------- Comment #4 from laurent at guerby dot net 2009-09-24 15:51 ------- It's not a double free: free is called once but not with the pointer returned by malloc, it is passed for some reason the pointer returned by malloc + 0x10. valgrind detects it when it reports: "Address 0x5b3b040 is 16 bytes inside a block of size 136 "
(gdb) r The program being debugged has been started already. Start it from the beginning? (y or n) y Starting program: /home/guerby/pr41100/main Breakpoint 5, <__gnat_malloc> (size=136) at /opt/cfarm/release/4.4.1/lib/gcc/x86_64-unknown-linux-gnu/4.4.1/adainclude/s-memory.adb:74 74 Actual_Size : size_t := Size; (gdb) fin Run till exit from #0 <__gnat_malloc> (size=136) at /opt/cfarm/release/4.4.1/lib/gcc/x86_64-unknown-linux-gnu/4.4.1/adainclude/s-memory.adb:74 0x000000000043fd5d in main () at main.adb.dg:22 22 P2b : constant double_free__test_class_access := new Value returned is $1 = (system.address) 0x563010 (gdb) c Continuing. Breakpoint 6, <__gnat_free> (ptr=(system.address) 0x563020) at /opt/cfarm/release/4.4.1/lib/gcc/x86_64-unknown-linux-gnu/4.4.1/adainclude/s-memory.adb:114 114 Abort_Defer.all; (gdb) q The program is running. Exit anyway? (y or n) y I'm trying with trunk just to see if it's still there. -- laurent at guerby dot net changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |laurent at guerby dot net Status|UNCONFIRMED |NEW Ever Confirmed|0 |1 Known to fail| |4.4.1 Priority|P4 |P3 Last reconfirmed|0000-00-00 00:00:00 |2009-09-24 15:51:41 date| | Summary|[4.4 regression] |[4.4 regression] |Unchecked_Deallocation |Unchecked_Deallocation |causes double-free errors |causes wrong free errors http://gcc.gnu.org/bugzilla/show_bug.cgi?id=41100