Trying to find a memory corruption and failed

Makefile

@@ -93,7 +93,7 @@ io.o:
 	$(CC) $(CFLAGS) $(LDFLAGS) -o io.o -c io.c
 
 malloc.o:
-	$(CC) $(CFLAGS) -DMORECORE_CANNOT_TRIM=1 -DMALLOC_FAILURE_ACTION -DHAVE_MMAP=0 -DLACKS_SYS_PARAM_H -DLACKS_UNISTD_H -DLACKS_FCNTL_H -DLACKS_SYS_TYPES_H=1 -DNO_MALLOC_STATS=1 -DLACKS_ERRNO_H -DLACKS_TIME_H -DLACKS_STDLIB_H -DLACKS_STRING_H -DLACKS_SYS_MMAN_H $(LDFLAGS) -o malloc.o -c malloc.c
+	$(CC) $(CFLAGS) -DFOOTERS=1 -DMORECORE_CANNOT_TRIM=1 -DMALLOC_FAILURE_ACTION -DHAVE_MMAP=0 -DLACKS_SYS_PARAM_H -DLACKS_UNISTD_H -DLACKS_FCNTL_H -DLACKS_SYS_TYPES_H=1 -DNO_MALLOC_STATS=1 -DLACKS_ERRNO_H -DLACKS_TIME_H -DLACKS_STDLIB_H -DLACKS_STRING_H -DLACKS_SYS_MMAN_H $(LDFLAGS) -o malloc.o -c malloc.c
 
 memory.o:
 	$(CC) $(CFLAGS) $(LDFLAGS) -o memory.o -c memory.c

execve.c

@@ -141,7 +141,7 @@ int execve(struct regs *r, char *name, char **argv, char **env) {
 
 		mem_clear_user_pages();
 		
-		free(current_task->user_pages);
+		dbfree(current_task->user_pages, "execve: free user pages");
 
 		current_task->user_pages_cnt = 0;
 		current_task->user_pages_at = 0x40000000;

gui.c

@@ -341,12 +341,12 @@ int gui_add_window(unsigned char *contents, char *name, int x, int y, int w, int
 	int i;
 
 	if (window_count == 0) {
-		windows = (struct window_t **)malloc(sizeof(struct window_t *));
+		windows = (struct window_t **)dbmalloc(sizeof(struct window_t *), "gui: add window (malloc)");
 	} else {
-		windows = (struct window_t **)realloc(windows, sizeof(struct window_t *) * (window_count + 1));
+		windows = (struct window_t **)dbrealloc(windows, sizeof(struct window_t *) * (window_count + 1), "gui: add window (realloc)");
 	}
 
-	new_window = (struct window_t *)malloc(sizeof(struct window_t));
+	new_window = (struct window_t *)dbmalloc(sizeof(struct window_t), "gui: add window (malloc 2)");
 	new_window->serialno = ++serialnos;
 	new_window->posx = x;
 	new_window->posy = y;

kernel.c

@@ -23,18 +23,27 @@ extern struct task_t *current_task;
 
 char *system_disk;
 
+extern int last_syscall;
+
 void abort(void) {
 	kprintf("Abort.\n");
 	while(1);
 }
 
+extern char *db_malloc_caller;
+
 void abort_on_usage(void * m) {
-	kprintf("Abort on Usage error");
+	kprintf("Abort on Usage error\n");
+	kprintf("DB MALLOC: %s\n", db_malloc_caller);
+	kprintf("PID: %d\n", current_task->pid);
+	kprintf("LAST SYSCALL %d\n", last_syscall);
 	while(1);
 }
 
 void abort_on_corruption(void * m) {
-	kprintf("Abort on Corruption");
+	kprintf("Abort on Corruption\n");
+	kprintf("DB MALLOC: %s\n", db_malloc_caller);
+	kprintf("PID: %d (%s)\n", current_task->pid, current_task->name);
 	while(1);
 }
 

malloc.c

@@ -12,8 +12,7 @@ extern void abort_on_usage(void * m);
   http://creativecommons.org/publicdomain/zero/1.0/ Send questions,
   comments, complaints, performance data, etc to dl@cs.oswego.edu
 
-* Version 2.8.5 Sun May 22 10:26:02 2011  Doug Lea  (dl at gee)
+* Version 2.8.6 Wed Aug 29 06:57:58 2012  Doug Lea
-
    Note: There may be an updated version of this malloc obtainable at
            ftp://gee.cs.oswego.edu/pub/misc/malloc.c
          Check before installing!
@@ -27,7 +26,7 @@ extern void abort_on_usage(void * m);
   compile-time and dynamic tuning options.
 
