Discussion:
[ast-developers] valgrind hits with associative compound variable on stack in user-defined type...
Roland Mainz
2013-09-25 12:45:10 UTC
Permalink
Hi!

----

The following testcase...
-- snip --
typeset -T x_t=(
bool running=true

function loopme
{
compound -A pt=(
[irc]=( compound events=( bool pollin='true'
pollhup='true' ) )
[userinput]=( compound events=( bool pollin='true' ) )
)
}
)

function main
{
x_t foo
foo.loopme
}

main
-- snip --

... triggers the following valgrind hit(s) on SuSE 12.3/AMD64/64bit:

-- snip --
$ ~/vg/bin/valgrind --read-var-info=yes --num-callers=200 ~/bin/ksh /tmp/y.sh
==14220== Memcheck, a memory error detector
==14220== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al.
==14220== Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright info
==14220== Command: /home/test001/bin/ksh /tmp/y.sh
[snip]
==14220== Invalid read of size 8
==14220== at 0x449BF0: nv_name (name.c:3862)
==14220== by 0x44DF46: walk_tree (nvtree.c:1190)
==14220== by 0x44EA7A: put_tree (nvtree.c:1354)
==14220== by 0x494427: nv_putv (nvdisc.c:152)
==14220== by 0x4468B2: _nv_unset (name.c:2646)
==14220== by 0x446522: table_unset (name.c:2562)
==14220== by 0x4498CF: sh_unscope (name.c:3745)
==14220== by 0x471DB3: sh_funscope_20120720 (xec.c:4091)
==14220== by 0x4709F7: sh_funct (xec.c:3412)
==14220== by 0x46A4EC: sh_exec (xec.c:1584)
==14220== by 0x46CA4D: sh_exec (xec.c:2256)
==14220== by 0x471C93: sh_funscope_20120720 (xec.c:4082)
==14220== by 0x4709F7: sh_funct (xec.c:3412)
==14220== by 0x46A4EC: sh_exec (xec.c:1584)
==14220== by 0x40F7A2: exfile (main.c:610)
==14220== by 0x40E9ED: sh_main (main.c:382)
==14220== by 0x40DB70: main (pmain.c:45)
==14220== Address 0x59677b0 is 16 bytes inside a block of size 74 free'd
==14220== at 0x4C29BF2: _ast_free (vg_replace_malloc.c:1001)
==14220== by 0x4432E8: nv_delete (name.c:1383)
==14220== by 0x4A9300: nv_associative (array.c:1789)
==14220== by 0x4A5E57: array_putval (array.c:685)
==14220== by 0x494427: nv_putv (nvdisc.c:152)
==14220== by 0x4468B2: _nv_unset (name.c:2646)
==14220== by 0x446522: table_unset (name.c:2562)
==14220== by 0x4498CF: sh_unscope (name.c:3745)
==14220== by 0x471DB3: sh_funscope_20120720 (xec.c:4091)
==14220== by 0x4709F7: sh_funct (xec.c:3412)
==14220== by 0x46A4EC: sh_exec (xec.c:1584)
==14220== by 0x46CA4D: sh_exec (xec.c:2256)
==14220== by 0x471C93: sh_funscope_20120720 (xec.c:4082)
==14220== by 0x4709F7: sh_funct (xec.c:3412)
==14220== by 0x46A4EC: sh_exec (xec.c:1584)
==14220== by 0x40F7A2: exfile (main.c:610)
==14220== by 0x40E9ED: sh_main (main.c:382)
==14220== by 0x40DB70: main (pmain.c:45)
==14220==
==14220== Invalid read of size 8
==14220== at 0x449BFD: nv_name (name.c:3862)
==14220== by 0x44DF46: walk_tree (nvtree.c:1190)
==14220== by 0x44EA7A: put_tree (nvtree.c:1354)
==14220== by 0x494427: nv_putv (nvdisc.c:152)
==14220== by 0x4468B2: _nv_unset (name.c:2646)
==14220== by 0x446522: table_unset (name.c:2562)
==14220== by 0x4498CF: sh_unscope (name.c:3745)
==14220== by 0x471DB3: sh_funscope_20120720 (xec.c:4091)
