[Octave-bug-tracker] [bug #34808] atexit double free

octave-bug-tracker

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Octave-bug-tracker] [bug #34808] atexit double free

From:	anonymous
Subject:	[Octave-bug-tracker] [bug #34808] atexit double free
Date:	Sat, 12 Nov 2011 02:38:59 +0000
User-agent:	Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.215 Safari/535.1

URL:
  <http://savannah.gnu.org/bugs/?34808>

                 Summary: atexit double free
                 Project: GNU Octave
            Submitted by: None
            Submitted on: Sat 12 Nov 2011 02:38:58 AM UTC
                Category: Interpreter
                Severity: 3 - Normal
                Priority: 5 - Normal
              Item Group: Crash
                  Status: None
             Assigned to: None
         Originator Name: Kyle Husmann
        Originator Email: address@hidden
             Open/Closed: Open
         Discussion Lock: Any
                 Release: 3.4.3
        Operating System: Any

    _______________________________________________________

Details:

I have a program that links to octave. All it does is calls octave_main with
embedded = true, nothing else (attached). In Linux it appears to run fine, but
on OSX when the program exits, it complains:


a.out(29561) malloc: *** error for object 0x10507c170: pointer being freed was
not allocated
*** set a breakpoint in malloc_error_break to debug


This is actually a sign of a deeper problem. The problem is that
do_octave_exit() is registered with atexit() by octave_main() (octave.cc:830)
BEFORE the static memory in functions like octave_read is initialized. This is
a problem, because according to the C++ standard,


3.6.3/3: "If a function is registered with atexit then following the call to
exit, any objects with static storage duration initialized prior to the
registration of that function shall not be destroyed until the registered
function is called from the termination process and has completed. For an
object with static storage duration constructed after a function is registered
with atexit, then following the call to to exit, the registered function is
not called until the execution of the object's destructor has completed. If
atexit is called during the construction of an object, the complete object to
which it belongs shall be destroyed before the registered function is
called."


So, a double free is basically happening. To fix this, I suppose functions
like octave_read should be called to initialize their static data BEFORE
do_octave_exit() is registered with atexit()



    _______________________________________________________

File Attachments:


-------------------------------------------------------
Date: Sat 12 Nov 2011 02:38:58 AM UTC  Name: bug.cc  Size: 272B   By: None

<http://savannah.gnu.org/bugs/download.php?file_id=24359>

    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/bugs/?34808>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/

[Prev in Thread]

Current Thread

[Next in Thread]

[Octave-bug-tracker] [bug #34808] atexit double free, anonymous <=
- [Octave-bug-tracker] [bug #34808] atexit double free, Ben Abbott, 2011/11/14
  - [Octave-bug-tracker] [bug #34808] atexit double free, Kyle Husmann, 2011/11/16
    - [Octave-bug-tracker] [bug #34808] atexit double free, Ben Abbott, 2011/11/16

Prev by Date: [Octave-bug-tracker] [bug #34804] dbstop does not find subfunctions of class methods
Next by Date: [Octave-bug-tracker] [bug #34720] print() for FLTK produces wrong size and scale
Previous by thread: [Octave-bug-tracker] [bug #34804] dbstop does not find subfunctions of class methods
Next by thread: [Octave-bug-tracker] [bug #34808] atexit double free
Index(es):
- Date
- Thread