|
From: | Dmitry Antipov |
Subject: | bug#17168: 24.3.50; Segfault at mark_object |
Date: | Thu, 03 Apr 2014 18:03:05 +0400 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0 |
On 04/03/2014 01:08 PM, Daniel Colascione wrote:
Found the bug: that symbol's name is in pure storage, so we ignore the value of sym->s.gcmarkbit and assume the symbol is always live: we never put it on the free list, so we never set its function slot to Vdead. Later, during another GC pass, conservative GC scanning happens to find a pointer to the symbol. We begin marking it, descend into the function slot, which is still pointing to the old, dead object value. We try to mark memory being used for some other purpose and enter la-la land.
What about this workaround? Until we find a better solution, this should prevent crashes at least. Dmitry
bug17168_workaround.patch
Description: Text Data
[Prev in Thread] | Current Thread | [Next in Thread] |