==14220== by 0x4709F7: sh_funct (xec.c:3412)
==14220== by 0x46A4EC: sh_exec (xec.c:1584)
==14220== by 0x46CA4D: sh_exec (xec.c:2256)
==14220== by 0x471C93: sh_funscope_20120720 (xec.c:4082)
==14220== by 0x4709F7: sh_funct (xec.c:3412)
==14220== by 0x46A4EC: sh_exec (xec.c:1584)
==14220== by 0x40F7A2: exfile (main.c:610)
==14220== by 0x40E9ED: sh_main (main.c:382)
==14220== by 0x40DB70: main (pmain.c:45)
==14220== Address 0x59677b0 is 16 bytes inside a block of size 74 free'd
==14220== at 0x4C29BF2: _ast_free (vg_replace_malloc.c:1001)
==14220== by 0x4432E8: nv_delete (name.c:1383)
==14220== by 0x4A9300: nv_associative (array.c:1789)
==14220== by 0x4A5E57: array_putval (array.c:685)
==14220== by 0x494427: nv_putv (nvdisc.c:152)
==14220== by 0x4468B2: _nv_unset (name.c:2646)
==14220== by 0x446522: table_unset (name.c:2562)
==14220== by 0x4498CF: sh_unscope (name.c:3745)
==14220== by 0x471DB3: sh_funscope_20120720 (xec.c:4091)
==14220== by 0x4709F7: sh_funct (xec.c:3412)
==14220== by 0x46A4EC: sh_exec (xec.c:1584)
==14220== by 0x46CA4D: sh_exec (xec.c:2256)
==14220== by 0x471C93: sh_funscope_20120720 (xec.c:4082)
==14220== by 0x4709F7: sh_funct (xec.c:3412)
==14220== by 0x46A4EC: sh_exec (xec.c:1584)
==14220== by 0x40F7A2: exfile (main.c:610)
==14220== by 0x40E9ED: sh_main (main.c:382)
==14220== by 0x40DB70: main (pmain.c:45)
==14220==
==14220== Invalid read of size 1
==14220== at 0x449C01: nv_name (name.c:3862)
==14220== by 0x44DF46: walk_tree (nvtree.c:1190)
==14220== by 0x44EA7A: put_tree (nvtree.c:1354)
==14220== by 0x494427: nv_putv (nvdisc.c:152)
==14220== by 0x4468B2: _nv_unset (name.c:2646)
==14220== by 0x446522: table_unset (name.c:2562)
==14220== by 0x4498CF: sh_unscope (name.c:3745)
==14220== by 0x471DB3: sh_funscope_20120720 (xec.c:4091)
==14220== by 0x4709F7: sh_funct (xec.c:3412)
==14220== by 0x46A4EC: sh_exec (xec.c:1584)
==14220== by 0x46CA4D: sh_exec (xec.c:2256)
==14220== by 0x471C93: sh_funscope_20120720 (xec.c:4082)
==14220== by 0x4709F7: sh_funct (xec.c:3412)
==14220== by 0x46A4EC: sh_exec (xec.c:1584)
==14220== by 0x40F7A2: exfile (main.c:610)
==14220== by 0x40E9ED: sh_main (main.c:382)
==14220== by 0x40DB70: main (pmain.c:45)
==14220== Address 0x59677e0 is 64 bytes inside a block of size 74 free'd
==14220== at 0x4C29BF2: _ast_free (vg_replace_malloc.c:1001)
==14220== by 0x4432E8: nv_delete (name.c:1383)
==14220== by 0x4A9300: nv_associative (array.c:1789)
==14220== by 0x4A5E57: array_putval (array.c:685)
==14220== by 0x494427: nv_putv (nvdisc.c:152)
==14220== by 0x4468B2: _nv_unset (name.c:2646)
==14220== by 0x446522: table_unset (name.c:2562)
==14220== by 0x4498CF: sh_unscope (name.c:3745)
==14220== by 0x471DB3: sh_funscope_20120720 (xec.c:4091)
==14220== by 0x4709F7: sh_funct (xec.c:3412)
==14220== by 0x46A4EC: sh_exec (xec.c:1584)
==14220== by 0x46CA4D: sh_exec (xec.c:2256)
==14220== by 0x471C93: sh_funscope_20120720 (xec.c:4082)
==14220== by 0x4709F7: sh_funct (xec.c:3412)
==14220== by 0x46A4EC: sh_exec (xec.c:1584)
==14220== by 0x40F7A2: exfile (main.c:610)
==14220== by 0x40E9ED: sh_main (main.c:382)
