Bugs item #1633232, was opened at 2007-01-11 15:32
Message generated for change (Comment added) made by boncz
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=482468&aid=1633232&group_id=56967
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: PF general
Group: Pathfinder CVS Head
>Status: Closed
>Resolution: Fixed
Priority: 5
Private: No
Submitted By: Jens Teubner (teubner)
Assigned to: Nobody/Anonymous (nobody)
Summary: PF: memory reallocation buggy
Initial Comment:
The memory reallocation routine pa_realloc (compiler/mem/mem.c) currently does
char *r = pa_alloc( pa, new_size);
memcpy(r, old_mem, new_size);
(i.e., a new memory block of the requested size is allocated, then old contents
are copied to the new memory area. As we don't know the size of the old area,
the routine simply copies an area of the size of the *new* memory from old to
new.)
This is problematic for two reasons:
-- memcpy must be invoked with *non-overlapping*
memory regions only. It is easily possible (in
fact, even the common case) that the two regions
do overlap.
-- There is no protection that memcpy() tries to
read memory that is beyond the memory area
allocated from the operating system. A
segmentation fault could be the consequence.
----------------------------------------------------------------------
>Comment By: Peter Boncz (boncz)
Date: 2007-05-25 12:27
Message:
Logged In: YES
user_id=591107
Originator: NO
fixed
----------------------------------------------------------------------
Comment By: Niels Nes (nielsnes)
Date: 2007-01-11 16:01
Message:
Logged In: YES
user_id=43556
Originator: NO
The pa_alloc code wasn't made for realloc and free strategies, it simply
allocates and grows. At the end of a statement, the allocator should be
freed in one go.
So using pa_* for general (global) allocation is not correct.
PFrealloc is used in 4 places
0) compiler/main.c, simply not a good idea to use the pa_alloc code here.
Use malloc/realloc,free (strdup) instead.
1) PFarray_at (there you have the correct old size)
2) mil_opt. (should also be replaced by malloc,realloc,free (possibly the
GDK variants)
3) milprint_summer Also there, the pointer created lost, ie better to
correctly use, malloc,realloc and free
----------------------------------------------------------------------
Comment By: Jens Teubner (teubner)
Date: 2007-01-11 15:45
Message:
Logged In: YES
user_id=731390
Originator: YES
A quick grep shows no usage of the pa_realloc, because its
invocations have been elegantly hidden in a stack of macro
and function calls.
For example,
PFarray_at() -> PFrealloc -> PFrealloc_ -> PA_REALLOC -> pa_realloc
----------------------------------------------------------------------
Comment By: Niels Nes (nielsnes)
Date: 2007-01-11 15:39
Message:
Logged In: YES
user_id=43556
Originator: NO
A quick grep shows no usage of the pa_realloc, so why not simply remove
it?
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=482468&aid=1633232&group_id=56967
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Monetdb-bugs mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/monetdb-bugs