   For convenience, an include file for code using this malloc is at:
-     ftp://gee.cs.oswego.edu/pub/misc/malloc-2.8.5.h
+     ftp://gee.cs.oswego.edu/pub/misc/malloc-2.8.6.h
   You don't really need this .h file unless you call functions not
   defined in your system include files.  The .h file contains only the
   excerpts from this file needed for using this malloc on ANSI C/C++
@@ -49,7 +48,7 @@ extern void abort_on_usage(void * m);
        than pointers, you can use a previous release of this malloc
        (e.g. 2.7.2) supporting these.)
 
-  Alignment:                                     8 bytes (default)
+  Alignment:                                     8 bytes (minimum)
        This suffices for nearly all current machines and C compilers.
        However, you can define MALLOC_ALIGNMENT to be wider than this
        if necessary (up to 128bytes), at the expense of using more space.
@@ -250,11 +249,11 @@ WIN32                    default: defined if _WIN32 defined
 DLMALLOC_EXPORT       default: extern
   Defines how public APIs are declared. If you want to export via a
   Windows DLL, you might define this as
-    #define DLMALLOC_EXPORT extern  __declspace(dllexport)
+    #define DLMALLOC_EXPORT extern  __declspec(dllexport)
   If you want a POSIX ELF shared object, you might use
     #define DLMALLOC_EXPORT extern __attribute__((visibility("default")))
 
-MALLOC_ALIGNMENT         default: (size_t)8
+MALLOC_ALIGNMENT         default: (size_t)(2 * sizeof(void *))
   Controls the minimum alignment for malloc'ed chunks.  It must be a
   power of two and at least 8, even on machines for which smaller
   alignments would suffice. It may be defined as larger than this
@@ -287,6 +286,12 @@ USE_RECURSIVE_LOCKS      default: not defined
   uses plain mutexes. This is not required for malloc proper, but may
   be needed for layered allocators such as nedmalloc.
 
+LOCK_AT_FORK            default: not defined
+  If defined nonzero, performs pthread_atfork upon initialization
+  to initialize child lock while holding parent lock. The implementation
+  assumes that pthread locks (not custom locks) are being used. In other
+  cases, you may need to customize the implementation.
+
 FOOTERS                  default: 0
   If true, provide extra checking and dispatching by placing
   information in the footers of allocated chunks. This adds
@@ -526,7 +531,7 @@ MAX_RELEASE_CHECK_RATE   default: 4095 unless not HAVE_MMAP
 
 /* Version identifier to allow people to support multiple versions */
 #ifndef DLMALLOC_VERSION
-#define DLMALLOC_VERSION 20805
+#define DLMALLOC_VERSION 20806
 #endif /* DLMALLOC_VERSION */
 
 #ifndef DLMALLOC_EXPORT
@@ -618,7 +623,7 @@ MAX_RELEASE_CHECK_RATE   default: 4095 unless not HAVE_MMAP
 #endif  /* ONLY_MSPACES */
 #endif  /* MSPACES */
 #ifndef MALLOC_ALIGNMENT
-#define MALLOC_ALIGNMENT ((size_t)8U)
+#define MALLOC_ALIGNMENT ((size_t)(2 * sizeof(void *)))
 #endif  /* MALLOC_ALIGNMENT */
 #ifndef FOOTERS
 #define FOOTERS 0
@@ -1246,8 +1251,6 @@ DLMALLOC_EXPORT int  dlmalloc_trim(size_t);
 */
 DLMALLOC_EXPORT void  dlmalloc_stats(void);
 
-#endif /* ONLY_MSPACES */
-
 /*
   malloc_usable_size(void* p);
 
@@ -1264,6 +1267,8 @@ DLMALLOC_EXPORT void  dlmalloc_stats(void);
 */
 size_t dlmalloc_usable_size(void*);
 
