I'm trying to get the very latest U-Boot running on an MPC8323E MDS, and U-Boot hangs in the code to initialize the environment. Specifically, env_relocate() calls malloc(), but malloc() never returns.
Before I try to debug the malloc() code, I was hoping someone would have a clue as to what the problem is.
I put a bunch of printfs() in the malloc() code, as well as a sanity check:
for (victim = last(bin); victim != bin; victim = victim->bk) { printf("%s:%u victim=%p\n", __FILE__, __LINE__, victim); victim_size = chunksize(victim); printf("%s:%u victim_size=%u nb=%u\n", __FILE__, __LINE__, victim_size, nb); if (victim_size > max_total_mem) { printf("%s:%u\n", __FILE__, __LINE__); return 0; } remainder_size = victim_size - nb; printf("%s:%u remainder_size=%u\n", __FILE__, __LINE__, remainder_size);
if (remainder_size >= (long)MINSIZE) /* too big */ { printf("%s:%u\n", __FILE__, __LINE__); --idx; /* adjust to rescan below after checking last remainder */ break; }
else if (remainder_size >= 0) /* exact fit */ { printf("%s:%u\n", __FILE__, __LINE__); unlink(victim, bck, fwd); set_inuse_bit_at_offset(victim, victim_size); check_malloced_chunk(victim, nb); printf("%s:%u\n", __FILE__, __LINE__); return chunk2mem(victim); } printf("%s:%u\n", __FILE__, __LINE__); }
and I get this:
dlmalloc.c:2153 dlmalloc.c:2158 dlmalloc.c:2192 dlmalloc.c:2198 victim=fe02d138 dlmalloc.c:2200 victim_size=4261597488 nb=8200 dlmalloc.c:2202 env_relocate[217] malloced ENV at 00000000
Look at the value of victim_size. This can't be right.
Without the "if (victim_size > max_total_mem)" sanity check, this code loops indefinitely.
Can anyone tell me what's going on? I don't think there's a bug in malloc() per se, but something has corrupted the heap. What could do that?