public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug libobjc/11904] New: Problem in sarray_free() function.
@ 2003-08-13 9:18 sergant at orcsoftware dot spb dot ru
2003-08-14 13:52 ` [Bug libobjc/11904] " daa at orcsoftware dot spb dot ru
` (8 more replies)
0 siblings, 9 replies; 10+ messages in thread
From: sergant at orcsoftware dot spb dot ru @ 2003-08-13 9:18 UTC (permalink / raw)
To: gcc-bugs
PLEASE REPLY TO gcc-bugzilla@gcc.gnu.org ONLY, *NOT* gcc-bugs@gcc.gnu.org.
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=11904
Summary: Problem in sarray_free() function.
Product: gcc
Version: tree-ssa
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: libobjc
AssignedTo: unassigned at gcc dot gnu dot org
ReportedBy: sergant at orcsoftware dot spb dot ru
CC: gcc-bugs at gcc dot gnu dot org
GCC build triplet: i686-pc-mingw32
GCC host triplet: i686-pc-mingw32
GCC target triplet: i686-pc-mingw32
sarray_lazy_copy() function creates an array with reference to the original
array and pointers to the original array's buckets. sarray_free() function
looks like:
void
sarray_free(struct sarray* array) {
... some code ...
if((array->is_copy_of) && ((array->is_copy_of->ref_count - 1) == 0))
sarray_free(array->is_copy_of);
/* Free all entries that do not point to empty_bucket */
for(counter = 0; counter <= old_max_index; counter++ ) {
#ifdef OBJC_SPARSE3
struct sindex* idx = old_indices[counter];
if((idx != array->empty_index) &&
(idx->version.version == array->version.version)) {
int c2;
for(c2=0; c2<INDEX_SIZE; c2++) {
struct sbucket* bkt = idx->buckets[c2];
if((bkt != array->empty_bucket) &&
(bkt->version.version == array->version.version))
{
sarray_free_garbage(bkt);
nbuckets -= 1;
}
}
sarray_free_garbage(idx);
nindices -= 1;
}
#else /* OBJC_SPARSE2 */
struct sbucket* bkt = array->buckets[counter];
if ((bkt != array->empty_bucket) &&
(bkt->version.version == array->version.version))
{
sarray_free_garbage(bkt);
nbuckets -= 1;
}
#endif
}
... some code ...
}
In case, when array is a lazy copy of some other array it calls sarray_free()
for the oroginal array, and then deallocates it's own created buckets. Array
can have some pointers to the original array's buckets that are already
deallocated, and thus sometimes we have access to the freed memory in block of
code:
struct sbucket* bkt = array->buckets[counter];
if ((bkt != array->empty_bucket) &&
(bkt->version.version == array->version.version))
{
sarray_free_garbage(bkt);
nbuckets -= 1;
}
at line '(bkt->version.version == array->version.version)' (memory pointed
by 'bkt' can be already freed).
The possible solution of this problem is to move deallocation of (array-
>is_copy_of) array to the end of function sarray_free().
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug libobjc/11904] Problem in sarray_free() function.
2003-08-13 9:18 [Bug libobjc/11904] New: Problem in sarray_free() function sergant at orcsoftware dot spb dot ru
@ 2003-08-14 13:52 ` daa at orcsoftware dot spb dot ru
2003-11-09 2:58 ` pinskia at gcc dot gnu dot org
` (7 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: daa at orcsoftware dot spb dot ru @ 2003-08-14 13:52 UTC (permalink / raw)
To: gcc-bugs
PLEASE REPLY TO gcc-bugzilla@gcc.gnu.org ONLY, *NOT* gcc-bugs@gcc.gnu.org.
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=11904
daa at orcsoftware dot spb dot ru changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |daa at orcsoftware dot spb
| |dot ru
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug libobjc/11904] Problem in sarray_free() function.