+#endif /* ONLY_MSPACES */
+
 #if MSPACES
 
 /*
@@ -1395,7 +1400,7 @@ DLMALLOC_EXPORT struct mallinfo mspace_mallinfo(mspace msp);
 /*
   malloc_usable_size(void* p) behaves the same as malloc_usable_size;
 */
-DLMALLOC_EXPORT size_t mspace_usable_size(void* mem);
+DLMALLOC_EXPORT size_t mspace_usable_size(const void* mem);
 
 /*
   mspace_malloc_stats behaves as malloc_stats, but reports
@@ -1522,11 +1527,16 @@ LONG __cdecl _InterlockedExchange(LONG volatile *Target, LONG Value);
 #define interlockedcompareexchange(a, b, c) __sync_val_compare_and_swap(a, c, b)
 #define interlockedexchange __sync_lock_test_and_set
 #endif /* Win32 */
+#else /* USE_LOCKS */
 #endif /* USE_LOCKS */
 
+#ifndef LOCK_AT_FORK
+#define LOCK_AT_FORK 0
+#endif
+
 /* Declarations for bit scanning on win32 */
 #if defined(_MSC_VER) && _MSC_VER>=1300
-#ifndef BitScanForward	/* Try to avoid pulling in WinNT.h */
+#ifndef BitScanForward /* Try to avoid pulling in WinNT.h */
 #ifdef __cplusplus
 extern "C" {
 #endif /* __cplusplus */
@@ -1851,8 +1861,8 @@ static FORCEINLINE void x86_clear_lock(int* sl) {
 #define CLEAR_LOCK(sl)   x86_clear_lock(sl)
 
 #else /* Win32 MSC */
-#define CAS_LOCK(sl)     interlockedexchange(sl, 1)
+#define CAS_LOCK(sl)     interlockedexchange(sl, (LONG)1)
-#define CLEAR_LOCK(sl)   interlockedexchange (sl, 0)
+#define CLEAR_LOCK(sl)   interlockedexchange (sl, (LONG)0)
 
 #endif /* ... gcc spins locks ... */
 
@@ -1976,7 +1986,7 @@ static FORCEINLINE int recursive_try_lock(MLOCK_T *lk) {
 #define NEED_GLOBAL_LOCK_INIT
 
 static MLOCK_T malloc_global_mutex;
-static volatile long malloc_global_mutex_status;
+static volatile LONG malloc_global_mutex_status;
 
 /* Use spin loop to initialize global lock */
 static void init_malloc_global_mutex() {
@@ -1986,9 +1996,9 @@ static void init_malloc_global_mutex() {
       return;
     /* transition to < 0 while initializing, then to > 0) */
     if (stat == 0 &&
-        interlockedcompareexchange(&malloc_global_mutex_status, -1, 0) == 0) {
+        interlockedcompareexchange(&malloc_global_mutex_status, (LONG)-1, (LONG)0) == 0) {
       InitializeCriticalSection(&malloc_global_mutex);
-      interlockedexchange(&malloc_global_mutex_status,1);
+      interlockedexchange(&malloc_global_mutex_status, (LONG)1);
       return;
     }
     SleepEx(0, FALSE);
@@ -2007,7 +2017,7 @@ static void init_malloc_global_mutex() {
 /* Cope with old-style linux recursive lock initialization by adding */
 /* skipped internal declaration from pthread.h */
 extern int pthread_mutexattr_setkind_np __P ((pthread_mutexattr_t *__attr,
-					   int __kind));
+                                              int __kind));
 #define PTHREAD_MUTEX_RECURSIVE PTHREAD_MUTEX_RECURSIVE_NP
 #define pthread_mutexattr_settype(x,y) pthread_mutexattr_setkind_np(x,y)
 #endif /* USE_RECURSIVE_LOCKS ... */
@@ -3085,6 +3095,12 @@ static size_t traverse_and_check(mstate m);
 
