Summary: | [patch] textproc/libextractor fix double free() bug | ||||||
---|---|---|---|---|---|---|---|
Product: | Ports & Packages | Reporter: | Vasil Dimov <vd> | ||||
Component: | Individual Port(s) | Assignee: | Kevin Lo <kevlo> | ||||
Status: | Closed FIXED | ||||||
Severity: | Affects Only Me | CC: | kevlo | ||||
Priority: | Normal | ||||||
Version: | Latest | ||||||
Hardware: | Any | ||||||
OS: | Any | ||||||
Attachments: |
|
Description
Vasil Dimov
2005-11-09 11:50:13 UTC
Responsible Changed From-To: freebsd-ports-bugs->kevlo Over to maintainer http://www.freebsd.org/cgi/query-pr.cgi?pr=88716 Adding to audit trail from misfiled PR ports/88748: Date: Wed, 9 Nov 2005 12:53:05 -0800 On Wed, Nov 09, 2005 at 12:53:05PM -0800, Christian Grothoff wrote: > Patch looks good and will be in the next LE release (is already in subversion > 2237). I'm still not sure under which circumstances the _destructor_ > function is invoked twice without _constructor_ in the meantime (BSD-ism?) The constructor and the destructor are called 3 times each: $ ./.libs/lt-trivialtest // constructor call 1, does not initialize old_dlsearchpath extractor.c:215 le_ltdl_init begin old_dlsearchpath=0x0 extractor.c:246 le_ltdl_init end old_dlsearchpath=0x0 trivialtest.c:23 main begin // constructor call 2, initializes old_dlsearchpath extractor.c:215 le_ltdl_init begin old_dlsearchpath=0x0 extractor.c:246 le_ltdl_init end old_dlsearchpath=0x501280 // destructor call 1, frees old_dlsearchpath extractor.c:250 le_ltdl_fini begin old_dlsearchpath=0x501280 extractor.c:253 le_ltdl_fini free(0x501280) extractor.c:262 le_ltdl_fini end old_dlsearchpath=0x501280 // constructor call 3, initializes old_dlsearchpath (again) extractor.c:215 le_ltdl_init begin old_dlsearchpath=0x501280 extractor.c:246 le_ltdl_init end old_dlsearchpath=0x5012c0 // destructor call 2, frees old_dlsearchpath, // initialized from constructor call 3 extractor.c:250 le_ltdl_fini begin old_dlsearchpath=0x5012c0 extractor.c:253 le_ltdl_fini free(0x5012c0) extractor.c:262 le_ltdl_fini end old_dlsearchpath=0x5012c0 trivialtest.c:27 main end // destructor call 3, attempts to free old_dlsearchpath, initialized // from constructor call 3 extractor.c:250 le_ltdl_fini begin old_dlsearchpath=0x5012c0 extractor.c:253 le_ltdl_fini free(0x5012c0) lt-trivialtest in free(): error: chunk is already free Abort trap: 6 (core dumped) $ Lets see what happens on Linux: $ uname -a Linux fqdn 2.4.18-14 #1 Wed Sep 4 13:35:50 EDT 2002 i686 i686 i386 GNU/Linux $ /lib/libc.so.6 GNU C Library development release version 2.2.93, by Roland McGrath et al. Copyright (C) 1992-2001, 2002 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Compiled by GNU CC version 3.2 20020903 (Red Hat Linux 8.0 3.2-7). Compiled on a Linux 2.4.9-9 system on 2002-09-05. Available extensions: GNU libio by Per Bothner crypt add-on version 2.1 by Michael Glad and others The C stubs add-on version 2.1.2. linuxthreads-0.10 by Xavier Leroy BIND-8.2.3-T5B NIS(YP)/NIS+ NSS modules 0.19 by Thorsten Kukuk Glibc-2.0 compatibility add-on by Cristian Gafton libthread_db work sponsored by Alpha Processor Inc Report bugs using the `glibcbug' script to <bugs@gnu.org>. $ gcc --version gcc (GCC) 3.2 20020903 (Red Hat Linux 8.0 3.2-7) ... $ ./.libs/lt-trivialtest extractor.c:215 le_ltdl_init begin old_dlsearchpath=(nil) extractor.c:246 le_ltdl_init end old_dlsearchpath=(nil) trivialtest.c:23 main begin trivialtest.c:27 main end extractor.c:250 le_ltdl_fini begin old_dlsearchpath=(nil) extractor.c:262 le_ltdl_fini end old_dlsearchpath=(nil) $ Hmmz, looks quite different. -- Vasil Dimov State Changed From-To: open->closed Committed, thanks. |