This is the mail archive of the
archer@sourceware.org
mailing list for the Archer project.
Crash free()ing unallocated memory.
- From: ppluzhnikov at google dot com (Paul Pluzhnikov)
- To: archer at sourceware dot org
- Cc: ppluzhnikov at google dot com
- Date: Wed, 5 Nov 2008 19:03:43 -0800 (PST)
- Subject: Crash free()ing unallocated memory.
- Dkim-signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=google.com; s=beta;t=1225940627; bh=bzS3hmbD21CslYTjF+xiCUepkmQ=;h=DomainKey-Signature:To:Cc:Subject:Message-Id:Date:From; b=etCfI0kze9YehRnCgOduEvQlKkeWDYBGJ4WgWQ6fo59y8XPZjwqkhDIXTheGbSQlqpMmO2oCyAk0Ix5mlbzR2w==
- Domainkey-signature: a=rsa-sha1; s=beta; d=google.com; c=nofws; q=dns;h=to:cc:subject:message-id:date:from;b=ezKKic8NyDuhYOeSehbI3gVH/Io4DYlcHQ5H9k4a/JYWgbse0cYu5z9eLxl2YgFAJW7IS6QO1c7DC8PWlePsQA==
Greetings,
I just debugged a crash, where gdb-py tries to free builtin type :-(
AFAICT, the problem is here:
355 static void
356 typy_dealloc (PyObject *obj)
357 {
358 type_object *type = (type_object *) obj;
359
360 if (type->type)
361 {
362 if (!TYPE_OBJFILE (type->type))
363 {
364 /* We own the type, so delete it. */
Builtin types ('long long' in this case) have TYPE_OBJFILE() == NULL,
but python-type.c doesn't own them.
365 htab_t deleted_types;
366
367 deleted_types = create_deleted_types_hash ();
368 delete_type_recursive (type->type, deleted_types);
369 htab_delete (deleted_types);
370 }
Possible fixes:
- add a "flag_builtin" flag to struct main_type to mark builtin types,
avoid them above
- scan and avoid all members of struct builtin_type (error prone:
what if a new member is added).
- ???
Thanks,
---
Paul Pluzhnikov