 /* ---------------------------- setting mparams -------------------------- */
 
+#if LOCK_AT_FORK
+static void pre_fork(void)         { ACQUIRE_LOCK(&(gm)->mutex); }
+static void post_fork_parent(void) { RELEASE_LOCK(&(gm)->mutex); }
+static void post_fork_child(void)  { INITIAL_LOCK(&(gm)->mutex); }
+#endif /* LOCK_AT_FORK */
+
 /* Initialize mparams */
 static int init_mparams(void) {
 #ifdef NEED_GLOBAL_LOCK_INIT
@@ -3126,7 +3142,6 @@ static int init_mparams(void) {
         ((gsize            & (gsize-SIZE_T_ONE))            != 0) ||
         ((psize            & (psize-SIZE_T_ONE))            != 0))
       ABORT;
-
     mparams.granularity = gsize;
     mparams.page_size = psize;
     mparams.mmap_threshold = DEFAULT_MMAP_THRESHOLD;
@@ -3142,6 +3157,9 @@ static int init_mparams(void) {
     gm->mflags = mparams.default_mflags;
     (void)INITIAL_LOCK(&gm->mutex);
 #endif
+#if LOCK_AT_FORK
+    pthread_atfork(&pre_fork, &post_fork_parent, &post_fork_child);
+#endif
 
     {
 #if USE_DEV_RANDOM
@@ -3156,11 +3174,11 @@ static int init_mparams(void) {
       else
 #endif /* USE_DEV_RANDOM */
 #ifdef WIN32
-        magic = (size_t)(GetTickCount() ^ (size_t)0x55555555U);
+      magic = (size_t)(GetTickCount() ^ (size_t)0x55555555U);
 #elif defined(LACKS_TIME_H)
       magic = (size_t)&magic ^ (size_t)0x55555555U;
 #else
-        magic = (size_t)(time(0) ^ (size_t)0x55555555U);
+      magic = (size_t)(time(0) ^ (size_t)0x55555555U);
 #endif
       magic |= (size_t)8U;    /* ensure nonzero */
       magic &= ~(size_t)7U;   /* improve chances of fault for bad values */
@@ -3842,7 +3860,7 @@ static void* mmap_alloc(mstate m, size_t nb) {
 /* Realloc using mmap */
 static mchunkptr mmap_resize(mstate m, mchunkptr oldp, size_t nb, int flags) {
   size_t oldsize = chunksize(oldp);
-  flags = flags; /* placate people compiling -Wunused */
+  (void)flags; /* placate people compiling -Wunused */
   if (is_small(nb)) /* Can't shrink mmap regions below small size */
     return 0;
   /* Keep old chunk if big enough but not too big */
@@ -4067,6 +4085,7 @@ static void* sys_alloc(mstate m, size_t nb) {
 
   if (MORECORE_CONTIGUOUS && !use_noncontiguous(m)) {
     char* br = CMFAIL;
+    size_t ssize = asize; /* sbrk call size */
     msegmentptr ss = (m->top == 0)? 0 : segment_holding(m, (char*)m->top);
     ACQUIRE_MALLOC_GLOBAL_LOCK();
 
@@ -4076,39 +4095,39 @@ static void* sys_alloc(mstate m, size_t nb) {
         size_t fp;
         /* Adjust to end on a page boundary */
         if (!is_page_aligned(base))
-          asize += (page_align((size_t)base) - (size_t)base);
+          ssize += (page_align((size_t)base) - (size_t)base);
-        fp = m->footprint + asize; /* recheck limits */
+        fp = m->footprint + ssize; /* recheck limits */
-        if (asize > nb && asize < HALF_MAX_SIZE_T &&
+        if (ssize > nb && ssize < HALF_MAX_SIZE_T &&
             (m->footprint_limit == 0 ||
              (fp > m->footprint && fp <= m->footprint_limit)) &&
-            (br = (char*)(CALL_MORECORE(asize))) == base) {
+            (br = (char*)(CALL_MORECORE(ssize))) == base) {
           tbase = base;
-          tsize = asize;
+          tsize = ssize;
         }
       }
     }
     else {
       /* Subtract out existing available top space from MORECORE request. */
-      asize = granularity_align(nb - m->topsize + SYS_ALLOC_PADDING);
+      ssize = granularity_align(nb - m->topsize + SYS_ALLOC_PADDING);
       /* Use mem here only if it did continuously extend old space */
-      if (asize < HALF_MAX_SIZE_T &&
+      if (ssize < HALF_MAX_SIZE_T &&
-          (br = (char*)(CALL_MORECORE(asize))) == ss->base+ss->size) {
+          (br = (char*)(CALL_MORECORE(ssize))) == ss->base+ss->size) {
         tbase = br;
-        tsize = asize;
+        tsize = ssize;
       }
     }
 