2003-08-13 9:18 [Bug libobjc/11904] New: Problem in sarray_free() function sergant at orcsoftware dot spb dot ru
2003-08-14 13:52 ` [Bug libobjc/11904] " daa at orcsoftware dot spb dot ru
@ 2003-11-09 2:58 ` pinskia at gcc dot gnu dot org
2003-12-01 8:10 ` pinskia at gcc dot gnu dot org
` (6 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: pinskia at gcc dot gnu dot org @ 2003-11-09 2:58 UTC (permalink / raw)
To: gcc-bugs
--
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|3.4 |---
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=11904
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug libobjc/11904] Problem in sarray_free() function.
2003-08-13 9:18 [Bug libobjc/11904] New: Problem in sarray_free() function sergant at orcsoftware dot spb dot ru
2003-08-14 13:52 ` [Bug libobjc/11904] " daa at orcsoftware dot spb dot ru
2003-11-09 2:58 ` pinskia at gcc dot gnu dot org
@ 2003-12-01 8:10 ` pinskia at gcc dot gnu dot org
2003-12-29 10:20 ` pinskia at gcc dot gnu dot org
` (5 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: pinskia at gcc dot gnu dot org @ 2003-12-01 8:10 UTC (permalink / raw)
To: gcc-bugs
------- Additional Comments From pinskia at gcc dot gnu dot org 2003-12-01 08:10 -------
Confirmed.
--
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |NEW
Ever Confirmed| |1
Last reconfirmed|0000-00-00 00:00:00 |2003-12-01 08:10:29
date| |
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=11904
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug libobjc/11904] Problem in sarray_free() function.
2003-08-13 9:18 [Bug libobjc/11904] New: Problem in sarray_free() function sergant at orcsoftware dot spb dot ru
` (2 preceding siblings ...)
2003-12-01 8:10 ` pinskia at gcc dot gnu dot org
@ 2003-12-29 10:20 ` pinskia at gcc dot gnu dot org
2003-12-29 21:41 ` pinskia at gcc dot gnu dot org
` (4 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: pinskia at gcc dot gnu dot org @ 2003-12-29 10:20 UTC (permalink / raw)
To: gcc-bugs
------- Additional Comments From pinskia at gcc dot gnu dot org 2003-12-29 08:32 -------
Patch here: <http://gcc.gnu.org/ml/gcc-patches/2003-12/msg02194.html>, this is a pretty bad
bug as it shows up when using valgrind.
See <http://mail.gnu.org/archive/html/bug-gnustep/2003-03/msg00108.html>.
--
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |patch
Target Milestone|--- |3.4.0
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=11904
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug libobjc/11904] Problem in sarray_free() function.
2003-08-13 9:18 [Bug libobjc/11904] New: Problem in sarray_free() function sergant at orcsoftware dot spb dot ru
` (3 preceding siblings ...)
2003-12-29 10:20 ` pinskia at gcc dot gnu dot org
@ 2003-12-29 21:41 ` pinskia at gcc dot gnu dot org
2004-01-10 2:34 ` wilson at gcc dot gnu dot org
` (3 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: pinskia at gcc dot gnu dot org @ 2003-12-29 21:41 UTC (permalink / raw)
To: gcc-bugs
------- Additional Comments From pinskia at gcc dot gnu dot org 2003-12-29 21:08 -------
This problem was been since 2.95
--
What |Removed |Added
----------------------------------------------------------------------------
Version|tree-ssa |2.95
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=11904
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug libobjc/11904] Problem in sarray_free() function.
2003-08-13 9:18 [Bug libobjc/11904] New: Problem in sarray_free() function sergant at orcsoftware dot spb dot ru
` (4 preceding siblings ...)
2003-12-29 21:41 ` pinskia at gcc dot gnu dot org
@ 2004-01-10 2:34 ` wilson at gcc dot gnu dot org
2004-01-10 4:44 ` pinskia at gcc dot gnu dot org
` (2 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: wilson at gcc dot gnu dot org @ 2004-01-10 2:34 UTC (permalink / raw)
To: gcc-bugs
------- Additional Comments From wilson at gcc dot gnu dot org 2004-01-10 02:34 -------
The patch is approved. It isn't clear if it has been properly bootstrap and
regression tested, so I did not check it in myself.
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=11904
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug libobjc/11904] Problem in sarray_free() function.
