[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[MacOS X] ncurses 5.7 and ptmalloc3
From: |
Joel Bertrand |
Subject: |
[MacOS X] ncurses 5.7 and ptmalloc3 |
Date: |
Sat, 8 May 2010 19:48:56 +0200 |
Hello,
I have found a bug in ncurses 5.7 that only occurs on MacOS X (10.5.6
x86) when ncurses is linked with ptmalloc3.
For some reasons I have to use ptmalloc3 in a portable program that
run fine on several Unix (NetBSD, FreeBSD, Solaris, Linux) and crashes
on MacOS X. I have bissected to find a minimal example that reproduces
the bug:
#include <stdio.h>
#include <stdlib.h>
#include "readline.h"
int
main()
{
char *ligne;
ligne = readline("Prompt : ");
printf("> %s\n", ligne);
free(ligne);
exit(EXIT_SUCCESS);
}
If I link this program against libncurses.a and libreadline.a,
valgrind returns :
joel-bertrands-imac:[/Volumes/User/src/tests] > valgrind --leak-
check=full ./test_libc
==232== Memcheck, a memory error detector
==232== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al.
==232== Using Valgrind-3.6.0.SVN and LibVEX; rerun with -h for
copyright info
==232== Command: ./test_libc
==232==
--232-- ./test_libc:
--232-- dSYM directory is missing; consider using --dsymutil=yes
Prompt : test
> test
==232==
==232== HEAP SUMMARY:
==232== in use at exit: 109,934 bytes in 158 blocks
==232== total heap usage: 214 allocs, 56 frees, 120,961 bytes
allocated
==232==
==232== LEAK SUMMARY:
==232== definitely lost: 0 bytes in 0 blocks
==232== indirectly lost: 0 bytes in 0 blocks
==232== possibly lost: 0 bytes in 0 blocks
==232== still reachable: 109,378 bytes in 147 blocks
==232== suppressed: 556 bytes in 11 blocks
==232== Reachable blocks (those to which a pointer was found) are not
shown.
==232== To see them, rerun with: --leak-check=full --show-reachable=yes
==232==
==232== For counts of detected and suppressed errors, rerun with: -v
==232== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 1 from 1)
joel-bertrands-imac:[/Volumes/User/src/tests] >
If I link against libncurses, libreadline.a and libptmalloc3.a, I
obtain :
joel-bertrands-imac:[/Volumes/User/src/tests] > valgrind --leak-
check=full ./test==233== Memcheck, a memory error detector
==233== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al.
==233== Using Valgrind-3.6.0.SVN and LibVEX; rerun with -h for
copyright info
==233== Command: ./test
==233==
--233-- ./test:
--233-- dSYM directory is missing; consider using --dsymutil=yes
==233== Invalid read of size 4
==233== at 0x2917D: free (in ./test)
==233== by 0x208E6: _nc_last_db (in ./test)
==233== by 0x20A52: _nc_next_db (in ./test)
==233== by 0x28361: _nc_read_entry (in ./test)
==233== by 0x224EE: _nc_setupterm (in ./test)
==233== by 0x22D57: tgetent (in ./test)
==233== by 0x17F95: _rl_init_terminal_io (in ./test)
==233== by 0x29B6: rl_initialize (in ./test)
==233== by 0x3661: readline (in ./test)
==233== by 0x251C: main (in ./test)
==233== Address 0x3ec42c is 4 bytes before a block of size 30 alloc'd
==233== at 0x5F3EC: malloc (vg_replace_malloc.c:236)
==233== by 0x222071: strdup (in /usr/lib/libSystem.B.dylib)
==233== by 0x2093E: next_list_item (in ./test)
==233== by 0x20AA1: _nc_next_db (in ./test)
==233== by 0x28361: _nc_read_entry (in ./test)
==233== by 0x224EE: _nc_setupterm (in ./test)
==233== by 0x22D57: tgetent (in ./test)
==233== by 0x17F95: _rl_init_terminal_io (in ./test)
==233== by 0x29B6: rl_initialize (in ./test)
==233== by 0x3661: readline (in ./test)
==233== by 0x251C: main (in ./test)
==233==
==233== Invalid read of size 4
==233== at 0x29188: free (in ./test)
==233== by 0x208E6: _nc_last_db (in ./test)
==233== by 0x20A52: _nc_next_db (in ./test)
