I think there is a bug in _dmalloc_chunk_pnt_check that causes false
positives to be raised by dmalloc.

If debugging is set high enough, then _dmalloc_chunk_pnt_check() is
called from arg_checks() which is called from strncpy() etc.

The bug seems to be when a non-dmalloc'd pointer is passed into
these routines. A short section from chunk.c (from around line
2240):

slot_p = find_slot(user_pnt, ....... );
if (slot_p == NULL) {
/* dmalloc_errno set in find_slot */
if (exact_b || dmalloc_errno == ERROR_NOT_FOUND) {
log_error_info(NULL, 0, NULL, 0, user_pnt, 0, NULL, "pointer-
check");
dmalloc_error(func);
return 0;
}

The problem is that in the case where the pointer isn't managed by
dmalloc, find_slot() returns NULL and sets dmalloc_errno ==
ERROR_NOT_FOUND. Then _dmalloc_chunk_pnt_check() returns 0 ...
indicating there is a problem with the pointer. The only problem is
that dmalloc knows nothing about the pointer.

A naive fix would be to get rid of the dmalloc_errno ==
ERROR_NOT_FOUND section of the if(). This removes the false
positive.

But unfortunately, it has a bad side-effect ... if the pointer is
managed by dmalloc, then find_slot() will call check_used_slot() to
ensure it is all ok. But in certain circumstances (where the
pointer info for the pointer has been corrupted), the check_used_slot
() function can set dmalloc_errno to ERROR_NOT_FOUND.

To summarise, find_slot() can return ERROR_NOT_FOUND in 2
conflicting situations:

1. when the pointer is not managed by dmalloc
2. when the pointer is managed by dmalloc, but some pointer data
has been corrupted.

In the dmalloc 5.2.1 code, the first situation is wrongly reported
as an error. If the naive solution is implemented, then the second
situation is not picked up as a problem.

I guess a proper solution involves agreeing that ERROR_NOT_FOUND
will only be set in find_slot() when the pointer is one that dmalloc
doesn't manage. And use a different code if check_used_slot() finds
a problem (perhaps use ERROR_SLOT_CORRUPT).

Richard