This is the mail archive of the
archer@sourceware.org
mailing list for the Archer project.
Re: Crash free()ing unallocated memory.
- From: Paul Pluzhnikov <ppluzhnikov at google dot com>
- To: archer at sourceware dot org
- Cc: ppluzhnikov at google dot com
- Date: Thu, 6 Nov 2008 10:17:43 -0800
- Subject: Re: Crash free()ing unallocated memory.
- Dkim-signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=google.com; s=beta;t=1225995466; bh=0NoRYJZQjMEJBQIbyrtZ7B6qE4k=;h=DomainKey-Signature:MIME-Version:In-Reply-To:References:Date: Message-ID:Subject:From:To:Cc:Content-Type: Content-Transfer-Encoding; b=P4Bu6m6ItxfG2JEmV7uOpgs6wbnh3RtTDAisipgxB5zCfH1gONuaZgovacZ9816Vu8Tc/AVb4JfRBH+u9swr4g==
- Domainkey-signature: a=rsa-sha1; s=beta; d=google.com; c=nofws; q=dns;h=mime-version:in-reply-to:references:date:message-id:subject:from:to:cc:content-type:content-transfer-encoding;b=ofZ3xYbAfFJcvgls3b++XA/k3dFHfFUuY8IltRadvFfS+Aq7J2+JB8fuywTzeQqGxWEi3xcY1X5lJ3Pc8VvFxw==
- References: <20081106030343.9A0193A6B0C@localhost>
On Wed, Nov 5, 2008 at 7:03 PM, Paul Pluzhnikov <ppluzhnikov@google.com> wrote:
> I just debugged a crash, where gdb-py tries to free builtin type :-(
For some definition of debugged.
The bad free() appears to be a side effect, the real cause appears
to be reading free()d memory earlier. Here is what Valgrind has to
say about this:
==23804== Invalid read of size 4
==23804== at 0x6E0C36: PyObject_Free ../../Objects/obmalloc.c:735
==23804== by 0x713778: PyEval_EvalFrame ../../Python/ceval.c:1563
==23804== by 0x716EB3: PyEval_EvalCodeEx ../../Python/ceval.c:2741
==23804== by 0x7645E2: function_call ../../Objects/funcobject.c:548
==23804== by 0x6BD6D6: PyObject_CallFunctionObjArgs
../../Objects/abstract.c:1795
==23804== by 0x45B3FF: pretty_print_one_value ../../gdb/python/python.c:792
==23804== by 0x45B61C: apply_val_pretty_printer ../../gdb/python/python.c:865
==23804== by 0x4A39AC: val_print ../../gdb/valprint.c:240
==23804== by 0x56BA3F: cp_print_value_fields ../../gdb/cp-valprint.c:293
==23804== by 0x56A32B: c_val_print ../../gdb/c-valprint.c:343
==23804== by 0x4A3A5F: val_print ../../gdb/valprint.c:255
==23804== by 0x56BA3F: cp_print_value_fields ../../gdb/cp-valprint.c:293
==23804== Address 0x1068f020 is 40 bytes inside a block of size 141 free'd
==23804== at 0x4C1CC8E: free vg_replace_malloc.c:337
==23804== by 0x40B2E5: xfree ../../gdb/utils.c:1082
==23804== by 0x4FE722: start_subfile ../../gdb/buildsym.c:550
==23804== by 0x51CB08: dwarf2_start_subfile ../../gdb/dwarf2read.c:7293
==23804== by 0x51C076: dwarf_decode_lines ../../gdb/dwarf2read.c:6994
==23804== by 0x5134F8: read_file_scope ../../gdb/dwarf2read.c:2947
==23804== by 0x512F3C: process_die ../../gdb/dwarf2read.c:2735
==23804== by 0x512E40: process_full_comp_unit ../../gdb/dwarf2read.c:2702
==23804== by 0x5128B7: process_queue ../../gdb/dwarf2read.c:2501
==23804== by 0x512ADB: psymtab_to_symtab_1 ../../gdb/dwarf2read.c:2581
==23804== by 0x512790: dwarf2_psymtab_to_symtab ../../gdb/dwarf2read.c:2454
==23804== by 0x4B3101: psymtab_to_symtab ../../gdb/symfile.c:291
Does this ring any bells?
Unfortunately, I can seem to be able to construct a reduced test case :[
--
Paul Pluzhnikov