Re: gawk: other double free(

bug-gnu-utils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: gawk: other double free(_wstr)

From:	Karel Zak
Subject:	Re: gawk: other double free(_wstr)
Date:	Fri, 12 Jan 2007 13:52:28 +0100
User-agent:	Mutt/1.5.11

On Fri, Jan 12, 2007 at 02:29:34PM +0200, Aharon Robbins wrote:
> I don't get this with my current sources, which should be appearing
> on the Savannah CVS archive within an hour or two.  Valgrind is happy.

 Well, try old good fprintf() to rebuild_record():

+               fprintf(stderr, "wstptr before: %p, WSTRCUR: %s\n", 
+                       fields_arr[i]->wstptr, 
+                           (fields_arr[i]->flags & WSTRCUR) ? "YES" : "NO");
                n->stptr = cops;
                unref(fields_arr[i]);
                fields_arr[i] = n;
+           fprintf(stderr, "wstptr after:  %p, WSTRCUR: %s\n", 
+                    fields_arr[i]->wstptr, 
+                   (fields_arr[i]->flags & WSTRCUR) ? "YES" : "NO");

 you will see something like:

    wstptr before: 0x65c8b0, WSTRCUR: YES
    wstptr after:  0x65c8b0, WSTRCUR: YES
 
> Can you double check the current CVS once it gets updated?

 Yes.

 $ cvs -z3 -d:pserver:address@hidden:/sources/gawk co
 gawk-stable

 $ cd gawk-stable
 
 $ head -1 ChangeLog 
 Fri Jan 12 14:01:51 2007  Dmitry V. Levin  <address@hidden>

 $ ./configure; make

 $ echo -e "AAA BBX\nAAA BBY" | ./gawk ' /^AAA BB/ { x = substr($2,
 1); $1 = "FOO"; print $0 }'

 *** glibc detected *** gawk: double free or corruption (fasttop):
 0x000000000065b8b0 ***
 ======= Backtrace: =========
 /lib64/libc.so.6[0x3d2c06ea60]
 /lib64/libc.so.6(cfree+0x8c)[0x3d2c07217c]
 gawk(free_wstr+0x18)[0x428548]
 gawk(unref+0x4c)[0x4285cc]
 gawk(reset_record+0x69)[0x41f679]
 gawk(set_record+0x11)[0x41f791]
 gawk[0x4230f5]
 gawk(do_input+0x28)[0x4260b8]
 gawk(main+0xe9c)[0x427d5c]
 /lib64/libc.so.6(__libc_start_main+0xf4)[0x3d2c01da44]
 gawk[0x4060c9]

 $ uname -a
 Linux petra 2.6.18-1.2868.fc6xen #1 SMP Fri Dec 15 17:47:25 EST 2006
 x86_64 x86_64 x86_64 GNU/Linux

 $ rpm -q gcc glibc
 gcc-4.1.1-30
 glibc-2.5-3

 and valgrind:
 
 $ echo -e "AAA BBX\nAAA BBY" | valgrind ./gawk ' /^AAA BB/ { x =
 substr($2, 1); $1 = "FOO"; print $0 }' 
 ==31012== Memcheck, a memory error detector.
 ==31012== Copyright (C) 2002-2006, and GNU GPL'd, by Julian Seward et
 al.
 ==31012== Using LibVEX rev 1658, a library for dynamic binary
 translation.
 ==31012== Copyright (C) 2004-2006, and GNU GPL'd, by OpenWorks LLP.
 ==31012== Using valgrind-3.2.1, a dynamic binary instrumentation
 framework.
 ==31012== Copyright (C) 2000-2006, and GNU GPL'd, by Julian Seward et
 al.
 ==31012== For more details, rerun with: -v
 ==31012== 
 FOO BBX
 ==31012== Invalid free() / delete / delete[]
 ==31012==    at 0x4A0548E: free (vg_replace_malloc.c:233)
 ==31012==    by 0x428547: free_wstr (node.c:770)
 ==31012==    by 0x4285CB: unref (node.c:516)
 ==31012==    by 0x41F678: reset_record (field.c:294)
 ==31012==    by 0x41F790: set_record (field.c:244)
 ==31012==    by 0x4230F4: inrec (io.c:355)
 ==31012==    by 0x4260B7: do_input (io.c:457)
 ==31012==    by 0x427D5B: main (main.c:607)
 ==31012==  Address 0x4C31B58 is 0 bytes inside a block of size 20
 free'd
 ==31012==    at 0x4A0548E: free (vg_replace_malloc.c:233)
 ==31012==    by 0x428547: free_wstr (node.c:770)
 ==31012==    by 0x4285CB: unref (node.c:516)
 ==31012==    by 0x41FE7B: get_field (field.c:213)
 ==31012==    by 0x4179E9: do_print_rec (builtin.c:1717)
 ==31012==    by 0x439C31: interpret (eval.c:792)
 ==31012==    by 0x439B5F: interpret (eval.c:477)
 ==31012==    by 0x43995E: interpret (eval.c:456)
 ==31012==    by 0x4260C7: do_input (io.c:461)
 ==31012==    by 0x427D5B: main (main.c:607)
 FOO BBY
 ==31012== 
 ==31012== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 4 from
 1)
 ==31012== malloc/free: in use at exit: 24,552 bytes in 105 blocks.
 ==31012== malloc/free: 331 allocs, 227 frees, 38,980 bytes allocated.
 ==31012== For counts of detected errors, rerun with: -v
 ==31012== searching for pointers to 105 not-freed blocks.
 ==31012== checked 124,304 bytes.
 ==31012== 
 ==31012== LEAK SUMMARY:
 ==31012==    definitely lost: 0 bytes in 0 blocks.
 ==31012==      possibly lost: 0 bytes in 0 blocks.
 ==31012==    still reachable: 24,552 bytes in 105 blocks.
 ==31012==         suppressed: 0 bytes in 0 blocks.
 ==31012== Reachable blocks (those to which a pointer was found) are
 not shown.
 ==31012== To see them, rerun with: --show-reachable=yes


-- 
 Karel Zak  <address@hidden>

[Prev in Thread]

Current Thread

[Next in Thread]

gawk: other double free(_wstr), Karel Zak, 2007/01/12
- Re: gawk: other double free(_wstr), Karel Zak, 2007/01/12
- Re: gawk: other double free(_wstr), Aharon Robbins, 2007/01/12
  - Re: gawk: other double free(_wstr), Karel Zak <=
    - Re: gawk: other double free(_wstr), Andrew J. Schorr, 2007/01/12
    - Re: gawk: other double free(_wstr), Karel Zak, 2007/01/12
- Re: gawk: other double free(_wstr), Aharon Robbins, 2007/01/13
  - Re: gawk: other double free(_wstr), Andrew J. Schorr, 2007/01/13
    - Re: gawk: other double free(_wstr), Karel Zak, 2007/01/15
    - Re: gawk: other double free(_wstr), Andrew J. Schorr, 2007/01/15
    - Re: gawk: other double free(_wstr), Karel Zak, 2007/01/15
    - Re: gawk: other double free(_wstr), Andrew J. Schorr, 2007/01/15
    - Re: gawk: other double free(_wstr), Karel Zak, 2007/01/15
- Re: gawk: other double free(_wstr), Aharon Robbins, 2007/01/13

Prev by Date: Re: gawk: other double free(_wstr)
Next by Date: Re: gawk: other double free(_wstr)
Previous by thread: Re: gawk: other double free(_wstr)
Next by thread: Re: gawk: other double free(_wstr)
Index(es):
- Date
- Thread