bug-gawk
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [bug-gawk] : in debug mode, every eval causes double free of memory

From: Jan Chaloupka
Subject: Re: [bug-gawk] : in debug mode, every eval causes double free of memory
Date: Fri, 9 May 2014 17:28:50 -0400 (EDT) 
Hi,

after further investigation of the free problem, does not look like a double 
free anymore. free_context frees all instruction pools, destroy_symbol free one 
symbol from symbol table. Some instruction can refer to this symbol but that is 
the only connection.  Output from valgrind reports to independent situations:

==23928== Invalid free() / delete / delete[] / realloc()
==23928==    at 0x4C28577: free (in 
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==23928==    by 0x456510: r_format_val (node.c:254)
==23928==    by 0x46992B: str_exists (awk.h:1281)
==23928==    by 0x46A6F8: remove_symbol (awk.h:1769)
==23928==    by 0x46A758: destroy_symbol (symbol.c:232)
==23928==    by 0x42FF64: do_eval (debug.c:5569)
==23928==    by 0x425B2B: zzparse (command.y:170)
==23928==    by 0x430ED0: debug_prog (debug.c:2834)
==23928==    by 0x40AB43: main (main.c:741)


==23928==  Address 0x570b600 is 32 bytes inside a block of size 128 free'd
==23928==    at 0x4C28577: free (in 
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==23928==    by 0x46B493: free_context (symbol.c:858)
==23928==    by 0x42FF58: do_eval (debug.c:5567)
==23928==    by 0x425B2B: zzparse (command.y:170)
==23928==    by 0x430ED0: debug_prog (debug.c:2834)
==23928==    by 0x40AB43: main (main.c:741)

After looking to str_exists function, there is force_string functions which 
looks like this:

static inline NODE *
force_string(NODE *s)
{
        if ((s->flags & STRCUR) != 0
                    && (s->stfmt == -1 || s->stfmt == CONVFMTidx)
        )
                return s;
        return format_val(CONVFMT, CONVFMTidx, s);
}

Well, for @eval node, format_val functions is called, which does not make any 
sense, since there is no value to be printed. Setting this:

diff --git a/debug.c b/debug.c
index b55f357..ea7db0d 100644
--- a/debug.c
+++ b/debug.c
@@ -5565,8 +5565,11 @@ do_eval(CMDARG *arg, int cmd ATTRIBUTE_UNUSED)

        pop_context();  /* switch to prev context */
        free_context(ctxt, (ret_val != NULL));   /* free all instructions and 
optionally symbols */
-       if (ret_val != NULL)
+       if (ret_val != NULL) {
+                f->flags |= STRCUR;
+                f->stfmt = -1;
                destroy_symbol(f);      /* destroy "@eval" */
+        }
        return false;
 }

solves invalid free problem. But still invoking eval "" for the second time 
reports:

$ ./gawk -f /dev/null --debug
gawk> eval ""
gawk> eval ""
gawk: cmd. line:1: error: function name address@hidden' previously defined

>From awkgram.y on line 390 install_function is called, inside of which after 
>second eval "" we get not NULL lookup. So after destroy_symbol(f), @eval 
>symbol should be removed from function_table as well. Besides after above 
>patch, remove_symbol always returns NULL because @eval is installed into 
>function_table, not symbol_table.

Jan


----- Original Message -----
From: "Aharon Robbins" <address@hidden>
To: address@hidden, address@hidden
Cc: address@hidden
Sent: Friday, May 9, 2014 3:04:55 PM
Subject: Re: [bug-gawk] : in debug mode, every eval causes double free of memory

Thanks for the heads up.  Not enough testing. I have already committed
the fix I sent. I will continue to work on this.

Thanks,

Arnold
reply via email to
[Prev in Thread] Current Thread [Next in Thread]