     if (tbase == CMFAIL) {    /* Cope with partial failure */
       if (br != CMFAIL) {    /* Try to use/extend the space we did get */
-        if (asize < HALF_MAX_SIZE_T &&
+        if (ssize < HALF_MAX_SIZE_T &&
-            asize < nb + SYS_ALLOC_PADDING) {
+            ssize < nb + SYS_ALLOC_PADDING) {
-          size_t esize = granularity_align(nb + SYS_ALLOC_PADDING - asize);
+          size_t esize = granularity_align(nb + SYS_ALLOC_PADDING - ssize);
           if (esize < HALF_MAX_SIZE_T) {
             char* end = (char*)CALL_MORECORE(esize);
             if (end != CMFAIL)
-              asize += esize;
+              ssize += esize;
             else {            /* Can't use; try to release */
-              (void) CALL_MORECORE(-asize);
+              (void) CALL_MORECORE(-ssize);
               br = CMFAIL;
             }
           }
@@ -4116,7 +4135,7 @@ static void* sys_alloc(mstate m, size_t nb) {
       }
       if (br != CMFAIL) {    /* Use the space we did get */
         tbase = br;
-        tsize = asize;
+        tsize = ssize;
       }
       else
         disable_contiguous(m); /* Don't try contiguous path in the future */
@@ -4271,8 +4290,8 @@ static size_t release_unused_segments(mstate m) {
     sp = next;
   }
   /* Reset check counter */
-  m->release_checks = ((nsegs > MAX_RELEASE_CHECK_RATE)?
+  m->release_checks = (((size_t) nsegs > (size_t) MAX_RELEASE_CHECK_RATE)?
-                       nsegs : MAX_RELEASE_CHECK_RATE);
+                       (size_t) nsegs : (size_t) MAX_RELEASE_CHECK_RATE);
   return released;
 }
 
@@ -4295,6 +4314,7 @@ static int sys_trim(mstate m, size_t pad) {
               sp->size >= extra &&
               !has_segment_link(m, sp)) { /* can't shrink if pinned */
             size_t newsize = sp->size - extra;
+            (void)newsize; /* placate people compiling -Wunused-variable */
             /* Prefer mremap, fall back to munmap */
             if ((CALL_MREMAP(sp->base, sp->size, newsize, 0) != MFAIL) ||
                 (CALL_MUNMAP(sp->base + newsize, extra) == 0)) {
@@ -4865,7 +4885,7 @@ static mchunkptr try_realloc_chunk(mstate m, mchunkptr p, size_t nb,
     }
   }
   else {
-    USAGE_ERROR_ACTION(m, oldmem);
+    USAGE_ERROR_ACTION(m, chunk2mem(p));
   }
   return newp;
 }
@@ -5144,10 +5164,10 @@ static void internal_inspect_all(mstate m,
         else {
           used = 0;
           if (is_small(sz)) {     /* offset by possible bookkeeping */
-            start = (void*)((char*)q + sizeof(malloc_chunk));
+            start = (void*)((char*)q + sizeof(struct malloc_chunk));
           }
           else {
-            start = (void*)((char*)q + sizeof(malloc_tree_chunk));
+            start = (void*)((char*)q + sizeof(struct malloc_tree_chunk));
           }
         }
         if (start < (void*)next)  /* skip if all space is bookkeeping */
@@ -5257,7 +5277,7 @@ int dlposix_memalign(void** pp, size_t alignment, size_t bytes) {
     size_t r = alignment % sizeof(void*);
     if (r != 0 || d == 0 || (d & (d-SIZE_T_ONE)) != 0)
       return EINVAL;
-    else if (bytes >= MAX_REQUEST - alignment) {
+    else if (bytes <= MAX_REQUEST - alignment) {
       if (alignment <  MIN_CHUNK_SIZE)
         alignment = MIN_CHUNK_SIZE;
       mem = internal_memalign(gm, alignment, bytes);
@@ -5439,12 +5459,14 @@ int mspace_track_large_chunks(mspace msp, int enable) {
   int ret = 0;
   mstate ms = (mstate)msp;
   if (!PREACTION(ms)) {
-    if (!use_mmap(ms))
+    if (!use_mmap(ms)) {
       ret = 1;
-    if (!enable)
+    }
+    if (!enable) {
       enable_mmap(ms);
-    else
+    } else {
       disable_mmap(ms);
+    }
     POSTACTION(ms);
   }
   return ret;
@@ -5460,6 +5482,7 @@ size_t destroy_mspace(mspace msp) {
       char* base = sp->base;
       size_t size = sp->size;
       flag_t flag = sp->sflags;
+      (void)base; /* placate people compiling -Wunused-variable */
       sp = sp->next;
       if ((flag & USE_MMAP_BIT) && !(flag & EXTERN_BIT) &&
           CALL_MUNMAP(base, size) == 0)
@@ -5596,7 +5619,7 @@ void mspace_free(mspace msp, void* mem) {
     mchunkptr p  = mem2chunk(mem);
 #if FOOTERS
     mstate fm = get_mstate_for(p);
-    msp = msp; /* placate people compiling -Wunused */
+    (void)msp; /* placate people compiling -Wunused */
 #else /* FOOTERS */
     mstate fm = (mstate)msp;
 #endif /* FOOTERS */
@@ -5770,7 +5793,7 @@ void* mspace_realloc_in_place(mspace msp, void* oldmem, size_t bytes) {
       mstate m = (mstate)msp;
 #else /* FOOTERS */
       mstate m = get_mstate_for(oldp);
-      msp = msp; /* placate people compiling -Wunused */
+      (void)msp; /* placate people compiling -Wunused */
       if (!ok_magic(m)) {
         USAGE_ERROR_ACTION(m, oldmem);
         return 0;
@@ -5937,7 +5960,7 @@ struct mallinfo mspace_mallinfo(mspace msp) {
 }
 #endif /* NO_MALLINFO */
 
