c参数传递时被破坏导致出core怎么破?
(gdb) bt
#0 malloc_consolidate (av=0x37400010) at malloc.c:4560
#1 0x2af88748 in _int_malloc (av=0x37400010, bytes=2572) at malloc.c:3964
#2 0x2af89ca0 in *__GI___libc_malloc (bytes=2572) at malloc.c:3382
#3 0x01448274 in sal_alloc (sz=2560, s=0xa0c <Address 0xa0c out of bounds>) at sdk/src/sal/core/unix/alloc.c:226
#4 0x01232100 in bcm_tr2_ipmc_egress_intf_set (unit=0, ipmc_id=6, port=24, if_count=0, if_array=0x0, check_port=0) at sdk/src/bcm/esw/triumph2/ipmc.c:2375
#5 0x00dc94e8 in _bcm_esw_multicast_l3_destroy (unit=17, group=<value optimized out>) at sdk/src/bcm/esw/multicast.c:2916
#6 0x00889708 in bcm_multicast_destroy (unit=17, group=33554438) at sdk/src/bcm/dispatch.c:128625
#7 .......用的是博通 sdk-6.5.9
frame 4 其实就是用 sdk 封装的malloc去申请内存
2374 alloc_size = SHR_BITALLOCSIZE(IPMC_REPL_INTF_TOTAL(unit));
2375 intf_vec = sal_alloc(alloc_size, "IPMC repl interface vector");
2376 if (intf_vec == NULL) {
2377 return BCM_E_MEMORY;
2378 }
2379 sal_memset(intf_vec, 0, alloc_size);
2380
"sdk/src/bcm/esw/triumph2/ipmc.c" 6796L, 248509B 传到sal_alloc的时候,从堆栈上看,指针就完全是被破坏掉了:s=0xa0c<Address 0xa0c out of bounds>
不明白为什么会是在malloc这里出错啊。。。
196 void *
197 sal_alloc(unsigned int sz, char *s)
198 {
199 unsigned int orig_sz, alloc_sz;
200 uint32 *p;
201
202 #ifdef MEMORY_MEASUREMENT_DIAGNOSTICS
203 uint32 idx;
204 #endif
205
206 EXT_DEBUG_ALLOC(sz);
207
208 /*
209 * Round up size to accommodate corruption detection sentinels.
210 * Place sentinels at the beginning and end of the data area to
211 * detect memory corruption. These are verified on free.
212 */
213
214 orig_sz = sz;
215
216 sz = (sz + 3) & ~3;
217
218 /* Check for wrap caused by bad input */
219 alloc_sz = sz + 12;
220 if (alloc_sz < orig_sz) {
221 return NULL;
222 }
223
224 sal_alloc_calls += 1;
225
226 if ((p = malloc(alloc_sz)) == 0) {
227 return p;
228 }
229
230 assert(UINTPTR_TO_PTR(PTR_TO_UINTPTR(p)) == p);
231
232 sal_alloc_bytes += sz;
233
234 p[0] = sz / 4;
235 p[1] = 0xaaaaaaaa;
236 p[2 + sz / 4] = 0xbbbbbbbb;
237
238 #ifdef MEMORY_MEASUREMENT_DIAGNOSTICS
239 MEMORY_MEASUREMENT_INITIALIZE;
240 for(idx = 0;idx < memory_measurement_tool.count;idx++) {
241 if(memory_measurement_tool.elements[idx].is_active && (memory_measurement_tool.elements[idx].thread_id == sal_thread_self())) {
242 memory_measurement_tool.elements[idx].sal_size += sz;
243 }
244 }
245 #endif
246
247 #ifdef BROADCOM_DEBUG
248 /* { */
249 #ifdef INCLUDE_BCM_SAL_PROFILE
250 /* { */
251 SAL_ALLOC_RESOURCE_USAGE_INCR(
252 _sal_alloc_curr,
253 _sal_alloc_max,
254 (sz),
255 ilock);
256
257 /* } */
258 #endif
259 /* } */
260 #endif /* BROADCOM_DEBUG */
261
262 AGGR_DEBUG_ALLOC(p, sz, s);
263
264 MEMLOG_ALLOC("sal_alloc", (void *)&p[0], orig_sz, s);
265
266 return (void *) &p[2];
267 }复现概率很低,但是之前也出现过:
(gdb) bt
#0 malloc_consolidate (av=0x35c00010) at malloc.c:4560
#1 0x2af8a748 in _int_malloc (av=0x35c00010, bytes=764) at malloc.c:3964
#2 0x2af8bca0 in *__GI___libc_malloc (bytes=764) at malloc.c:3382
#3 0x014483e4 in sal_alloc (sz=752, s=0x2fc <Address 0x2fc out of bounds>) at sdk/src/sal/core/unix/alloc.c:226
#4 0x00d2ce14 in _field_sw_counter_get (unit=0, stage_fc=0x35cb9d18, idx=2, packet_count=0x3681a4d8, byte_count=0x3681a4e0) at sdk/src/bcm/esw/field_common.c:10303
#5 0x00d44db8 in _field_stat_value_get (unit=0, sync_mode=0, f_st=0x3652c720, stat=bcmFieldStatBytes, value=0x400a950) at sdk/src/bcm/esw/field_common.c:10903
#6 0x00d4506c in _bcm_esw_field_stat_get (unit=0, sync_mode=0, stat_id=<value optimized out>, stat=bcmFieldStatBytes, value=0x400a950) at sdk/src/bcm/esw/field_common.c:38210
#7 0x00d0c4b8 in bcm_esw_field_stat_get (unit=17, stat_id=0, stat=968337600, value=<value optimized out>) at sdk/src/bcm/esw/field.c:13741
#8 0x00d0c784 in bcm_esw_field_stat_multi_get (unit=0, stat_id=3, nstat=2, stat_arr=<value optimized out>, value_arr=0x400a950) at sdk/src/bcm/esw/field.c:13871
#9 0x008ab450 in bcm_field_stat_multi_get (unit=17, stat_id=3, nstat=2, stat_arr=0x2cc8b010, value_arr=0x400a950) at sdk/src/bcm/dispatch.c:96717
#10 ............回答
和开发者交流更多问题细节吧,去 写回答
相关文章
相似问题
相关问答用户
请输入您想邀请的人
腾讯云开发者
