc2 has one static variable and it stores its address into pointer 
> which he got on command line (i.e. from proc 1)
> - proc1 can do anything he likes with this new piece of memory
> - as soon as we call Mfree() on proc2's basepage, our new pointer becomes 
> illegal

So what you're saying here is that the child (proc 2) saves an address to a 
variable in it's own DATA-segment at some location in the parent's (proc 1) 
memory?

> Now, easy answer would be "freeing child's basepage invalidates also its 
> data" but I doubt this makes any sense. I'm unsure

So the problem is that the pointer in proc 1 now points to free memory. If 
it's Mfree'd then it belongs to the OS now. Of course it's illegal to access 
this memory now. If LDG does this, it must be considered a bug.

Jo Even 


__________ Information from ESET NOD32 Antivirus, version of virus signature database 4807 (20100126) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com