From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 22666 invoked by alias); 10 Mar 2011 18:27:56 -0000 Received: (qmail 22657 invoked by uid 22791); 10 Mar 2011 18:27:55 -0000 X-SWARE-Spam-Status: No, hits=-5.2 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_HI,TW_TP,T_RP_MATCHES_RCVD X-Spam-Check-By: sourceware.org Received: from smtp-outbound-1.vmware.com (HELO smtp-outbound-1.vmware.com) (65.115.85.69) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Thu, 10 Mar 2011 18:27:49 +0000 Received: from mailhost3.vmware.com (mailhost3.vmware.com [10.16.27.45]) by smtp-outbound-1.vmware.com (Postfix) with ESMTP id 53FE813575; Thu, 10 Mar 2011 10:27:48 -0800 (PST) Received: from msnyder-server.eng.vmware.com (promd-2s-dhcp138.eng.vmware.com [10.20.124.138]) by mailhost3.vmware.com (Postfix) with ESMTP id 4979BCD946; Thu, 10 Mar 2011 10:27:48 -0800 (PST) Message-ID: <4D791823.10807@vmware.com> Date: Thu, 10 Mar 2011 18:27:00 -0000 From: Michael Snyder User-Agent: Thunderbird 2.0.0.24 (X11/20101201) MIME-Version: 1.0 To: Steve Ellcey CC: "binutils@sourceware.org" , "rth@redhat.com" Subject: Re: [RFA/gas] stabs.c (stabs_generate_asm_file): Free malloced 'dir'. References: <201103101731.p2AHVob22846@lucas.cup.hp.com> In-Reply-To: <201103101731.p2AHVob22846@lucas.cup.hp.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Mailing-List: contact binutils-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: binutils-owner@sourceware.org X-SW-Source: 2011-03/txt/msg00208.txt.bz2 Steve Ellcey wrote: > Michael, > > I believe this patch is causing the GNU assembler to abort on my > ia64-hp-hpux11.23 platform. When I remove the xfree calls you added the > abort goes away. I don't know if anyone else is seeing this but here is > what I think is happening: The xfree calls are freeing the pointer > returned from remap_debug_filename and remap_debug_filename may allocate > new memory or it may just return the pointer that was passed in to it. > In some cases the pointer passed in to remap_debug_filename comes from a > getpwd call. Now getpwd calls getcwd and keeps the return value of > getcwd in a static pointer for reuse. I think we are calling getpwd > once, setting the static variable, using that pointer in a > remap_debug_filename call (which returns the same pointer) and then > freeing that allocated space. But that doesn't change the value of the > static pointer in getpwd, so the next time we call getpwd we get a > pointer to freed memory and try to use (and then free) that already > freed memory. I think that is where the abort is happening. > > Steve Ellcey > sje@cup.hp.com Thanks for the excellent analysis. However, I never checked in the change you are referring to. Are you sure you're not thinking of the similar change that I checked in to dwarf2dbg.c?