[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [bug-gawk] : in debug mode, every eval causes double free of memory
From: |
Jan Chaloupka |
Subject: |
Re: [bug-gawk] : in debug mode, every eval causes double free of memory |
Date: |
Thu, 8 May 2014 12:41:17 -0400 (EDT) |
Hello,
$ valgrind ./gawk -f /dev/null --debug
==28267== Memcheck, a memory error detector
==28267== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==28267== Using Valgrind-3.9.0 and LibVEX; rerun with -h for copyright info
==28267== Command: ./gawk -f /dev/null --debug
==28267==
gawk> eval ""
==28267== Invalid free() / delete / delete[] / realloc()
==28267== at 0x4C28577: free (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==28267== by 0x454EE0: r_format_val (node.c:254)
==28267== by 0x467D9D: str_exists (awk.h:1281)
==28267== by 0x468BB8: remove_symbol (awk.h:1770)
==28267== by 0x468C18: destroy_symbol (symbol.c:232)
==28267== by 0x42F8E4: do_eval (debug.c:5569)
==28267== by 0x42584B: zzparse (command.y:170)
==28267== by 0x4307F0: debug_prog (debug.c:2834)
==28267== by 0x40ACC3: main (main.c:741)
==28267== Address 0x570a680 is 32 bytes inside a block of size 128 free'd
==28267== at 0x4C28577: free (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==28267== by 0x469933: free_context (symbol.c:858)
==28267== by 0x42F8D8: do_eval (debug.c:5567)
==28267== by 0x42584B: zzparse (command.y:170)
==28267== by 0x4307F0: debug_prog (debug.c:2834)
==28267== by 0x40ACC3: main (main.c:741)
==28267==
gawk> ^C==28267==
==28267== HEAP SUMMARY:
==28267== in use at exit: 37,641 bytes in 118 blocks
==28267== total heap usage: 166 allocs, 49 frees, 52,471 bytes allocated
==28267==
==28267== LEAK SUMMARY:
==28267== definitely lost: 280 bytes in 1 blocks
==28267== indirectly lost: 0 bytes in 0 blocks
==28267== possibly lost: 101 bytes in 1 blocks
==28267== still reachable: 37,260 bytes in 116 blocks
==28267== suppressed: 0 bytes in 0 blocks
==28267== Rerun with --leak-check=full to see details of leaked memory
==28267==
==28267== For counts of detected and suppressed errors, rerun with: -v
==28267== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 2 from 2)
(gdb) backtrace full
#0 0x00007fc75110ec39 in raise () from /lib64/libc.so.6
No symbol table info available.
#1 0x00007fc751110348 in abort () from /lib64/libc.so.6
No symbol table info available.
#2 0x00007fc75114ed04 in __libc_message () from /lib64/libc.so.6
No symbol table info available.
#3 0x00007fc751155ff8 in _int_free () from /lib64/libc.so.6
No symbol table info available.
#4 0x000000000045fb61 in r_format_val (format=0x2689880 "%.6g", index=0,
s=0x2687da8) at node.c:254
buf = '\000' <repeats 4936 times>...
sp = 0x48f490 "0"
val = 0
#5 0x000000000047b036 in force_string (s=0x2687da8) at awk.h:1281
No locals.
#6 0x000000000047b3e1 in str_exists (symbol=0x2686530, subs=0x2687da8) at
str_array.c:195
hash1 = 4230064
code1 = 140733590852176
#7 0x000000000047c7e4 in in_array (a=0x2686530, s=0x2687da8) at awk.h:1769
ret = 0x268be40
#8 0x000000000047cdfa in remove_symbol (r=0x2687da8) at symbol.c:211
n = 0x0
#9 0x000000000047ce5d in destroy_symbol (r=0x2687da8) at symbol.c:232
No locals.
