This is the mail archive of the archer@sourceware.org mailing list for the Archer project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Crash free()ing unallocated memory.

From: Tom Tromey <tromey at redhat dot com>
To: Paul Pluzhnikov <ppluzhnikov at google dot com>
Cc: archer at sourceware dot org
Date: Sun, 09 Nov 2008 10:56:24 -0700
Subject: Re: Crash free()ing unallocated memory.
References: <20081106030343.9A0193A6B0C@localhost><m3skq4em0k.fsf@fleche.redhat.com><8ac60eac0811061127i3eaaaf46u41f3e05618705955@mail.gmail.com><m37i7gehw8.fsf@fleche.redhat.com>
Reply-to: Tom Tromey <tromey at redhat dot com>

>>>>> "Tom" == Tom Tromey <tromey@redhat.com> writes:

Tom> I think we should add a new flag to pyty_type_object, and set the
Tom> flag in clean_up_objfile_types.

It occurred to me today that we will still see crashes.

Suppose you have a Type 't' with 'owned' == 1.
Then, you call pointer() on this Type, yielding 'p'
Then, arrange for 't' to be deleted.

Now the type field of 'p' will point to freed memory.


Actually, this code all seems pretty broken right now.

We don't seem to copy variant types, reference types, or pointer types.
delete_type_recursive doesn't look at these either.

Ideally we would memoize so that requests like pointer() on a Type
always yield the same Type.  If we did this, though, we'd have to have
some cycle-breaking code to let reference counting work properly.

So, oops on me.  I'll dig into this next week, too.

Tom

References:
- Crash free()ing unallocated memory.
  - From: Paul Pluzhnikov
- Re: Crash free()ing unallocated memory.
  - From: Tom Tromey
- Re: Crash free()ing unallocated memory.
  - From: Paul Pluzhnikov
- Re: Crash free()ing unallocated memory.
  - From: Tom Tromey

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]