[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
gawk: other double free(_wstr)
From: |
Karel Zak |
Subject: |
gawk: other double free(_wstr) |
Date: |
Fri, 12 Jan 2007 11:46:58 +0100 |
User-agent: |
Mutt/1.5.11 |
Hi,
there is other double free() call in gawk. Try:
echo -e "AAA BBX\nAAA BBY" | ./gawk ' /^AAA BB/ { x = substr($2, 1); $1 =
"FOO"; print $0 }'
*** glibc detected *** gawk: double free or corruption (fasttop):
0x000000000065b8b0 ***
======= Backtrace: =========
/lib64/libc.so.6[0x3d2c06ea60]
/lib64/libc.so.6(cfree+0x8c)[0x3d2c07217c]
gawk(free_wstr+0x18)[0x428578]
gawk(unref+0x4c)[0x4285fc]
gawk(reset_record+0x69)[0x41f699]
gawk(set_record+0x11)[0x41f7b1]
gawk[0x423115]
gawk(do_input+0x28)[0x4260d8]
gawk(main+0xe9c)[0x427d8c]
It's gawk-stable and Dmitry's patches doesn't help too much.
The problem is probably somewhere around rebuild_record(), because it
calls unref() (which correctly deallocates wstptr), but then the
rebuild_record() reassigns deallocated wstptr back to fields_arr[i]:
n->stptr = cops;
unref(fields_arr[i]); <--- free( fields_arr[i]->wstptr )
fields_arr[i] = n; <--- deallocated wstptr is back
I'm not sure how correctly fix the problem, maybe the "n"
should be without WSTRCUR flag before reassigning to fields_arr[i].
n->flags &= ~(MALLOC|TEMP|PERM|STRING|CURSTR|WCURSTR);
^^^^^^^^^^^^^^^
The problem comes up, because gawk newly deallocates wstptr in
unref(). See node.c unref() diff between gawk-3.1.5 and gawk-stable
CVS:
if ((tmp->flags & FIELD) != 0) {
+ free_wstr(tmp);
freenode(tmp);
return;
}
Karel
--
Karel Zak <address@hidden>