bug-gawk
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [bug-gawk] : in debug mode, every eval causes double free of memory

From: Jan Chaloupka
Subject: Re: [bug-gawk] : in debug mode, every eval causes double free of memory
Date: Thu, 8 May 2014 12:41:17 -0400 (EDT) 
Hello,

$ valgrind ./gawk -f /dev/null --debug
==28267== Memcheck, a memory error detector
==28267== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==28267== Using Valgrind-3.9.0 and LibVEX; rerun with -h for copyright info
==28267== Command: ./gawk -f /dev/null --debug
==28267== 
gawk> eval ""
==28267== Invalid free() / delete / delete[] / realloc()
==28267==    at 0x4C28577: free (in 
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==28267==    by 0x454EE0: r_format_val (node.c:254)
==28267==    by 0x467D9D: str_exists (awk.h:1281)
==28267==    by 0x468BB8: remove_symbol (awk.h:1770)
==28267==    by 0x468C18: destroy_symbol (symbol.c:232)
==28267==    by 0x42F8E4: do_eval (debug.c:5569)
==28267==    by 0x42584B: zzparse (command.y:170)
==28267==    by 0x4307F0: debug_prog (debug.c:2834)
==28267==    by 0x40ACC3: main (main.c:741)
==28267==  Address 0x570a680 is 32 bytes inside a block of size 128 free'd
==28267==    at 0x4C28577: free (in 
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==28267==    by 0x469933: free_context (symbol.c:858)
==28267==    by 0x42F8D8: do_eval (debug.c:5567)
==28267==    by 0x42584B: zzparse (command.y:170)
==28267==    by 0x4307F0: debug_prog (debug.c:2834)
==28267==    by 0x40ACC3: main (main.c:741)
==28267== 
gawk> ^C==28267== 
==28267== HEAP SUMMARY:
==28267==     in use at exit: 37,641 bytes in 118 blocks
==28267==   total heap usage: 166 allocs, 49 frees, 52,471 bytes allocated
==28267== 
==28267== LEAK SUMMARY:
==28267==    definitely lost: 280 bytes in 1 blocks
==28267==    indirectly lost: 0 bytes in 0 blocks
==28267==      possibly lost: 101 bytes in 1 blocks
==28267==    still reachable: 37,260 bytes in 116 blocks
==28267==         suppressed: 0 bytes in 0 blocks
==28267== Rerun with --leak-check=full to see details of leaked memory
==28267== 
==28267== For counts of detected and suppressed errors, rerun with: -v
==28267== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 2 from 2)