#10 0x0000000000435209 in do_eval (arg=0x268c040, cmd=14) at debug.c:5569
r = 0x408bb0 <_start>
ret_val = 0x2686380
f = 0x2687da8
this_frame = 0x0
this_func = 0x0
sp = 0x268bd67
eval = 0x268d2c0
code = 0x268c1b0
ctxt = 0x268be40
ecount = 0
pcount = 0
ret = 0
save_flags = 8192
#11 0x0000000000425dd4 in zzparse () at command.y:170
cmdfunc = 0x434c86 <do_eval>
terminate = false
args = 0x268c040
ctype = 14
yystate = 112
yyerrstatus = 0
yyssa = {0, 1, 53, 112, 148, 64, 0, 0, -25200, 20750, 32711, 0, 6032,
64, 0, 0, 0, 0, 1, 0, -15500, 20890, 32711, 0, 256, 0, 0, 0, -13016, 20749,
32711, 0, 3, 0, 0, 0, 5, 0, 0, 0, 15438, 7045, 0, 0,
-13637, 20890, 32711, 0, -9664, 6064, 32767, 0, -9680, 6064, 32767,
0, -13584, 20749, 32711, 0, -28608, 20750, 32711, 0, -9408, 6064, 32767, 0,
-9424, 6064, 32767, 0, 14, 0, 32767, 0, 9569, -6065,
-32768, -1, 0, 0, 0, 0, 30152, 20922, 32711, 0, 28672, 20922, 32711,
0, 21894, 64, 0, 0, -25200, 20750, 32711, 0, 5288, 64, 0, 0, 0, 0, 1, 0, 2081,
0, 1, 0, 48, 0, 0, 0, -9224, 6064, 32767, 0,
-9264, 6064, 32767, 0, 1, 0, 0, 0, 30152, 20922, 32711, 0, 17600,
20924, 32711, 0, 16744, 20924, 32711, 0, -12897, 20890, 32711, 0, 0, 0, 0, 0,
30152, 20922, 32711, 0, 1, 0, 32711, 0, 0, 0, 0, 0, 1,
0, 0, 0, 16744, 20924, 32711, 0, 2, 0, 0, 0, 0, 0, 0, 0, 48, 0, 0, 0,
5984, 20809, 32711, 0, 0, 0, 0, 0, 17600, 20924, 32711, 0, -9408, 6064, 32767,
0, -9424, 6064, 32767, 0}
yyss = 0x7fff17b0d990
yyssp = 0x7fff17b0d996
yyvsa = {0x100000004, 0x7fc7519b3254 <_dl_name_match_p+68>, 0x0, 0x0,
0x268bdf0, 0x7fc7519ab252 <_dl_map_object+114>, 0x0, 0x7fc7519b3254
<_dl_name_match_p+68>, 0x7fff17b0d4f0, 0x1, 0x7fc751bc1658,
0x7fc7519ab252 <_dl_map_object+114>, 0x0, 0x37ffff1a0,
0x7fff17b0d520, 0x1, 0x7fff17b0d550, 0x7fc751497260, 0x7fff17b0d3a0,
0x7fc751bc1fe0, 0x7fff17b0d578, 0x4050f8, 0x300030000,
0x7fc751bc4140 <_r_debug>, 0x3be260, 0x7fc7514928a0 <map>, 0x6,
0x7fff17b0d1e8, 0xfd00, 0x8e102c, 0x1, 0x81ed, 0x0, 0x0, 0x200070, 0x1000,
0x1008, 0x536a533c, 0x5e6c142, 0x52e0fd16, 0x0, 0x531b05f1,
0x3a3465cc, 0x0, 0x0, 0x0, 0x0, 0x4050f8, 0x0, 0x0, 0x7fc751bc3000
<_rtld_local>, 0x0, 0x7fc751bc4168, 0x7fc7519ab351 <_dl_map_object+369>, 0x0,
0x7fff17b0d570, 0x0, 0x1, 0xa, 0x7fff17b0d501,
0x7fc751bbef3a, 0x7fc700000000, 0x11, 0x3, 0x0, 0x7fff17b0d501,
0x7fc751bb9500, 0x7fc751bc1fe0, 0x7fff17b0de00, 0x340, 0x3010102464c457f, 0x0,
0x1003e0003, 0x21e70, 0x40, 0x1ff670, 0x38004000000000,
0x2700280040000a, 0x500000006, 0x40, 0x40, 0x40, 0x230, 0x230, 0x8,
0x400000003, 0x17f6e0, 0x17f6e0, 0x17f6e0, 0x1c, 0x1c, 0x10, 0x500000001, 0x0,