==14220== by 0x40DB70: main (pmain.c:45)
==14220==
==14220== Invalid read of size 2
==14220== at 0x49CD8C: nv_type (nvtype.c:1362)
==14220== by 0x449C45: nv_name (name.c:3864)
==14220== by 0x44DF46: walk_tree (nvtree.c:1190)
==14220== by 0x44EA7A: put_tree (nvtree.c:1354)
==14220== by 0x494427: nv_putv (nvdisc.c:152)
==14220== by 0x4468B2: _nv_unset (name.c:2646)
==14220== by 0x446522: table_unset (name.c:2562)
==14220== by 0x4498CF: sh_unscope (name.c:3745)
==14220== by 0x471DB3: sh_funscope_20120720 (xec.c:4091)
==14220== by 0x4709F7: sh_funct (xec.c:3412)
==14220== by 0x46A4EC: sh_exec (xec.c:1584)
==14220== by 0x46CA4D: sh_exec (xec.c:2256)
==14220== by 0x471C93: sh_funscope_20120720 (xec.c:4082)
==14220== by 0x4709F7: sh_funct (xec.c:3412)
==14220== by 0x46A4EC: sh_exec (xec.c:1584)
==14220== by 0x40F7A2: exfile (main.c:610)
==14220== by 0x40E9ED: sh_main (main.c:382)
==14220== by 0x40DB70: main (pmain.c:45)
==14220== Address 0x59677b8 is 24 bytes inside a block of size 74 free'd
==14220== at 0x4C29BF2: _ast_free (vg_replace_malloc.c:1001)
==14220== by 0x4432E8: nv_delete (name.c:1383)
==14220== by 0x4A9300: nv_associative (array.c:1789)
==14220== by 0x4A5E57: array_putval (array.c:685)
==14220== by 0x494427: nv_putv (nvdisc.c:152)
==14220== by 0x4468B2: _nv_unset (name.c:2646)
==14220== by 0x446522: table_unset (name.c:2562)
==14220== by 0x4498CF: sh_unscope (name.c:3745)
==14220== by 0x471DB3: sh_funscope_20120720 (xec.c:4091)
==14220== by 0x4709F7: sh_funct (xec.c:3412)
==14220== by 0x46A4EC: sh_exec (xec.c:1584)
==14220== by 0x46CA4D: sh_exec (xec.c:2256)
==14220== by 0x471C93: sh_funscope_20120720 (xec.c:4082)
==14220== by 0x4709F7: sh_funct (xec.c:3412)
==14220== by 0x46A4EC: sh_exec (xec.c:1584)
==14220== by 0x40F7A2: exfile (main.c:610)
==14220== by 0x40E9ED: sh_main (main.c:382)
==14220== by 0x40DB70: main (pmain.c:45)
==14220==
==14220== Invalid read of size 8
==14220== at 0x49CDC9: nv_type (nvtype.c:1367)
==14220== by 0x449C45: nv_name (name.c:3864)
==14220== by 0x44DF46: walk_tree (nvtree.c:1190)
==14220== by 0x44EA7A: put_tree (nvtree.c:1354)
==14220== by 0x494427: nv_putv (nvdisc.c:152)
==14220== by 0x4468B2: _nv_unset (name.c:2646)
==14220== by 0x446522: table_unset (name.c:2562)
==14220== by 0x4498CF: sh_unscope (name.c:3745)
==14220== by 0x471DB3: sh_funscope_20120720 (xec.c:4091)
==14220== by 0x4709F7: sh_funct (xec.c:3412)
==14220== by 0x46A4EC: sh_exec (xec.c:1584)
==14220== by 0x46CA4D: sh_exec (xec.c:2256)
==14220== by 0x471C93: sh_funscope_20120720 (xec.c:4082)
==14220== by 0x4709F7: sh_funct (xec.c:3412)
==14220== by 0x46A4EC: sh_exec (xec.c:1584)
==14220== by 0x40F7A2: exfile (main.c:610)
==14220== by 0x40E9ED: sh_main (main.c:382)
==14220== by 0x40DB70: main (pmain.c:45)
==14220== Address 0x59677c0 is 32 bytes inside a block of size 74 free'd
==14220== at 0x4C29BF2: _ast_free (vg_replace_malloc.c:1001)
==14220== by 0x4432E8: nv_delete (name.c:1383)
==14220== by 0x4A9300: nv_associative (array.c:1789)
==14220== by 0x4A5E57: array_putval (array.c:685)
==14220== by 0x494427: nv_putv (nvdisc.c:152)
