[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Octave-bug-tracker] [bug #34808] atexit double free
From: |
anonymous |
Subject: |
[Octave-bug-tracker] [bug #34808] atexit double free |
Date: |
Sat, 12 Nov 2011 02:38:59 +0000 |
User-agent: |
Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.215 Safari/535.1 |
URL:
<http://savannah.gnu.org/bugs/?34808>
Summary: atexit double free
Project: GNU Octave
Submitted by: None
Submitted on: Sat 12 Nov 2011 02:38:58 AM UTC
Category: Interpreter
Severity: 3 - Normal
Priority: 5 - Normal
Item Group: Crash
Status: None
Assigned to: None
Originator Name: Kyle Husmann
Originator Email: address@hidden
Open/Closed: Open
Discussion Lock: Any
Release: 3.4.3
Operating System: Any
_______________________________________________________
Details:
I have a program that links to octave. All it does is calls octave_main with
embedded = true, nothing else (attached). In Linux it appears to run fine, but
on OSX when the program exits, it complains:
a.out(29561) malloc: *** error for object 0x10507c170: pointer being freed was
not allocated
*** set a breakpoint in malloc_error_break to debug
This is actually a sign of a deeper problem. The problem is that
do_octave_exit() is registered with atexit() by octave_main() (octave.cc:830)
BEFORE the static memory in functions like octave_read is initialized. This is
a problem, because according to the C++ standard,
3.6.3/3: "If a function is registered with atexit then following the call to
exit, any objects with static storage duration initialized prior to the
registration of that function shall not be destroyed until the registered
function is called from the termination process and has completed. For an
object with static storage duration constructed after a function is registered
with atexit, then following the call to to exit, the registered function is
not called until the execution of the object's destructor has completed. If
atexit is called during the construction of an object, the complete object to
which it belongs shall be destroyed before the registered function is
called."
So, a double free is basically happening. To fix this, I suppose functions
like octave_read should be called to initialize their static data BEFORE
do_octave_exit() is registered with atexit()
_______________________________________________________
File Attachments:
-------------------------------------------------------
Date: Sat 12 Nov 2011 02:38:58 AM UTC Name: bug.cc Size: 272B By: None
<http://savannah.gnu.org/bugs/download.php?file_id=24359>
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?34808>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
- [Octave-bug-tracker] [bug #34808] atexit double free,
anonymous <=