(gdb) backtrace full
#0  0x00007fc75110ec39 in raise () from /lib64/libc.so.6
No symbol table info available.
#1  0x00007fc751110348 in abort () from /lib64/libc.so.6
No symbol table info available.
#2  0x00007fc75114ed04 in __libc_message () from /lib64/libc.so.6
No symbol table info available.
#3  0x00007fc751155ff8 in _int_free () from /lib64/libc.so.6
No symbol table info available.
#4  0x000000000045fb61 in r_format_val (format=0x2689880 "%.6g", index=0, 
s=0x2687da8) at node.c:254
        buf = '\000' <repeats 4936 times>...
        sp = 0x48f490 "0"
        val = 0
#5  0x000000000047b036 in force_string (s=0x2687da8) at awk.h:1281
No locals.
#6  0x000000000047b3e1 in str_exists (symbol=0x2686530, subs=0x2687da8) at 
str_array.c:195
        hash1 = 4230064
        code1 = 140733590852176
#7  0x000000000047c7e4 in in_array (a=0x2686530, s=0x2687da8) at awk.h:1769
        ret = 0x268be40
#8  0x000000000047cdfa in remove_symbol (r=0x2687da8) at symbol.c:211
        n = 0x0
#9  0x000000000047ce5d in destroy_symbol (r=0x2687da8) at symbol.c:232
No locals.
#10 0x0000000000435209 in do_eval (arg=0x268c040, cmd=14) at debug.c:5569
        r = 0x408bb0 <_start>
        ret_val = 0x2686380
        f = 0x2687da8
        this_frame = 0x0
        this_func = 0x0
        sp = 0x268bd67
        eval = 0x268d2c0
        code = 0x268c1b0
        ctxt = 0x268be40
        ecount = 0
        pcount = 0
        ret = 0
        save_flags = 8192
#11 0x0000000000425dd4 in zzparse () at command.y:170
        cmdfunc = 0x434c86 <do_eval>
        terminate = false
        args = 0x268c040
        ctype = 14
        yystate = 112
        yyerrstatus = 0
        yyssa = {0, 1, 53, 112, 148, 64, 0, 0, -25200, 20750, 32711, 0, 6032, 
64, 0, 0, 0, 0, 1, 0, -15500, 20890, 32711, 0, 256, 0, 0, 0, -13016, 20749, 
32711, 0, 3, 0, 0, 0, 5, 0, 0, 0, 15438, 7045, 0, 0, 
          -13637, 20890, 32711, 0, -9664, 6064, 32767, 0, -9680, 6064, 32767, 
0, -13584, 20749, 32711, 0, -28608, 20750, 32711, 0, -9408, 6064, 32767, 0, 
-9424, 6064, 32767, 0, 14, 0, 32767, 0, 9569, -6065, 
          -32768, -1, 0, 0, 0, 0, 30152, 20922, 32711, 0, 28672, 20922, 32711, 
0, 21894, 64, 0, 0, -25200, 20750, 32711, 0, 5288, 64, 0, 0, 0, 0, 1, 0, 2081, 
0, 1, 0, 48, 0, 0, 0, -9224, 6064, 32767, 0, 
          -9264, 6064, 32767, 0, 1, 0, 0, 0, 30152, 20922, 32711, 0, 17600, 
20924, 32711, 0, 16744, 20924, 32711, 0, -12897, 20890, 32711, 0, 0, 0, 0, 0, 
30152, 20922, 32711, 0, 1, 0, 32711, 0, 0, 0, 0, 0, 1, 
          0, 0, 0, 16744, 20924, 32711, 0, 2, 0, 0, 0, 0, 0, 0, 0, 48, 0, 0, 0, 
5984, 20809, 32711, 0, 0, 0, 0, 0, 17600, 20924, 32711, 0, -9408, 6064, 32767, 
0, -9424, 6064, 32767, 0}
        yyss = 0x7fff17b0d990
        yyssp = 0x7fff17b0d996
        yyvsa = {0x100000004, 0x7fc7519b3254 <_dl_name_match_p+68>, 0x0, 0x0, 
0x268bdf0, 0x7fc7519ab252 <_dl_map_object+114>, 0x0, 0x7fc7519b3254 
<_dl_name_match_p+68>, 0x7fff17b0d4f0, 0x1, 0x7fc751bc1658, 
          0x7fc7519ab252 <_dl_map_object+114>, 0x0, 0x37ffff1a0, 
0x7fff17b0d520, 0x1, 0x7fff17b0d550, 0x7fc751497260, 0x7fff17b0d3a0, 
0x7fc751bc1fe0, 0x7fff17b0d578, 0x4050f8, 0x300030000, 
          0x7fc751bc4140 <_r_debug>, 0x3be260, 0x7fc7514928a0 <map>, 0x6, 
0x7fff17b0d1e8, 0xfd00, 0x8e102c, 0x1, 0x81ed, 0x0, 0x0, 0x200070, 0x1000, 
0x1008, 0x536a533c, 0x5e6c142, 0x52e0fd16, 0x0, 0x531b05f1, 
          0x3a3465cc, 0x0, 0x0, 0x0, 0x0, 0x4050f8, 0x0, 0x0, 0x7fc751bc3000 
<_rtld_local>, 0x0, 0x7fc751bc4168, 0x7fc7519ab351 <_dl_map_object+369>, 0x0, 
0x7fff17b0d570, 0x0, 0x1, 0xa, 0x7fff17b0d501, 
          0x7fc751bbef3a, 0x7fc700000000, 0x11, 0x3, 0x0, 0x7fff17b0d501, 
0x7fc751bb9500, 0x7fc751bc1fe0, 0x7fff17b0de00, 0x340, 0x3010102464c457f, 0x0, 
0x1003e0003, 0x21e70, 0x40, 0x1ff670, 0x38004000000000, 
          0x2700280040000a, 0x500000006, 0x40, 0x40, 0x40, 0x230, 0x230, 0x8, 
0x400000003, 0x17f6e0, 0x17f6e0, 0x17f6e0, 0x1c, 0x1c, 0x10, 0x500000001, 0x0, 
0x0, 0x0, 0x1b37f8, 0x1b37f8, 0x200000, 
          0x600000001, 0x1b46f0, 0x3b46f0, 0x3b46f0, 0x51b0, 0x9b70, 0x200000, 
0x600000002, 0x1b7b40, 0x3b7b40, 0x3b7b40, 0x1f0, 0x1f0, 0x8, 0x400000004, 
0x270, 0x270, 0x270, 0x44, 0x44, 0x4, 0x400000007, 
          0x1b46f0, 0x3b46f0, 0x3b46f0, 0x10, 0xb0, 0x10, 0x7fff17b0db88, 
0x7fff17b0dbe0, 0x0, 0x7fff17b0d8f0, 0x7fc751ba7000, 0x7fc7510ef556, 
0x7fc7519af932 <openaux+50>, 0x7fc751bc3fa8 <data.9449>, 
          0x7fc7519b2174 <_dl_catch_error+100>, 0x7fc751bc3fa8 <data.9449>, 
0x7fff17b0db80, 0x7fff17b0db78, 0x7fff17b0db70, 0x7fc7519af900 <openaux>, 
0x7fff17b0db88, 0x7fc751bc3fa8 <data.9449>, 0x0, 
          0x7fff17b0db78, 0x0, 0x7fc7519af900 <openaux>, 0x7fc7511c4fff 
<sbrk+79>, 0xc0, 0xffff8000e84f2791, 0xd, 0x3, 0x33, 0x7fc7519ac374 
<check_match.9434+292>, 0x7fff17b0d870, 0x7fc7510dcd28, 0x3, 0x5, 
          0x7af2c337, 0x7fc7519acabb <do_lookup_x+1819>, 0x7fff17b0d86f, 
0x7fc7519ac374 <check_match.9434+292>, 0x7fc7510dc90c, 0x7fc7510dcd28, 0x3, 
0x5, 0xaf0c3fcc, 0x7fc7519acabb <do_lookup_x+1819>, 0x0, 
          0x7fff17b0d8d0, 0x200010000, 0x7fc7510dddc0, 0x7fff17b0d9e0, 
0x7fff17b0d9d0, 0x10000000c, 0x1000007a8, 0x0, 0x7fc751ba75c8, 0x7fc751ba7000, 
0x405157, 0x7fc7510e9d90, 0x4011d8, 0x100000000, 
          0x7fc7519ac374 <check_match.9434+292>, 0x0, 0x7fc7510dcd28, 0x3, 0x5, 
0xd827524, 0x7fc7519acabb <do_lookup_x+1819>, 0x7fc751bc4168, 0x7fff17b0d980, 
0x7fc7510db844, 0x7fc7510e2038, 0x7fff17b0da90, 
          0x7fff17b0da80, 0x7fff00000024, 0x7fc751bc4168, 0x0, 0x7fc751ba75c8}
        yyvs = 0x7fff17b0d350
        yyvsp = 0x7fff17b0d368
        yystacksize = 200
        yyn = 5
        yyresult = 0
        yytoken = 58
        yyval = 0x0
        yylen = 2
#12 0x000000000042f111 in debug_prog (pc=0x268ac30) at debug.c:2834
        run = 0x0
#13 0x000000000045d052 in main (argc=4, argv=0x7fff17b0de08) at main.c:741
        optlist = 0x48db80 "+F:f:v:W;bcCd:::e:E:gh:i:l:L:nNo::Op::MPrStVY"
        stopped_early = false
        old_optind = 4
        i = 0
        c = -1
        scan = 0x7fff17b0f38e "/dev/null"
        src = 0x7fff17b0f38e "/dev/null"
        extra_stack = 0x2682370 ""
        have_srcfile = 1
        s = 0x2689488