==14220== by 0x4468B2: _nv_unset (name.c:2646)
==14220== by 0x446522: table_unset (name.c:2562)
==14220== by 0x4498CF: sh_unscope (name.c:3745)
==14220== by 0x471DB3: sh_funscope_20120720 (xec.c:4091)
==14220== by 0x4709F7: sh_funct (xec.c:3412)
==14220== by 0x46A4EC: sh_exec (xec.c:1584)
==14220== by 0x46CA4D: sh_exec (xec.c:2256)
==14220== by 0x471C93: sh_funscope_20120720 (xec.c:4082)
==14220== by 0x4709F7: sh_funct (xec.c:3412)
==14220== by 0x46A4EC: sh_exec (xec.c:1584)
==14220== by 0x40F7A2: exfile (main.c:610)
==14220== by 0x40E9ED: sh_main (main.c:382)
==14220== by 0x40DB70: main (pmain.c:45)
==14220==
==14220== Invalid read of size 2
==14220== at 0x449C4F: nv_name (name.c:3864)
==14220== by 0x44DF46: walk_tree (nvtree.c:1190)
==14220== by 0x44EA7A: put_tree (nvtree.c:1354)
==14220== by 0x494427: nv_putv (nvdisc.c:152)
==14220== by 0x4468B2: _nv_unset (name.c:2646)
==14220== by 0x446522: table_unset (name.c:2562)
==14220== by 0x4498CF: sh_unscope (name.c:3745)
==14220== by 0x471DB3: sh_funscope_20120720 (xec.c:4091)
==14220== by 0x4709F7: sh_funct (xec.c:3412)
==14220== by 0x46A4EC: sh_exec (xec.c:1584)
==14220== by 0x46CA4D: sh_exec (xec.c:2256)
==14220== by 0x471C93: sh_funscope_20120720 (xec.c:4082)
==14220== by 0x4709F7: sh_funct (xec.c:3412)
==14220== by 0x46A4EC: sh_exec (xec.c:1584)
==14220== by 0x40F7A2: exfile (main.c:610)
==14220== by 0x40E9ED: sh_main (main.c:382)
==14220== by 0x40DB70: main (pmain.c:45)
==14220== Address 0x59677b8 is 24 bytes inside a block of size 74 free'd
==14220== at 0x4C29BF2: _ast_free (vg_replace_malloc.c:1001)
==14220== by 0x4432E8: nv_delete (name.c:1383)
==14220== by 0x4A9300: nv_associative (array.c:1789)
==14220== by 0x4A5E57: array_putval (array.c:685)
==14220== by 0x494427: nv_putv (nvdisc.c:152)
==14220== by 0x4468B2: _nv_unset (name.c:2646)
==14220== by 0x446522: table_unset (name.c:2562)
==14220== by 0x4498CF: sh_unscope (name.c:3745)
==14220== by 0x471DB3: sh_funscope_20120720 (xec.c:4091)
==14220== by 0x4709F7: sh_funct (xec.c:3412)
==14220== by 0x46A4EC: sh_exec (xec.c:1584)
==14220== by 0x46CA4D: sh_exec (xec.c:2256)
==14220== by 0x471C93: sh_funscope_20120720 (xec.c:4082)
==14220== by 0x4709F7: sh_funct (xec.c:3412)
==14220== by 0x46A4EC: sh_exec (xec.c:1584)
==14220== by 0x40F7A2: exfile (main.c:610)
==14220== by 0x40E9ED: sh_main (main.c:382)
==14220== by 0x40DB70: main (pmain.c:45)
==14220==
==14220==
==14220== HEAP SUMMARY:
==14220== in use at exit: 232,743 bytes in 183 blocks
==14220== total heap usage: 691 allocs, 508 frees, 483,318 bytes allocated
==14220==
==14220== LEAK SUMMARY:
==14220== definitely lost: 128 bytes in 2 blocks
==14220== indirectly lost: 0 bytes in 0 blocks
==14220== possibly lost: 10,570 bytes in 6 blocks
==14220== still reachable: 222,045 bytes in 175 blocks
==14220== suppressed: 0 bytes in 0 blocks
==14220== Rerun with --leak-check=full to see details of leaked memory
==14220==
==14220== For counts of detected and suppressed errors, rerun with: -v
==14220== ERROR SUMMARY: 7 errors from 7 contexts (suppressed: 0 from 0)
-- snip --

