stdcxx-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Sebor <mse...@gmail.com>
Subject Re: std::collate delete [] non heap memory
Date Thu, 04 Sep 2008 23:01:06 GMT
Mark Wright wrote:
> Hi,
> 
> I was just wondering if I'm doing something wrong in this
> little program compiled with stdcxx 4.2.1, Sun Studio C++ 12,
> Solaris 10u5 AMD64, compiled as 64 bit:
> 
[...]
> Running it encounters a sigsegv, when it calls delete [] pbuf
> on non heap memory:

I can't reproduce this problem in my environment. The program
runs fine, both with libumem and in dbx with check -memuse on.

Looking at the source code for __rw::__rw_strnxfrm(), pbuf is
assigned one of two values: the address of the local array
buf, and the result of the new expression. Its value is never
assigned to another pointer that is then deleted and each of
its delete expressions is guarded by a test for (pbuf != buf),
so I don't see how it can ever be invalid.

Can you step through the code to help debug it?

Martin

> 
> goanna% export LD_FLAGS_64="preload=libumem.so.1"
> goanna% export UMEM_DEBUG=default                
> goanna% ./collate
> zsh: segmentation fault (core dumped)  ./collate
> goanna% unset LD_FLAGS_64
> goanna% unset UMEM_DEBUG
> goanna% dbx collate core
> Reading collate
> core file header read successfully
> Reading ld.so.1
> Reading libumem.so.1
> Reading libstd15D.so.4.2.1
> Reading libCrun.so.1
> Reading libm.so.2
> Reading libthread.so.1
> Reading libc.so.1
> Reading fr_FR.ISO8859-1.so.3
> t@1 (l@1) program terminated by signal SEGV (no mapping at the fault address)
> 0xfffffd7fefd6374f: process_free+0x002f:	movl     (%rsi),%r8d
> Current function is __rw::__rw_strnxfrm
>   577           delete[] pbuf;
> (dbx) where
> current thread: t@1
>   [1] process_free(0xffdfb5b7, 0xffdfb5af, 0x0, 0xfffffd7fffdfb42f, 0xfffffd7fffdfb5b7,
0xffdfb5b7), at 0xfffffd7fefd6374f 
>   [2] free(0x0, 0x0, 0x0, 0x0, 0x0, 0x0), at 0xfffffd7fefd638f5 
>   [3] operator delete(0x0, 0x0, 0x0, 0x0, 0x0, 0x0), at 0xfffffd7fefbc9621 
>   [4] operator delete[](0x0, 0x0, 0x0, 0x0, 0x0, 0x0), at 0xfffffd7fefbc9549 
> =>[5] __rw::__rw_strnxfrm(src = 0x450f45 "", nchars = 0), line 577 in "collate.cpp"
>   [6] std::collate_byname<char>::do_transform(this = 0x451f20, low = 0x450f28 "Et
la marine va venir à Malte", high = 0x450f45 ""), line 925 in "collate.cpp"
>   [7] std::collate_byname<char>::do_compare(this = 0x451f20, low1 = 0x450f28 "Et
la marine va venir à Malte", high1 = 0x450f45 "", low2 = 0x450e28 "Et la marine va venir
à Malte", high2 = 0x450e45 ""), line 895 in "collate.cpp"
>   [8] std::collate<char>::compare(this = 0x451f20, __low1 = 0x450f28 "Et la marine
va venir à Malte", __high1 = 0x450f45 "", __low2 = 0x450e28 "Et la marine va venir à Malte",
__high2 = 0x450e45 ""), line 119 in "_collate.h"
>   [9] main(), line 10 in "collate.cpp"
> (dbx) print pbuf
> pbuf = 0xffdfb5b7 "<bad address 0xffdfb5b7>"
> (dbx) loadobject -list
> m   /h/goanna/2/eng/dev/cxx/collate/collate (primary)
> m   /lib/amd64/libumem.so.1
> m   /h/goanna/1/a_5.10_m64/c/lib/libstd15D.so.4.2.1
> m   /usr/lib/amd64/libCrun.so.1
> m   /lib/amd64/libm.so.2
> m   /lib/amd64/libthread.so.1
> m   /lib/amd64/libc.so.1
> m   /usr/lib/locale/fr_FR.ISO8859-1/amd64/fr_FR.ISO8859-1.so.3
> (dbx) 
> 
> Thanks very much, Mark
> 


Mime
View raw message