[bug #47164] [PATCH] multiple instances of mixing free(), delete and del

bug-groff

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug #47164] [PATCH] multiple instances of mixing free(), delete and del

From:	Balint Reczey
Subject:	[bug #47164] [PATCH] multiple instances of mixing free(), delete and delete[] usage
Date:	Mon, 15 Feb 2016 22:25:39 +0000
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Firefox/38.0 Iceweasel/38.6.0

URL:
  <http://savannah.gnu.org/bugs/?47164>

                 Summary: [PATCH] multiple instances of mixing free(), delete
and delete[] usage
                 Project: GNU troff
            Submitted by: rbalint
            Submitted on: Mon 15 Feb 2016 10:25:38 PM GMT
                Severity: 3 - Normal
              Item Group: Crash
                  Status: None
                 Privacy: Public
             Assigned to: None
             Open/Closed: Open
         Discussion Lock: Any
         Planned Release: None

    _______________________________________________________

Details:

One example:
=================================================================
==514==ERROR: AddressSanitizer: alloc-dealloc-mismatch (operator new [] vs
free) on 0x611000009b40
    #0 0x7f28c02f5bfa in __interceptor_free
(/usr/lib/x86_64-linux-gnu/libasan.so.2+0x93bfa)
    #1 0x40602c in imageList::createPage(int)
/home/rbalint/projects/deb/gccs/groff-1.22.3/debian/build/../../src/preproc/html/pre-html.cpp:1008
    #2 0x4062c0 in imageList::createImage(imageItem*)
/home/rbalint/projects/deb/gccs/groff-1.22.3/debian/build/../../src/preproc/html/pre-html.cpp:1075
    #3 0x40347a in imageList::createImages()
/home/rbalint/projects/deb/gccs/groff-1.22.3/debian/build/../../src/preproc/html/pre-html.cpp:1134
    #4 0x40347a in generateImages
/home/rbalint/projects/deb/gccs/groff-1.22.3/debian/build/../../src/preproc/html/pre-html.cpp:1175
    #5 0x40347a in main
/home/rbalint/projects/deb/gccs/groff-1.22.3/debian/build/../../src/preproc/html/pre-html.cpp:1859
    #6 0x7f28bf64886f in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x2086f)
    #7 0x403e18 in _start
(/home/rbalint/projects/deb/gccs/groff-1.22.3/debian/build/src/preproc/html/pre-grohtml+0x403e18)

0x611000009b40 is located 0 bytes inside of 228-byte region
[0x611000009b40,0x611000009c24)
allocated by thread T0 here:
    #0 0x7f28c02f6d5a in operator new[](unsigned long)
(/usr/lib/x86_64-linux-gnu/libasan.so.2+0x94d5a)
    #1 0x4196de in strsave(char const*)
/home/rbalint/projects/deb/gccs/groff-1.22.3/debian/build/../../src/libs/libgroff/strsave.cpp:26
    #2 0x40473f in make_message(char const*, ...)
/home/rbalint/projects/deb/gccs/groff-1.22.3/debian/build/../../src/preproc/html/pre-html.cpp:428
    #3 0x406007 in imageList::createPage(int)
/home/rbalint/projects/deb/gccs/groff-1.22.3/debian/build/../../src/preproc/html/pre-html.cpp:1004
    #4 0x4062c0 in imageList::createImage(imageItem*)
/home/rbalint/projects/deb/gccs/groff-1.22.3/debian/build/../../src/preproc/html/pre-html.cpp:1075
    #5 0x40347a in imageList::createImages()
/home/rbalint/projects/deb/gccs/groff-1.22.3/debian/build/../../src/preproc/html/pre-html.cpp:1134
    #6 0x40347a in generateImages
/home/rbalint/projects/deb/gccs/groff-1.22.3/debian/build/../../src/preproc/html/pre-html.cpp:1175
    #7 0x40347a in main
/home/rbalint/projects/deb/gccs/groff-1.22.3/debian/build/../../src/preproc/html/pre-html.cpp:1859
    #8 0x7f28bf64886f in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x2086f)

SUMMARY: AddressSanitizer: alloc-dealloc-mismatch ??:0 __interceptor_free
==514==HINT: if you don't care about these warnings you may set
ASAN_OPTIONS=alloc_dealloc_mismatch=0
==514==ABORTING

The attached patches fix enough places to have the Debian package build with
-fsanitize=address and -fsanitize=undefined enabled, but it would probably be
even better to use std:string everywhere it is possible instead.




    _______________________________________________________

File Attachments:


-------------------------------------------------------
Date: Mon 15 Feb 2016 10:25:38 PM GMT  Name:
0004-Use-malloc-in-strsave-and-free-for-returned-pointers.patch  Size: 2kB  
By: rbalint
patches fixing many issues
<http://savannah.gnu.org/bugs/download.php?file_id=36351>
-------------------------------------------------------
Date: Mon 15 Feb 2016 10:25:38 PM GMT  Name:
0005-Fix-many-malloc-new-vs.-free-delete-delete-mismatche.patch  Size: 17kB  
By: rbalint
patches fixing many issues
<http://savannah.gnu.org/bugs/download.php?file_id=36352>

    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/bugs/?47164>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/

[Prev in Thread]

Current Thread

[Next in Thread]

[bug #47164] [PATCH] multiple instances of mixing free(), delete and delete[] usage, Balint Reczey <=
- [bug #47164] [PATCH] multiple instances of mixing free(), delete and delete[] usage, Werner LEMBERG, 2016/02/16

Prev by Date: [bug #47162] [PATCH] invalid memory access in small_temp_iterator::operator new
Next by Date: [bug #47160] Invalid use of memcpy() at multiple places
Previous by thread: [bug #47162] [PATCH] invalid memory access in small_temp_iterator::operator new
Next by thread: [bug #47164] [PATCH] multiple instances of mixing free(), delete and delete[] usage
Index(es):
- Date
- Thread