0x0, 0x0, 0x1b37f8, 0x1b37f8, 0x200000,
0x600000001, 0x1b46f0, 0x3b46f0, 0x3b46f0, 0x51b0, 0x9b70, 0x200000,
0x600000002, 0x1b7b40, 0x3b7b40, 0x3b7b40, 0x1f0, 0x1f0, 0x8, 0x400000004,
0x270, 0x270, 0x270, 0x44, 0x44, 0x4, 0x400000007,
0x1b46f0, 0x3b46f0, 0x3b46f0, 0x10, 0xb0, 0x10, 0x7fff17b0db88,
0x7fff17b0dbe0, 0x0, 0x7fff17b0d8f0, 0x7fc751ba7000, 0x7fc7510ef556,
0x7fc7519af932 <openaux+50>, 0x7fc751bc3fa8 <data.9449>,
0x7fc7519b2174 <_dl_catch_error+100>, 0x7fc751bc3fa8 <data.9449>,
0x7fff17b0db80, 0x7fff17b0db78, 0x7fff17b0db70, 0x7fc7519af900 <openaux>,
0x7fff17b0db88, 0x7fc751bc3fa8 <data.9449>, 0x0,
0x7fff17b0db78, 0x0, 0x7fc7519af900 <openaux>, 0x7fc7511c4fff
<sbrk+79>, 0xc0, 0xffff8000e84f2791, 0xd, 0x3, 0x33, 0x7fc7519ac374
<check_match.9434+292>, 0x7fff17b0d870, 0x7fc7510dcd28, 0x3, 0x5,
0x7af2c337, 0x7fc7519acabb <do_lookup_x+1819>, 0x7fff17b0d86f,
0x7fc7519ac374 <check_match.9434+292>, 0x7fc7510dc90c, 0x7fc7510dcd28, 0x3,
0x5, 0xaf0c3fcc, 0x7fc7519acabb <do_lookup_x+1819>, 0x0,
0x7fff17b0d8d0, 0x200010000, 0x7fc7510dddc0, 0x7fff17b0d9e0,
0x7fff17b0d9d0, 0x10000000c, 0x1000007a8, 0x0, 0x7fc751ba75c8, 0x7fc751ba7000,
0x405157, 0x7fc7510e9d90, 0x4011d8, 0x100000000,
0x7fc7519ac374 <check_match.9434+292>, 0x0, 0x7fc7510dcd28, 0x3, 0x5,
0xd827524, 0x7fc7519acabb <do_lookup_x+1819>, 0x7fc751bc4168, 0x7fff17b0d980,
0x7fc7510db844, 0x7fc7510e2038, 0x7fff17b0da90,
0x7fff17b0da80, 0x7fff00000024, 0x7fc751bc4168, 0x0, 0x7fc751ba75c8}
yyvs = 0x7fff17b0d350
yyvsp = 0x7fff17b0d368
yystacksize = 200
yyn = 5
yyresult = 0
yytoken = 58
yyval = 0x0
yylen = 2
#12 0x000000000042f111 in debug_prog (pc=0x268ac30) at debug.c:2834
run = 0x0
#13 0x000000000045d052 in main (argc=4, argv=0x7fff17b0de08) at main.c:741
optlist = 0x48db80 "+F:f:v:W;bcCd:::e:E:gh:i:l:L:nNo::Op::MPrStVY"
stopped_early = false
old_optind = 4
i = 0
c = -1
scan = 0x7fff17b0f38e "/dev/null"
src = 0x7fff17b0f38e "/dev/null"
extra_stack = 0x2682370 ""
have_srcfile = 1
s = 0x2689488
Regards
Jan
----- Original Message -----
From: "Andrew J. Schorr" <address@hidden>
To: "Jan Chaloupka" <address@hidden>
Cc: "Aharon Robbins" <address@hidden>, address@hidden
Sent: Wednesday, May 7, 2014 3:28:25 PM
Subject: Re: [bug-gawk] : in debug mode, every eval causes double free of memory
Hi,
On Wed, May 07, 2014 at 08:16:59AM +0200, Jan Chaloupka wrote:
> it is up-to date version from repo, i.e. gawk-4.1.1.tar.xz . Also
> tested on the latest source codes from git from 2014-05-05 16:50:23,
> hash bce72232ae0d79d8af6b5aa1986b78c04d6c7c28 . Crash occurs again.