2003-08-13 9:18 [Bug libobjc/11904] New: Problem in sarray_free() function sergant at orcsoftware dot spb dot ru
` (5 preceding siblings ...)
2004-01-10 2:34 ` wilson at gcc dot gnu dot org
@ 2004-01-10 4:44 ` pinskia at gcc dot gnu dot org
2004-01-10 5:47 ` cvs-commit at gcc dot gnu dot org
2004-01-10 5:49 ` pinskia at gcc dot gnu dot org
8 siblings, 0 replies; 10+ messages in thread
From: pinskia at gcc dot gnu dot org @ 2004-01-10 4:44 UTC (permalink / raw)
To: gcc-bugs
------- Additional Comments From pinskia at gcc dot gnu dot org 2004-01-10 04:44 -------
I compiled the libobjc and ran the testsuite and there were no regressions (this was on i686-pc-
linux-gnu) so I will apply it.
--
What |Removed |Added
----------------------------------------------------------------------------
AssignedTo|unassigned at gcc dot gnu |pinskia at gcc dot gnu dot
|dot org |org
Status|NEW |ASSIGNED
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=11904
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug libobjc/11904] Problem in sarray_free() function.
2003-08-13 9:18 [Bug libobjc/11904] New: Problem in sarray_free() function sergant at orcsoftware dot spb dot ru
` (6 preceding siblings ...)
2004-01-10 4:44 ` pinskia at gcc dot gnu dot org
@ 2004-01-10 5:47 ` cvs-commit at gcc dot gnu dot org
2004-01-10 5:49 ` pinskia at gcc dot gnu dot org
8 siblings, 0 replies; 10+ messages in thread
From: cvs-commit at gcc dot gnu dot org @ 2004-01-10 5:47 UTC (permalink / raw)
To: gcc-bugs
------- Additional Comments From cvs-commit at gcc dot gnu dot org 2004-01-10 05:47 -------
Subject: Bug 11904
CVSROOT: /cvs/gcc
Module name: gcc
Changes by: pinskia@gcc.gnu.org 2004-01-10 05:47:43
Modified files:
libobjc : ChangeLog sarray.c
Log message:
2004-01-09 Andrew Ruder <aeruder@ksu.edu>
PR libobjc/11904
* sarray.c (sarray_free): Free array->is_copy_of latter.
Patches:
http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/libobjc/ChangeLog.diff?cvsroot=gcc&r1=1.104&r2=1.105
http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/libobjc/sarray.c.diff?cvsroot=gcc&r1=1.7&r2=1.8
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=11904
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug libobjc/11904] Problem in sarray_free() function.
2003-08-13 9:18 [Bug libobjc/11904] New: Problem in sarray_free() function sergant at orcsoftware dot spb dot ru
` (7 preceding siblings ...)
2004-01-10 5:47 ` cvs-commit at gcc dot gnu dot org
@ 2004-01-10 5:49 ` pinskia at gcc dot gnu dot org
8 siblings, 0 replies; 10+ messages in thread
From: pinskia at gcc dot gnu dot org @ 2004-01-10 5:49 UTC (permalink / raw)
To: gcc-bugs
------- Additional Comments From pinskia at gcc dot gnu dot org 2004-01-10 05:49 -------
Fixed for 3.4.
--
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution| |FIXED
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=11904
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2004-01-10 5:49 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2003-08-13 9:18 [Bug libobjc/11904] New: Problem in sarray_free() function sergant at orcsoftware dot spb dot ru
2003-08-14 13:52 ` [Bug libobjc/11904] " daa at orcsoftware dot spb dot ru
2003-11-09 2:58 ` pinskia at gcc dot gnu dot org
2003-12-01 8:10 ` pinskia at gcc dot gnu dot org
2003-12-29 10:20 ` pinskia at gcc dot gnu dot org
2003-12-29 21:41 ` pinskia at gcc dot gnu dot org
2004-01-10 2:34 ` wilson at gcc dot gnu dot org
2004-01-10 4:44 ` pinskia at gcc dot gnu dot org
2004-01-10 5:47 ` cvs-commit at gcc dot gnu dot org
2004-01-10 5:49 ` pinskia at gcc dot gnu dot org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).