* Throwing exception in constructor causes segfault
@ 2002-02-23 12:56 Craig Rodrigues
2002-02-23 13:20 ` Andreas Schwab
0 siblings, 1 reply; 5+ messages in thread
From: Craig Rodrigues @ 2002-02-23 12:56 UTC (permalink / raw)
To: libstdc++; +Cc: gcc
Hi,
The following testcase was submitted in PR 5757:
class X
{
public:
X ()
{
throw "";
}
~X ()
{
}
};
int
main ()
{
try
{
X *p = new X[4];
delete[]p;
}
catch (...)
{
}
return 0;
}
If this example is run, a segfault occurs.
The backtrace of the segfault is:
#0 operator delete[](void*) (ptr=0x804aa34) at del_opv.cc:36
#1 0x08048963 in main () at t.cpp:20
#2 0x401202ae in __libc_start_main (main=0x8048890 <main>, argc=1,
ubp_av=0xbffff754, init=0x8048670 <_init>, fini=0x8048a50 <_fini>,
rtld_fini=0x4000cf28 <_dl_fini>, stack_end=0xbffff74c)
at ../sysdeps/generic/libc-start.c:129
I don't know how this stuff works, but I am guessing
that for some reason, during the stack unwinding, the
destructor is being called on *p, even though it
is not fully constructed, and this is causing problems.
Does anyone have any ideas about this?
Thanks.
--
Craig Rodrigues
http://www.gis.net/~craigr
rodrigc@attbi.com
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Throwing exception in constructor causes segfault
2002-02-23 12:56 Throwing exception in constructor causes segfault Craig Rodrigues
@ 2002-02-23 13:20 ` Andreas Schwab
2002-02-23 14:23 ` Craig Rodrigues
0 siblings, 1 reply; 5+ messages in thread
From: Andreas Schwab @ 2002-02-23 13:20 UTC (permalink / raw)
To: Craig Rodrigues; +Cc: libstdc++, gcc
Craig Rodrigues <rodrigc@attbi.com> writes:
|> I don't know how this stuff works, but I am guessing
|> that for some reason, during the stack unwinding, the
|> destructor is being called on *p, even though it
|> is not fully constructed, and this is causing problems.
|>
|> Does anyone have any ideas about this?
The problem is that operator delete[]() is receiving a different address
than returned by operator new[](). It looks like it is not adjusted for
the cookie.
Andreas.
--
Andreas Schwab, SuSE Labs, schwab@suse.de
SuSE GmbH, Deutschherrnstr. 15-19, D-90429 Nürnberg
Key fingerprint = 58CA 54C7 6D53 942B 1756 01D3 44D5 214B 8276 4ED5
"And now for something completely different."
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Throwing exception in constructor causes segfault
2002-02-23 13:20 ` Andreas Schwab
@ 2002-02-23 14:23 ` Craig Rodrigues
2002-02-23 15:20 ` Andreas Schwab
0 siblings, 1 reply; 5+ messages in thread
From: Craig Rodrigues @ 2002-02-23 14:23 UTC (permalink / raw)
To: gcc; +Cc: libstdc++
On Sat, Feb 23, 2002 at 09:56:48PM +0100, Andreas Schwab wrote:
> The problem is that operator delete[]() is receiving a different address
> than returned by operator new[](). It looks like it is not adjusted for
> the cookie.
I don't understand the gcc exception handling code, so
can you explain this in more detail? What is a cookie
in this case?
Also, in my testcase, if you comment out the delete[] p; line,
the testcase will still segfault. Looks like delete[] is
called in the stack unwind code for some reason, if you
don't call it yourself.
--
Craig Rodrigues
http://www.gis.net/~craigr
rodrigc@attbi.com
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Throwing exception in constructor causes segfault
2002-02-23 14:23 ` Craig Rodrigues
@ 2002-02-23 15:20 ` Andreas Schwab
2002-03-17 5:54 ` Jason Merrill
0 siblings, 1 reply; 5+ messages in thread
From: Andreas Schwab @ 2002-02-23 15:20 UTC (permalink / raw)
To: Craig Rodrigues; +Cc: gcc, libstdc++
Craig Rodrigues <rodrigc@attbi.com> writes:
|> On Sat, Feb 23, 2002 at 09:56:48PM +0100, Andreas Schwab wrote:
|> > The problem is that operator delete[]() is receiving a different address
|> > than returned by operator new[](). It looks like it is not adjusted for
|> > the cookie.
|>
|> I don't understand the gcc exception handling code, so
|> can you explain this in more detail? What is a cookie
|> in this case?
The cookie is just the number of elements of the array that is placed at
the beginning of the memory allocated with new[]. This has nothing to do
with exceptions. It is needed so that delete[] knows how often it has to
call the destructor.
|> Also, in my testcase, if you comment out the delete[] p; line,
|> the testcase will still segfault. Looks like delete[] is
|> called in the stack unwind code for some reason, if you
|> don't call it yourself.
Yes, the unwinder deallocates the array, since the exception occures when
the memory is already allocated.
Andreas.
--
Andreas Schwab, SuSE Labs, schwab@suse.de
SuSE GmbH, Deutschherrnstr. 15-19, D-90429 Nürnberg
Key fingerprint = 58CA 54C7 6D53 942B 1756 01D3 44D5 214B 8276 4ED5
"And now for something completely different."
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Throwing exception in constructor causes segfault
2002-02-23 15:20 ` Andreas Schwab
@ 2002-03-17 5:54 ` Jason Merrill
0 siblings, 0 replies; 5+ messages in thread
From: Jason Merrill @ 2002-03-17 5:54 UTC (permalink / raw)
To: Andreas Schwab; +Cc: Craig Rodrigues, gcc, libstdc++
Fixed.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2002-03-17 13:54 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2002-02-23 12:56 Throwing exception in constructor causes segfault Craig Rodrigues
2002-02-23 13:20 ` Andreas Schwab
2002-02-23 14:23 ` Craig Rodrigues
2002-02-23 15:20 ` Andreas Schwab
2002-03-17 5:54 ` Jason Merrill
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).