#7919: Heap corruption (segfault) from large 'let' expression
-------------------------------+--------------------------------------------
Reporter: duncan | Owner:
Type: bug | Status: patch
Priority: normal | Milestone:
Component: Runtime System | Version: 7.6.3
Keywords: | Os: Linux
Architecture: x86_64 (amd64) | Failure: Runtime crash
Difficulty: Unknown | Testcase:
Blockedby: | Blocking:
Related: |
-------------------------------+--------------------------------------------
Changes (by igloo):
* status: new => patch
* difficulty: => Unknown
Comment:
The program works with this patch:
{{{
diff --git a/rts/sm/GCUtils.c b/rts/sm/GCUtils.c
index 996b5f6..97d07ea 100644
--- a/rts/sm/GCUtils.c
+++ b/rts/sm/GCUtils.c
@@ -180,7 +180,7 @@ todo_block_full (nat size, gen_workspace *ws)
// the limit.
if (!looksEmptyWSDeque(ws->todo_q) ||
(ws->todo_free - bd->u.scan < WORK_UNIT_WORDS / 2)) {
- if (ws->todo_free + size < bd->start + bd->blocks * BLOCK_SIZE_W)
{
+ if (ws->todo_free + size <= bd->start + bd->blocks *
BLOCK_SIZE_W) {
ws->todo_lim = stg_min(bd->start + bd->blocks * BLOCK_SIZE_W,
ws->todo_lim +
stg_max(WORK_UNIT_WORDS,size));
debugTrace(DEBUG_gc, "increasing limit for %p to %p",
bd->start, ws->todo_lim);
}}}
(note that the comment says "It cannot be empty, because then there would
be enough room to copy the current object", but the comment and this guard
don't agree when the size exactly fills the available space).
I haven't looked at what exactly is going on, so want to check that this
really looks right before committing, though.
--
Ticket URL: <http://hackage.haskell.org/trac/ghc/ticket/7919#comment:2>
GHC <http://www.haskell.org/ghc/>
The Glasgow Haskell Compiler
_______________________________________________
ghc-tickets mailing list
[email protected]
http://www.haskell.org/mailman/listinfo/ghc-tickets
