[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Octave-bug-tracker] [bug #36038] Memory error in 'octave --eval 0'
From: |
Max Brister |
Subject: |
[Octave-bug-tracker] [bug #36038] Memory error in 'octave --eval 0' |
Date: |
Thu, 29 Mar 2012 22:32:40 +0000 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.142 Safari/535.19 |
URL:
<http://savannah.gnu.org/bugs/?36038>
Summary: Memory error in 'octave --eval 0'
Project: GNU Octave
Submitted by: fisheater
Submitted on: Thu 29 Mar 2012 10:32:38 PM GMT
Category: Interpreter
Severity: 3 - Normal
Priority: 5 - Normal
Item Group: Other
Status: None
Assigned to: None
Originator Name:
Originator Email:
Open/Closed: Open
Discussion Lock: Any
Release: dev
Operating System: GNU/Linux
_______________________________________________________
Details:
This error was originally discovered while looking into bug #35772. It occurs
in at least octave 3.6.1 and 14508:0901f926ed50.
The valgrind output is
==26587== Invalid read of size 4
==26587== at 0xB919210: fileno (in /lib/libc-2.15.so)
==26587== by 0x52694A5: octave__init_buffer(yy_buffer_state*, _IO_FILE*)
(lex.cc:3456)
==26587== by 0x52695E6: octave__create_buffer(_IO_FILE*, int)
(lex.cc:3405)
==26587== by 0x5269AFA: octave_restart(_IO_FILE*) (lex.cc:3330)
==26587== by 0x526CDB7: reset_parser() (lex.ll:1154)
==26587== by 0x526CDC8: cleanup_parser() (lex.ll:1438)
==26587== by 0x53A5EBE: do_octave_atexit() (toplev.cc:1069)
==26587== by 0x53A74D7: clean_up_and_exit(int) (toplev.cc:670)
==26587== by 0x5348C7F: octave_main (octave.cc:908)
==26587== by 0xB8C938C: (below main) (in /lib/libc-2.15.so)
==26587== Address 0x11cf5240 is 0 bytes inside a block of size 568 free'd
==26587== at 0x4C28A9E: free (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==26587== by 0xB911644: fclose@@GLIBC_2.2.5 (in /lib/libc-2.15.so)
==26587== by 0x52E2760: parse_fcn_file(std::string const&, std::string
const&, bool, bool, std::string const&) (unwind-prot.h:260)
==26587== by 0x52E381F: load_fcn_from_file(std::string const&, std::string
const&, std::string const&, std::string const&, bool) (oct-parse.yy:3771)
==26587== by 0x5390275:
symbol_table::fcn_info::fcn_info_rep::find_user_function() (symtab.cc:1009)
==26587== by 0x53934C0:
symbol_table::fcn_info::fcn_info_rep::xfind(octave_value_list const&, bool)
(symtab.cc:782)
==26587== by 0x53936DA:
symbol_table::fcn_info::fcn_info_rep::find(octave_value_list const&, bool)
(symtab.cc:602)
==26587== by 0x5392807: symbol_table::do_find(std::string const&,
octave_value_list const&, bool, bool) (symtab.h:780)
==26587== by 0x5392B0C: symbol_table::find(std::string const&,
octave_value_list const&, bool, bool) (symtab.cc:1157)
==26587== by 0x5392E68: symbol_table::find_function(std::string const&,
octave_value_list const&, bool) (symtab.cc:1192)
==26587== by 0x52D8B9D: feval(std::string const&, octave_value_list const&,
int) (oct-parse.yy:4120)
==26587== by 0x53A559E: do_octave_atexit() (toplev.cc:1035)
==26587==
The error is in a call to fileno from octave__init_buffer. This appears to be
a use after free of a FILE pointer.
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?36038>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
- [Octave-bug-tracker] [bug #36038] Memory error in 'octave --eval 0',
Max Brister <=