------- Comment #4 from laurent at guerby dot net 2009-09-24 15:51 -------
It's not a double free: free is called once but not with the pointer returned
by malloc, it is passed for some reason the pointer returned by malloc + 0x10.
valgrind detects it when it reports: "Address 0x5b3b040 is 16 bytes inside a
block of size 136 "
(gdb) r
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /home/guerby/pr41100/main
Breakpoint 5, <__gnat_malloc> (size=136) at
/opt/cfarm/release/4.4.1/lib/gcc/x86_64-unknown-linux-gnu/4.4.1/adainclude/s-memory.adb:74
74 Actual_Size : size_t := Size;
(gdb) fin
Run till exit from #0 <__gnat_malloc> (size=136) at
/opt/cfarm/release/4.4.1/lib/gcc/x86_64-unknown-linux-gnu/4.4.1/adainclude/s-memory.adb:74
0x000000000043fd5d in main () at main.adb.dg:22
22 P2b : constant double_free__test_class_access := new
Value returned is $1 = (system.address) 0x563010
(gdb) c
Continuing.
Breakpoint 6, <__gnat_free> (ptr=(system.address) 0x563020) at
/opt/cfarm/release/4.4.1/lib/gcc/x86_64-unknown-linux-gnu/4.4.1/adainclude/s-memory.adb:114
114 Abort_Defer.all;
(gdb) q
The program is running. Exit anyway? (y or n) y
I'm trying with trunk just to see if it's still there.
--
laurent at guerby dot net changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |laurent at guerby dot net
Status|UNCONFIRMED |NEW
Ever Confirmed|0 |1
Known to fail| |4.4.1
Priority|P4 |P3
Last reconfirmed|0000-00-00 00:00:00 |2009-09-24 15:51:41
date| |
Summary|[4.4 regression] |[4.4 regression]
|Unchecked_Deallocation |Unchecked_Deallocation
|causes double-free errors |causes wrong free errors
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=41100
