[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#13611: SEGV during SMOB GC

From: Mike Gran
Subject: bug#13611: SEGV during SMOB GC
Date: Sat, 2 Feb 2013 12:51:40 -0800 (PST)


I have a reproducible SEGV during GC of SMOBs on Guile 2.0.7.
It was also present in 2.0.6.

To reproduce compile main.c as 

$ gcc -std=gnu99 -shared -o smobbug.so -Wall -Wextra `pkg-config guile-2.0 
--cflags --libs` -fPIC main.c

Then with

;; At the repl, load the lib

 (use-modules (smobbug))
;; Make a SMOB to be GC'd

;; Trigger a GC from the GC thread
 (string-length (make-string 10000000))

This gives

  Program received signal SIGSEGV, Segmentation fault.
  [Switching to Thread 0xb7d98b40 (LWP 20488)]
  0xb7f251ab in smob_mark (addr=0x8608ff0, mark_stack_ptr=0xb7d90308, 
      mark_stack_limit=0xb7d982f0, env=0) at smob.c:325
  325           SCM_I_CURRENT_THREAD->current_mark_stack_ptr = mark_stack_ptr;

Here's what's happening internally.  When Guile starts up, it creates 3
* Initial thread
* GC thread from scm_storage_prehistory GC_INIT()
* signal delivery thread

That second thread is the one from which automatic garbage collection
occurs.  The way that thread gets created, it has an
scm_i_current_thread == NULL, apparently.

So dereferencing scm_i_current_thread causes null dereference.
And smob_mark() will dereference scm_i_current_thread when collecting a
smob with a mark function.


Attachment: smobbug.scm
Description: Text Data

Attachment: main.c
Description: Text Data

reply via email to

[Prev in Thread] Current Thread [Next in Thread]