[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Octave-bug-tracker] [bug #61813] memory management bug when calling MEX
From: |
Sébastien Villemot |
Subject: |
[Octave-bug-tracker] [bug #61813] memory management bug when calling MEX that returns an output |
Date: |
Thu, 13 Jan 2022 11:41:13 -0500 (EST) |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:95.0) Gecko/20100101 Firefox/95.0 |
Follow-up Comment #6, bug #61813 (project octave):
I attach a minimal test case for the invalid write memory that I encounter
with Dynare.
The file bug61813.c must be compiled with mkoctfile -mex, and .m file must
resid in the same directory.
Output of Octave 7.0.90 within Valgrind (compiled with
-enable-std-pmr-polymorphic-allocator):
==3924592== Invalid write of size 8
==3924592== at 0x70ED199: mexFunction (bug61813.c:12)
==3924592== by 0x5B0F42A: call_mex(octave_mex_function&, octave_value_list
const&, int) (mex.cc:4769)
==3924592== by 0x555123F:
octave_mex_function::execute(octave::tree_evaluator&, int, octave_value_list
const&) (ov-mex-fcn.cc:112)
==3924592== by 0x55162B1: octave_function::call(octave::tree_evaluator&,
int, octave_value_list const&) (ov-fcn.cc:57)
==3924592== by 0x56CDB30:
octave::tree_identifier::evaluate_n(octave::tree_evaluator&, int)
(pt-id.cc:130)
==3924592== by 0x56CE3D0:
octave::tree_identifier::evaluate(octave::tree_evaluator&, int) (pt-id.h:98)
==3924592== by 0x56AF154:
octave::tree_evaluator::visit_statement(octave::tree_statement&)
(pt-eval.cc:3766)
==3924592== by 0x56DCCA5:
octave::tree_statement::accept(octave::tree_walker&) (pt-stmt.h:124)
==3924592== by 0x56AF62E:
octave::tree_evaluator::visit_statement_list(octave::tree_statement_list&)
(pt-eval.cc:3851)
==3924592== by 0x54607C1:
octave::tree_statement_list::accept(octave::tree_walker&) (pt-stmt.h:201)
==3924592== by 0x56A5097:
octave::tree_evaluator::eval(std::shared_ptr<octave::tree_statement_list>&,
bool) (pt-eval.cc:980)
==3924592== by 0x56A4709: octave::tree_evaluator::repl() (pt-eval.cc:801)
==3924592== Address 0xf158410 is 0 bytes inside a block of size 8 free'd
==3924592== at 0x484217B: free (vg_replace_malloc.c:872)
==3924592== by 0x5B0BE86: xfree(void*) (mex.cc:299)
==3924592== by 0x5B14A59: mx_memory_resource::do_deallocate(void*, unsigned
long, unsigned long) (mex.cc:360)
==3924592== by 0x50CB067: std::pmr::memory_resource::deallocate(void*,
unsigned long, unsigned long) (memory_resource:111)
==3924592== by 0x50D150F:
std::pmr::polymorphic_allocator<double>::deallocate(double*, unsigned long)
(memory_resource:186)
==3924592== by 0x50D13FC:
std::allocator_traits<std::pmr::polymorphic_allocator<double>
>::deallocate(std::pmr::polymorphic_allocator<double>&, double*, unsigned
long) (alloc_traits.h:345)
==3924592== by 0x50D12D7: Array<double,
std::pmr::polymorphic_allocator<double> >::ArrayRep::deallocate(double*,
unsigned long) (Array.h:207)
==3924592== by 0x50D1209: Array<double,
std::pmr::polymorphic_allocator<double> >::ArrayRep::~ArrayRep() (Array.h:187)
==3924592== by 0x50D1017: Array<double,
std::pmr::polymorphic_allocator<double> >::~Array() (Array.h:356)
==3924592== by 0x5B1CEBD: octave_value
mxArray_base_full::fp_to_ov<double>(dim_vector const&) const (mex.cc:2149)
==3924592== by 0x5B18754: mxArray_base_full::as_octave_value() const
(mex.cc:2084)
==3924592== by 0x5B196AB: mxArray_separate_full::as_octave_value() const
(mex.cc:2411)
==3924592== Block was alloc'd at
==3924592== at 0x483F7B5: malloc (vg_replace_malloc.c:381)
==3924592== by 0x5B0BE37: xmalloc(unsigned long) (mex.cc:270)
==3924592== by 0x5B1C0B7: mex::malloc_unmarked(unsigned long) (mex.cc:3414)
==3924592== by 0x5B1C178: mex::calloc_unmarked(unsigned long, unsigned
long) (mex.cc:3441)
==3924592== by 0x5B0CF33: mxArray::calloc(unsigned long, unsigned long)
(mex.cc:3686)
==3924592== by 0x5B17C13: mxArray_base_full::mxArray_base_full(bool,
mxClassID, double) (mex.cc:1653)
==3924592== by 0x5B18FAC:
mxArray_separate_full::mxArray_separate_full(mxClassID, double) (mex.cc:2321)
==3924592== by 0x5B0CB11: mxArray::create_rep(bool, mxClassID, double)
(mex.cc:3287)
==3924592== by 0x5B0C169: mxArray::mxArray(bool, mxClassID, double)
(mex.cc:3164)
==3924592== by 0x5B0D86C: mxCreateDoubleScalar (mex.cc:3895)
==3924592== by 0x70ED15C: mexFunction (bug61813.c:7)
==3924592== by 0x5B0F42A: call_mex(octave_mex_function&, octave_value_list
const&, int) (mex.cc:4769)
Essentially, it seems that input arguments passed to mexCallMATLAB() are
deallocated when the call returns. This was not the case with Octave 6 (and
MATLAB does not do that either).
Octave does not crash for me in that simple case, but it’s easy to see how
it can lead to crashes in more complex scenarios.
P.S.: Feel free to rename this bug report, since the title may no longer be
relevant.
(file #52661, file #52662)
_______________________________________________________
Additional Item Attachment:
File name: bug61813.c Size:0 KB
<https://file.savannah.gnu.org/file/bug61813.c?file_id=52661>
File name: bug61813_fun.m Size:0 KB
<https://file.savannah.gnu.org/file/bug61813_fun.m?file_id=52662>
_______________________________________________________
Reply to this item at:
<https://savannah.gnu.org/bugs/?61813>
_______________________________________________
Message posté via Savannah
https://savannah.gnu.org/
- [Octave-bug-tracker] [bug #61813] memory management bug when calling MEX that returns an output, Sébastien Villemot, 2022/01/13
- [Octave-bug-tracker] [bug #61813] memory management bug when calling MEX that returns an output, Markus Mützel, 2022/01/13
- [Octave-bug-tracker] [bug #61813] memory management bug when calling MEX that returns an output, Markus Mützel, 2022/01/13
- [Octave-bug-tracker] [bug #61813] memory management bug when calling MEX that returns an output, Sébastien Villemot, 2022/01/13
- [Octave-bug-tracker] [bug #61813] memory management bug when calling MEX that returns an output, Sébastien Villemot, 2022/01/13
- [Octave-bug-tracker] [bug #61813] memory management bug when calling MEX that returns an output, Markus Mützel, 2022/01/13
- [Octave-bug-tracker] [bug #61813] memory management bug when calling MEX that returns an output,
Sébastien Villemot <=
- [Octave-bug-tracker] [bug #61813] memory management bug when calling MEX that returns an output, John W. Eaton, 2022/01/13
- [Octave-bug-tracker] [bug #61813] memory management bug when calling MEX that returns an output, John W. Eaton, 2022/01/17