I'm afraid I don't see it either. Using the current git master branch on
a Fedora 19 x86_64 system:
bash-4.2$ valgrind gawk -f /dev/null --debug
==17042== Memcheck, a memory error detector
==17042== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al.
==17042== Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright info
==17042== Command: gawk -f /dev/null --debug
==17042==
gawk> eval ""
==17042== Syscall param sendmsg(msg.msg_name) points to uninitialised byte(s)
==17042== at 0x5B44E20: __sendmsg_nocancel (in /usr/lib64/libc-2.17.so)
==17042== by 0x4E48306: readline (in /usr/lib64/libreadline.so.6.2)
==17042== by 0x429DB9: zzparse (command.y:1041)
==17042== by 0x435BA1: debug_prog (debug.c:2834)
==17042== by 0x40D3BD: main (main.c:741)
==17042== Address 0x7feffef62 is on thread 1's stack
==17042==
gawk> ==17042==
==17042== HEAP SUMMARY:
==17042== in use at exit: 116,333 bytes in 293 blocks
==17042== total heap usage: 414 allocs, 121 frees, 139,739 bytes allocated
==17042==
==17042== LEAK SUMMARY:
==17042== definitely lost: 280 bytes in 1 blocks
==17042== indirectly lost: 0 bytes in 0 blocks
==17042== possibly lost: 0 bytes in 0 blocks
==17042== still reachable: 116,053 bytes in 292 blocks
==17042== suppressed: 0 bytes in 0 blocks
==17042== Rerun with --leak-check=full to see details of leaked memory
==17042==
==17042== For counts of detected and suppressed errors, rerun with: -v
==17042== Use --track-origins=yes to see where uninitialised values come from
==17042== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 2 from 2)
What do you see?
Regards,
Andy
- [bug-gawk] : in debug mode, every eval causes double free of memory, Jan Chaloupka, 2014/05/06
- Re: [bug-gawk] : in debug mode, every eval causes double free of memory, Aharon Robbins, 2014/05/09
- Re: [bug-gawk] : in debug mode, every eval causes double free of memory, Jan Chaloupka, 2014/05/09
- Re: [bug-gawk] : in debug mode, every eval causes double free of memory, Aharon Robbins, 2014/05/09
- Re: [bug-gawk] : in debug mode, every eval causes double free of memory, Jan Chaloupka, 2014/05/09
- Re: [bug-gawk] : in debug mode, every eval causes double free of memory, Aharon Robbins, 2014/05/10
- Re: [bug-gawk] : in debug mode, every eval causes double free of memory, Jan Chaloupka, 2014/05/10
- Re: [bug-gawk] : in debug mode, every eval causes double free of memory, Andrew J. Schorr, 2014/05/11