Mark Wright wrote:
Hi,

I was just wondering if I'm doing something wrong in this
little program compiled with stdcxx 4.2.1, Sun Studio C++ 12,
Solaris 10u5 AMD64, compiled as 64 bit:

[...]
Running it encounters a sigsegv, when it calls delete [] pbuf
on non heap memory:

I can't reproduce this problem in my environment. The program
runs fine, both with libumem and in dbx with check -memuse on.

Looking at the source code for __rw::__rw_strnxfrm(), pbuf is
assigned one of two values: the address of the local array
buf, and the result of the new expression. Its value is never
assigned to another pointer that is then deleted and each of
its delete expressions is guarded by a test for (pbuf != buf),
so I don't see how it can ever be invalid.

Can you step through the code to help debug it?

Martin


goanna% export LD_FLAGS_64="preload=libumem.so.1"
goanna% export UMEM_DEBUG=default goanna% ./collate
zsh: segmentation fault (core dumped)  ./collate
goanna% unset LD_FLAGS_64
goanna% unset UMEM_DEBUG
goanna% dbx collate core
Reading collate
core file header read successfully
Reading ld.so.1
Reading libumem.so.1
Reading libstd15D.so.4.2.1
Reading libCrun.so.1
Reading libm.so.2
Reading libthread.so.1
Reading libc.so.1
Reading fr_FR.ISO8859-1.so.3
[EMAIL PROTECTED] ([EMAIL PROTECTED]) program terminated by signal SEGV (no 
mapping at the fault address)
0xfffffd7fefd6374f: process_free+0x002f:        movl     (%rsi),%r8d
Current function is __rw::__rw_strnxfrm
  577           delete[] pbuf;
(dbx) where
current thread: [EMAIL PROTECTED]
[1] process_free(0xffdfb5b7, 0xffdfb5af, 0x0, 0xfffffd7fffdfb42f, 0xfffffd7fffdfb5b7, 0xffdfb5b7), at 0xfffffd7fefd6374f [2] free(0x0, 0x0, 0x0, 0x0, 0x0, 0x0), at 0xfffffd7fefd638f5 [3] operator delete(0x0, 0x0, 0x0, 0x0, 0x0, 0x0), at 0xfffffd7fefbc9621 [4] operator delete[](0x0, 0x0, 0x0, 0x0, 0x0, 0x0), at 0xfffffd7fefbc9549 =>[5] __rw::__rw_strnxfrm(src = 0x450f45 "", nchars = 0), line 577 in "collate.cpp"
  [6] std::collate_byname<char>::do_transform(this = 0x451f20, low = 0x450f28 "Et la marine va venir à 
Malte", high = 0x450f45 ""), line 925 in "collate.cpp"
  [7] std::collate_byname<char>::do_compare(this = 0x451f20, low1 = 0x450f28 "Et la marine va venir à Malte", high1 = 
0x450f45 "", low2 = 0x450e28 "Et la marine va venir à Malte", high2 = 0x450e45 ""), line 895 in 
"collate.cpp"
  [8] std::collate<char>::compare(this = 0x451f20, __low1 = 0x450f28 "Et la marine va venir à Malte", __high1 = 
0x450f45 "", __low2 = 0x450e28 "Et la marine va venir à Malte", __high2 = 0x450e45 ""), line 119 in 
"_collate.h"
  [9] main(), line 10 in "collate.cpp"
(dbx) print pbuf
pbuf = 0xffdfb5b7 "<bad address 0xffdfb5b7>"
(dbx) loadobject -list
m   /h/goanna/2/eng/dev/cxx/collate/collate (primary)
m   /lib/amd64/libumem.so.1
m   /h/goanna/1/a_5.10_m64/c/lib/libstd15D.so.4.2.1
m   /usr/lib/amd64/libCrun.so.1
m   /lib/amd64/libm.so.2
m   /lib/amd64/libthread.so.1
m   /lib/amd64/libc.so.1
m   /usr/lib/locale/fr_FR.ISO8859-1/amd64/fr_FR.ISO8859-1.so.3
(dbx)
Thanks very much, Mark


Reply via email to