[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Octave-bug-tracker] [bug #51088] double free at Octave exit
|
From: |
Olaf Till |
|
Subject: |
[Octave-bug-tracker] [bug #51088] double free at Octave exit |
|
Date: |
Mon, 22 May 2017 18:00:40 -0400 (EDT) |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 |
URL:
<http://savannah.gnu.org/bugs/?51088>
Summary: double free at Octave exit
Project: GNU Octave
Submitted by: i7tiol
Submitted on: Mon 22 May 2017 10:00:38 PM UTC
Category: Interpreter
Severity: 3 - Normal
Priority: 5 - Normal
Item Group: Segfault, Bus Error, etc.
Status: None
Assigned to: None
Originator Name: Olaf Till
Originator Email:
Open/Closed: Open
Discussion Lock: Any
Release: 4.2.1
Operating System: Any
_______________________________________________________
Details:
(tested with 4.2.1, but probably affects all current versions)
Under certain conditions Octave segfaults at exit due to a double free.
Example code, involving anonymous functions and persistent variables, is
attached in 'test-double-free.tar.gz', trigger the bug (hopefully) by going
into the directory and calling 'test_gph ()' .
Debugging showed the following reason:
symbol_table::cleanup(void) iterates over symbol_table::all_instances and
deletes symbol tables. As a side effect of such a delete,
symbol_table::erase_scope(scope_id) erased a scope/symbol_table-pointer pair
from all_instances. This erasing messed up the outer iteration over
all_instances, so that after the next incrementing of the iterator it points
to an invalid pair, causing an attempt to delete with the same symbol_table
pointer which was deleted with by symbol_table::erase_scope(scope_id) .
A changeset with an explanatory comment will be attached as soon as I have the
bug number. The patch is against the head of the stable branch, but has been
tested against the 4.2.1 release tarball.
_______________________________________________________
File Attachments:
-------------------------------------------------------
Date: Mon 22 May 2017 10:00:38 PM UTC Name: fix-double-delete.cset Size: 3kB
By: i7tiol
<http://savannah.gnu.org/bugs/download.php?file_id=40759>
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?51088>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
- [Octave-bug-tracker] [bug #51088] double free at Octave exit,
Olaf Till <=
- [Octave-bug-tracker] [bug #51088] double free at Octave exit, Olaf Till, 2017/05/22
- [Octave-bug-tracker] [bug #51088] double free at Octave exit, Olaf Till, 2017/05/22
- [Octave-bug-tracker] [bug #51088] double free at Octave exit, Rik, 2017/05/23
- [Octave-bug-tracker] [bug #51088] double free at Octave exit, Rik, 2017/05/23
- [Octave-bug-tracker] [bug #51088] double free at Octave exit, Olaf Till, 2017/05/24
- [Octave-bug-tracker] [bug #51088] double free at Octave exit, John W. Eaton, 2017/05/28
- [Octave-bug-tracker] [bug #51088] double free at Octave exit, John W. Eaton, 2017/05/28
- [Octave-bug-tracker] [bug #51088] double free at Octave exit, Olaf Till, 2017/05/28
- [Octave-bug-tracker] [bug #51088] double free at Octave exit, John W. Eaton, 2017/05/30
- [Octave-bug-tracker] [bug #51088] double free at Octave exit, Olaf Till, 2017/05/31