-size_t mspace_usable_size(void* mem) {
+size_t mspace_usable_size(const void* mem) {
   if (mem != 0) {
     mchunkptr p = mem2chunk(mem);
     if (is_inuse(p))
@@ -6047,6 +6070,12 @@ int mspace_mallopt(int param_number, int value) {
 
 /* -----------------------------------------------------------------------
 History:
+    v2.8.6 Wed Aug 29 06:57:58 2012  Doug Lea
+      * fix bad comparison in dlposix_memalign
+      * don't reuse adjusted asize in sys_alloc
+      * add LOCK_AT_FORK -- thanks to Kirill Artamonov for the suggestion
+      * reduce compiler warnings -- thanks to all who reported/suggested these
+
     v2.8.5 Sun May 22 10:26:02 2011  Doug Lea  (dl at gee)
       * Always perform unlink checks unless INSECURE
       * Add posix_memalign.
@@ -6257,4 +6286,3 @@ History:
          structure of old version,  but most details differ.)
 
 */
-

memory.c

@@ -183,7 +183,6 @@ int mem_cpy_pages(struct task_t *old_task, struct task_t *new_task) {
 			memcpy((char *)fake_tab, (char *)virt, 0x1000);
 			mem_map_page_in(new_task->user_pages[i], virt, new_task->cr3, 7);
 		}
-
 	} else {
 		new_task->user_pages_at = 0x40000000;
 		new_task->user_pages_cnt = 0;
@@ -215,7 +214,7 @@ int mem_cpy_pages(struct task_t *old_task, struct task_t *new_task) {
 		} 
 		mem_map_page_in(new_task->user_env_pages[i], virt, new_task->cr3, 7);
 	}
-	
+	return 1;
 }
 
 void mem_clear_user_pages() {
@@ -566,6 +565,20 @@ unsigned char *mem_map_framebuffer(unsigned int phys, unsigned int fb_length) {
 		return (char *)0xe0000000;
 }
 