==233== by 0x28361: _nc_read_entry (in ./test)
==233== by 0x224EE: _nc_setupterm (in ./test)
==233== by 0x22D57: tgetent (in ./test)
==233== by 0x17F95: _rl_init_terminal_io (in ./test)
==233== by 0x29B6: rl_initialize (in ./test)
==233== by 0x3661: readline (in ./test)
==233== by 0x251C: main (in ./test)
==233== Address 0x3ec428 is 8 bytes before a block of size 30 alloc'd
==233== at 0x5F3EC: malloc (vg_replace_malloc.c:236)
==233== by 0x222071: strdup (in /usr/lib/libSystem.B.dylib)
==233== by 0x2093E: next_list_item (in ./test)
==233== by 0x20AA1: _nc_next_db (in ./test)
==233== by 0x28361: _nc_read_entry (in ./test)
==233== by 0x224EE: _nc_setupterm (in ./test)
==233== by 0x22D57: tgetent (in ./test)
==233== by 0x17F95: _rl_init_terminal_io (in ./test)
==233== by 0x29B6: rl_initialize (in ./test)
==233== by 0x3661: readline (in ./test)
==233== by 0x251C: main (in ./test)
==233==
==233== Invalid read of size 4
==233== at 0x2AA70: mspace_free (in ./test)
==233== by 0x29249: free (in ./test)
==233== by 0x208E6: _nc_last_db (in ./test)
==233== by 0x20A52: _nc_next_db (in ./test)
==233== by 0x28361: _nc_read_entry (in ./test)
==233== by 0x224EE: _nc_setupterm (in ./test)
==233== by 0x22D57: tgetent (in ./test)
==233== by 0x17F95: _rl_init_terminal_io (in ./test)
==233== by 0x29B6: rl_initialize (in ./test)
==233== by 0x3661: readline (in ./test)
==233== by 0x251C: main (in ./test)
==233== Address 0x3ec42c is 4 bytes before a block of size 30 alloc'd
==233== at 0x5F3EC: malloc (vg_replace_malloc.c:236)
==233== by 0x222071: strdup (in /usr/lib/libSystem.B.dylib)
==233== by 0x2093E: next_list_item (in ./test)
==233== by 0x20AA1: _nc_next_db (in ./test)
==233== by 0x28361: _nc_read_entry (in ./test)
==233== by 0x224EE: _nc_setupterm (in ./test)
==233== by 0x22D57: tgetent (in ./test)
==233== by 0x17F95: _rl_init_terminal_io (in ./test)
==233== by 0x29B6: rl_initialize (in ./test)
==233== by 0x3661: readline (in ./test)
==233== by 0x251C: main (in ./test)
==233==
==233==
==233== Process terminating with default action of signal 6 (SIGABRT)
==233== at 0x264E42: __kill (in /usr/lib/libSystem.B.dylib)
==233== by 0x2D7239: raise (in /usr/lib/libSystem.B.dylib)
==233== by 0x2E3678: abort (in /usr/lib/libSystem.B.dylib)
==233== by 0x2AA64: mspace_free (in ./test)
==233== by 0x29249: free (in ./test)
==233== by 0x208E6: _nc_last_db (in ./test)
==233== by 0x20A52: _nc_next_db (in ./test)
==233== by 0x28361: _nc_read_entry (in ./test)
==233== by 0x224EE: _nc_setupterm (in ./test)
==233== by 0x22D57: tgetent (in ./test)
==233== by 0x17F95: _rl_init_terminal_io (in ./test)
==233== by 0x29B6: rl_initialize (in ./test)
==233==
==233== HEAP SUMMARY:
==233== in use at exit: 414 bytes in 10 blocks
==233== total heap usage: 10 allocs, 0 frees, 414 bytes allocated
==233==
==233== LEAK SUMMARY:
==233== definitely lost: 0 bytes in 0 blocks
==233== indirectly lost: 0 bytes in 0 blocks
==233== possibly lost: 0 bytes in 0 blocks
==233== still reachable: 114 bytes in 3 blocks
==233== suppressed: 300 bytes in 7 blocks
==233== Reachable blocks (those to which a pointer was found) are not
shown.
==233== To see them, rerun with: --leak-check=full --show-reachable=yes
==233==
==233== For counts of detected and suppressed errors, rerun with: -v
==233== ERROR SUMMARY: 3 errors from 3 contexts (suppressed: 0 from 0)
Abort trap
joel-bertrands-imac:[/Volumes/User/src/tests] >
Of course, I have tested that libptmalloc3.a works fine. I'm not able
to reproduce this bug on another Unix system. Only MacOS seem to be
affected.
Regards,
JKB
- [MacOS X] ncurses 5.7 and ptmalloc3,
Joel Bertrand <=