Re: gawk: other double free(

bug-gnu-utils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: gawk: other double free(_wstr)

From:	Aharon Robbins
Subject:	Re: gawk: other double free(_wstr)
Date:	Fri, 12 Jan 2007 14:29:34 +0200

I don't get this with my current sources, which should be appearing
on the Savannah CVS archive within an hour or two.  Valgrind is happy.

Can you double check the current CVS once it gets updated?

Thanks,

Arnold

> Date: Fri, 12 Jan 2007 11:46:58 +0100
> From: Karel Zak <address@hidden>
> Subject: gawk: other double free(_wstr)
> To: address@hidden
>
>  Hi,
>
>  there is other double free() call in gawk. Try:
>
>  echo -e "AAA BBX\nAAA BBY" | ./gawk ' /^AAA BB/ { x = substr($2, 1); $1 = 
> "FOO"; print $0 }'
>
>  *** glibc detected *** gawk: double free or corruption (fasttop):
>  0x000000000065b8b0 ***
>  ======= Backtrace: =========
>  /lib64/libc.so.6[0x3d2c06ea60]
>  /lib64/libc.so.6(cfree+0x8c)[0x3d2c07217c]
>  gawk(free_wstr+0x18)[0x428578]
>  gawk(unref+0x4c)[0x4285fc]
>  gawk(reset_record+0x69)[0x41f699]
>  gawk(set_record+0x11)[0x41f7b1]
>  gawk[0x423115]
>  gawk(do_input+0x28)[0x4260d8]
>  gawk(main+0xe9c)[0x427d8c]
>
>
>  It's gawk-stable and Dmitry's patches doesn't help too much.
>
>  The problem is probably somewhere around rebuild_record(), because it
>  calls unref() (which correctly deallocates wstptr), but then the 
>  rebuild_record() reassigns deallocated wstptr back to fields_arr[i]:
>
>      n->stptr = cops;
>      unref(fields_arr[i]);   <--- free( fields_arr[i]->wstptr )
>      fields_arr[i] = n;      <--- deallocated wstptr is back 
>  
>  I'm not sure how correctly fix the problem, maybe the "n"
>  should be without WSTRCUR flag before reassigning to fields_arr[i]. 
>
>      n->flags &= ~(MALLOC|TEMP|PERM|STRING|CURSTR|WCURSTR);
>                                           ^^^^^^^^^^^^^^^
>                                          
>
>  The problem comes up, because gawk newly deallocates wstptr in
>  unref(). See node.c unref() diff between gawk-3.1.5 and gawk-stable
>  CVS:
>
>          if ((tmp->flags & FIELD) != 0) {
>  +               free_wstr(tmp);
>                  freenode(tmp);
>                  return;
>         }
>
>
>     Karel
>
> -- 
>  Karel Zak  <address@hidden>

[Prev in Thread]

Current Thread

[Next in Thread]

gawk: other double free(_wstr), Karel Zak, 2007/01/12
- Re: gawk: other double free(_wstr), Karel Zak, 2007/01/12
- Re: gawk: other double free(_wstr), Aharon Robbins <=
  - Re: gawk: other double free(_wstr), Karel Zak, 2007/01/12
    - Re: gawk: other double free(_wstr), Andrew J. Schorr, 2007/01/12
    - Re: gawk: other double free(_wstr), Karel Zak, 2007/01/12
- Re: gawk: other double free(_wstr), Aharon Robbins, 2007/01/13
  - Re: gawk: other double free(_wstr), Andrew J. Schorr, 2007/01/13
    - Re: gawk: other double free(_wstr), Karel Zak, 2007/01/15
    - Re: gawk: other double free(_wstr), Andrew J. Schorr, 2007/01/15
    - Re: gawk: other double free(_wstr), Karel Zak, 2007/01/15
    - Re: gawk: other double free(_wstr), Andrew J. Schorr, 2007/01/15
    - Re: gawk: other double free(_wstr), Karel Zak, 2007/01/15

Prev by Date: Re: Interaction between $0 and substr
Next by Date: Re: gawk: other double free(_wstr)
Previous by thread: Re: gawk: other double free(_wstr)
Next by thread: Re: gawk: other double free(_wstr)
Index(es):
- Date
- Thread