+char *mem_alloc_user_page() {
+	current_task->user_pages_cnt++;
+		
+	if (current_task->user_pages == (void *)0) {
+		current_task->user_pages = (unsigned int *)malloc(current_task->user_pages_cnt * sizeof(unsigned int));
+	} else {
+		current_task->user_pages = (unsigned int *)realloc(current_task->user_pages, current_task->user_pages_cnt * sizeof(unsigned int));
+	}
+		
+	current_task->user_pages[current_task->user_pages_cnt - 1] = (unsigned int)mem_alloc();
+
+	return (char *)current_task->user_pages[current_task->user_pages_cnt - 1];
+}
+
 int mem_map_user_page(unsigned int virt) {
 		unsigned int dir_entry = (virt >> 22);
 		unsigned int table_entry = (virt >> 12) & 0x03ff;
@@ -573,14 +586,15 @@ int mem_map_user_page(unsigned int virt) {
 		unsigned int *pt_map = (unsigned int *)0xffc00000 + (0x400 * dir_entry);
 		int i;
 		
-		if (virt > current_task->user_pages_at) {
+		if (virt > round_up_to_page(current_task->user_pages_at)) {
+			kprintf("virt %p upa %p\n", virt, current_task->user_pages_at);
 			return 0;
 		}
 
 		if ((pd_map[dir_entry] & 1) == 0) {
-			// table doesnt exist, create it.
+			// table doesnt exist, create it. should this be in user pages?!?
-			pd_map[dir_entry] = (unsigned int)mem_alloc() | 7;
 
+			pd_map[dir_entry] = (unsigned int)mem_alloc() | 7;
 			ivld_tlb(virt);
 			
 			for (i=0;i<1023;i++) {
@@ -588,21 +602,15 @@ int mem_map_user_page(unsigned int virt) {
 			}
 			
 		}
-		current_task->user_pages_cnt++;
 
-		if (current_task->user_pages == (void *)0) {
+		pt_map[table_entry] = (unsigned int)mem_alloc_user_page() | 7;
-			current_task->user_pages = (unsigned int *)malloc(current_task->user_pages_cnt * sizeof(unsigned int));
-		} else {
-			current_task->user_pages = (unsigned int *)realloc(current_task->user_pages, current_task->user_pages_cnt * sizeof(unsigned int));
-		}
-		
-		current_task->user_pages[current_task->user_pages_cnt - 1] = (unsigned int)mem_alloc();
-		pt_map[table_entry] = (unsigned int)current_task->user_pages[current_task->user_pages_cnt - 1] | 7;
 		
 		ivld_tlb(virt);
 		
 		memset((unsigned char *)(virt & 0xFFFFF000), 0, 0x1000);
 		
+//		kprintf("Allocated %p %s %d\n", virt, current_task->name, current_task->pid);
+
 		return 1;
 }
 
@@ -629,13 +637,16 @@ unsigned int mem_pci_sbrk(unsigned int amount) {
 
 unsigned int mem_usr_sbrk(int amount) {
 	unsigned int previous_ds;
+	
+
+	
 	previous_ds = current_task->user_pages_at;
 
 	if (amount <= 0) {
 		return previous_ds;
 	}
 
-	current_task->user_pages_at += amount;
+	current_task->user_pages_at += round_up_to_page(amount);
 	
 	
 	return previous_ds;

minix.c

@@ -910,7 +910,7 @@ struct minix_inode *minix_get_inode(struct vfs_device_t *device, int ino) {
 
 unsigned int minix_read_entire_file(struct vfs_device_t *device, struct minix_inode *inode, char **buffer) {
 	struct minix_data *mdata = (struct minix_data *)device->fs_data;
-	int i;
+	unsigned long long i;
 	unsigned int blockstoread;
 	char *buffer2;
 	int blockno;

programs/gui/launcher/launcher.c

@@ -100,7 +100,6 @@ char *load_png_file(char *filename) {
 	}
 	
 	char *buffer = (unsigned char *)malloc(width * height * 4);
-
 	int boffset = 0;
 	int match;
 	
@@ -127,7 +126,6 @@ void halt_cb() {
 }
 
 void surf_callback(int x, int y) {
-	int ly;
 	struct launcher_item *item;
 
 	if (x > 8 && x < 56) {
@@ -136,16 +134,14 @@ void surf_callback(int x, int y) {
 			
 			item = items[(y-64) / 64];
 			