Regards
Jan

----- Original Message -----
From: "Andrew J. Schorr" <address@hidden>
To: "Jan Chaloupka" <address@hidden>
Cc: "Aharon Robbins" <address@hidden>, address@hidden
Sent: Wednesday, May 7, 2014 3:28:25 PM
Subject: Re: [bug-gawk] : in debug mode, every eval causes double free of memory

Hi,

On Wed, May 07, 2014 at 08:16:59AM +0200, Jan Chaloupka wrote:
> it is up-to date version from repo, i.e. gawk-4.1.1.tar.xz . Also
> tested on the latest source codes from git from 2014-05-05 16:50:23,
> hash bce72232ae0d79d8af6b5aa1986b78c04d6c7c28 . Crash occurs again.

I'm afraid I don't see it either.  Using the current git master branch on
a Fedora 19 x86_64 system:

bash-4.2$ valgrind gawk -f /dev/null --debug
==17042== Memcheck, a memory error detector
==17042== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al.
==17042== Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright info
==17042== Command: gawk -f /dev/null --debug
==17042== 
gawk> eval ""
==17042== Syscall param sendmsg(msg.msg_name) points to uninitialised byte(s)
==17042==    at 0x5B44E20: __sendmsg_nocancel (in /usr/lib64/libc-2.17.so)
==17042==    by 0x4E48306: readline (in /usr/lib64/libreadline.so.6.2)
==17042==    by 0x429DB9: zzparse (command.y:1041)
==17042==    by 0x435BA1: debug_prog (debug.c:2834)
==17042==    by 0x40D3BD: main (main.c:741)
==17042==  Address 0x7feffef62 is on thread 1's stack
==17042== 
gawk> ==17042== 
==17042== HEAP SUMMARY:
==17042==     in use at exit: 116,333 bytes in 293 blocks
==17042==   total heap usage: 414 allocs, 121 frees, 139,739 bytes allocated
==17042== 
==17042== LEAK SUMMARY:
==17042==    definitely lost: 280 bytes in 1 blocks
==17042==    indirectly lost: 0 bytes in 0 blocks
==17042==      possibly lost: 0 bytes in 0 blocks
==17042==    still reachable: 116,053 bytes in 292 blocks
==17042==         suppressed: 0 bytes in 0 blocks
==17042== Rerun with --leak-check=full to see details of leaked memory
==17042== 
==17042== For counts of detected and suppressed errors, rerun with: -v
==17042== Use --track-origins=yes to see where uninitialised values come from
==17042== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 2 from 2)

What do you see?

Regards,
Andy
reply via email to
[Prev in Thread] Current Thread [Next in Thread]