[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Tinycc-devel] Crash report for [mob:3054a76]
From: |
Steffen Nurpmeso |
Subject: |
Re: [Tinycc-devel] Crash report for [mob:3054a76] |
Date: |
Fri, 11 Nov 2016 15:17:09 +0100 |
User-agent: |
s-nail v14.9.0-pre2-9-gebb59f7 |
Hi.
Michael Matz <address@hidden> wrote:
|On Thu, 10 Nov 2016, Steffen Nurpmeso wrote:
|
|> Hallo.
|>
|>|The attached diff fixes the issue for me.
|>
|> One more.
|
|diff --git a/tccgen.c b/tccgen.c
|index fdd8654..00a26c5 100644
|--- a/tccgen.c
|+++ b/tccgen.c
|@@ -6523,11 +6523,13 @@ static void gen_inline_functions(TCCState *s)
| sym->r = VT_SYM | VT_CONST;
| sym->type.t &= ~VT_INLINE;
|
|+ s->inline_fns[i] = NULL;
| begin_macro(&fn->func_str, 0);
| next();
| cur_text_section = text_section;
| gen_function(sym);
| end_macro();
|+ s->inline_fns[i] = fn;
|
| inline_generated = 1;
|}
|@@ -6544,7 +6546,7 @@ ST_FUNC void free_inline_functions(TCCState *s)
| /* free tokens of unused inline functions */
| for (i = 0; i < s->nb_inline_fns; ++i) {
| struct InlineFunc *fn = s->inline_fns[i];
|- if (fn->sym)
|+ if (fn != NULL && fn->sym != NULL)
| tok_str_free(fn->func_str.str);
|}
|
|What is this supposed to achieve? It can only make a difference if
|free_inline_function could be called from the code inside the
|NULLing/reset sequence, which is not the case.
Yes it is, there is a double free in conjunction with the
preprocessor end_macro() (imagine a smile here). end_macro()
frees the macro and then that free_inline_functions or so tries to
frees it again, which causes a crash. It could be the code jumps
in the meanwhile? Wait, i could reproduce those easily...
Luckily this is fast, and with cherry-picking the -rpath stuff..
I'll attach the valgrind logs.
Ciao!
--steffen
valgrind-1.log
Description: Text document
valgrind-2.log
Description: Text document
- [Tinycc-devel] Crash report for [mob:3054a76], Steffen Nurpmeso, 2016/11/08
- Re: [Tinycc-devel] Crash report for [mob:3054a76], Michael Matz, 2016/11/09
- Re: [Tinycc-devel] Crash report for [mob:3054a76], Steffen Nurpmeso, 2016/11/09
- Re: [Tinycc-devel] Crash report for [mob:3054a76], Steffen Nurpmeso, 2016/11/10
- Re: [Tinycc-devel] Crash report for [mob:3054a76], Michael Matz, 2016/11/11
- Re: [Tinycc-devel] Crash report for [mob:3054a76],
Steffen Nurpmeso <=
- Re: [Tinycc-devel] Crash report for [mob:3054a76], grischka, 2016/11/11
- Re: [Tinycc-devel] Crash report for [mob:3054a76], Steffen Nurpmeso, 2016/11/11
- Re: [Tinycc-devel] Crash report for [mob:3054a76], grischka, 2016/11/12
- Re: [Tinycc-devel] Crash report for [mob:3054a76], Michael Matz, 2016/11/11
- Re: [Tinycc-devel] Crash report for [mob:3054a76], Steffen Nurpmeso, 2016/11/11