-			int ret;
+			int ret = -1;
-
 			ret = fork();
 			if (ret == 0) {
 				__asm__ volatile ("int $0x30" : "=a" (ret) : "0" (19), "b" (item->work_dir));
 				execve(item->launch_cmd, item->args, environ);
+				exit(0);
 			}
-		}
+		} else if (y > 11 * 64 && y < 11 * 64 + 64) {
-
-		if (y > 11 * 64 && y < 11 * 64 + 64) {
 			quinn_show_message_box_xy(window_handle, "Shutdown?", "Really shut the computer down?", 1, halt_cb, (1024 - 300) / 2, (768 - 150) / 2);
 		}
 	}
@@ -280,6 +276,7 @@ int main(int argc, char **argv) {
 
 	char *shutdown = load_png_file("disk0:/icons/shutdown.png");
 	quinn_render(window_handle, surface, shutdown, 48, 48, 8, 11 * 64 + 8, 64, 768);
+	free(shutdown);
 
 	char *launcher = load_png_file("disk0:/icons/launcher.png");
 	quinn_render(window_handle, surface, launcher, 58, 58, 3, 3, 64, 768);

programs/shell/shell.c

@@ -18,6 +18,20 @@ struct quinn_dirent_t {
 	char name[1];
 };
 
+
+int split_drive_path(char *in, char **drive, char **path) {
+	for (int i = 0; i < strlen(in) && in[i] != ' '; i++) {
+		if (in[i] == ':') {
+			*drive = in;
+			in[i] = '\0';
+			*path = &in[i+1];
+			return 1;
+		}
+	}
+
+	return 0;
+}
+
 unsigned int parseIPV4string(char* ipAddress) {
 	unsigned char ip[4];
 	unsigned int theip;
@@ -421,23 +435,32 @@ int main(int argc, char **argv) {
 					struct stat s;
 					int ex;
 					int pid;
-
+					char *drive;
+					char *path;
 					if (argv_s[0][0] == '/') {
 						if (strcasecmp(&argv_s[0][strlen(argv_s[0]) - 4], ".exe") != 0) {
 							argv_s[0] = (char *)realloc(argv_s[0], strlen(argv_s[0]) + 5);
 							strcat(argv_s[0], ".exe");
 						}
 						strcpy(buffer2, argv_s[0]);
+						sanatize_path(buffer2);
+						sprintf(buffer, "%s:%s", current_drive, buffer2);						
 					} else {
 						if (strcasecmp(&argv_s[0][strlen(argv_s[0]) - 4], ".exe") != 0) {
 							argv_s[0] = (char *)realloc(argv_s[0], strlen(argv_s[0]) + 5);
 							strcat(argv_s[0], ".exe");
 						}
-						sprintf(buffer2, "%s%s", cwd, argv_s[0]);
+						if (split_drive_path(argv_s[0], &drive, &path)) {
+							sanatize_path(path);
+							sprintf(buffer, "%s:%s", drive, path);
+						} else {
+							sprintf(buffer2, "%s%s", cwd, argv_s[0]);
+							sanatize_path(buffer2);
+							sprintf(buffer, "%s:%s", current_drive, buffer2);
+						}
+
 					}
 
-					sanatize_path(buffer2);
-					sprintf(buffer, "%s:%s", current_drive, buffer2);
 					if (!stat(buffer, &s)) {
 						if (S_ISREG(s.st_mode)) {
 							pid = fork();

schedule.c

@@ -169,7 +169,7 @@ void sched_free_task(struct task_t *this_task) {
  // mem_clear_user_pages();
 
   dbfree(this_task->user_pages, "user pages");
-
+  this_task->user_pages = (void *)0;
   for (i=0;i<this_task->waiting_socket_count;i++) {
 	free(this_task->waiting_sockets[i]);
   }

syscalls.c

@@ -12,6 +12,8 @@
 extern struct task_t *current_task;
 extern unsigned long timer_ticks;
 
+int last_syscall = 0;
+
 struct window_req_t {
 	int x;
 	int y;
@@ -109,7 +111,7 @@ int sys_fork(struct regs *r) {
 }
 
 void syscall_isr(struct regs *r) {
-
+	last_syscall = r->eax;
 	switch (r->eax) {
 		case SYS_EXIT:
 			sys_exit(r);