I think I reported this bug or a similar one the list a while ago... ;-(

----

Bye,
Roland
--
__ . . __
(o.\ \/ /.o) roland.mainz at nrubsig.org
\__\/\/__/ MPEG specialist, C&&JAVA&&Sun&&Unix programmer
/O /==\ O\ TEL +49 641 3992797
(;O/ \/ \O;)
Irek Szczesniak
2013-09-25 14:59:04 UTC
Permalink
Post by Roland Mainz
Hi!
----
The following testcase...
-- snip --
typeset -T x_t=(
bool running=true
function loopme
{
compound -A pt=(
[irc]=( compound events=( bool pollin='true'
pollhup='true' ) )
[userinput]=( compound events=( bool pollin='true' ) )
)
}
)
function main
{
x_t foo
foo.loopme
}
main
-- snip --
-- snip --
$ ~/vg/bin/valgrind --read-var-info=yes --num-callers=200 ~/bin/ksh /tmp/y.sh
==14220== Memcheck, a memory error detector
==14220== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al.
==14220== Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright info
==14220== Command: /home/test001/bin/ksh /tmp/y.sh
[snip]
==14220== Invalid read of size 8
==14220== at 0x449BF0: nv_name (name.c:3862)
==14220== by 0x44DF46: walk_tree (nvtree.c:1190)
==14220== by 0x44EA7A: put_tree (nvtree.c:1354)
==14220== by 0x494427: nv_putv (nvdisc.c:152)
==14220== by 0x4468B2: _nv_unset (name.c:2646)
==14220== by 0x446522: table_unset (name.c:2562)
==14220== by 0x4498CF: sh_unscope (name.c:3745)
==14220== by 0x471DB3: sh_funscope_20120720 (xec.c:4091)
==14220== by 0x4709F7: sh_funct (xec.c:3412)
==14220== by 0x46A4EC: sh_exec (xec.c:1584)
==14220== by 0x46CA4D: sh_exec (xec.c:2256)
==14220== by 0x471C93: sh_funscope_20120720 (xec.c:4082)
==14220== by 0x4709F7: sh_funct (xec.c:3412)
==14220== by 0x46A4EC: sh_exec (xec.c:1584)
==14220== by 0x40F7A2: exfile (main.c:610)
==14220== by 0x40E9ED: sh_main (main.c:382)
==14220== by 0x40DB70: main (pmain.c:45)
==14220== Address 0x59677b0 is 16 bytes inside a block of size 74 free'd
==14220== at 0x4C29BF2: _ast_free (vg_replace_malloc.c:1001)
==14220== by 0x4432E8: nv_delete (name.c:1383)
==14220== by 0x4A9300: nv_associative (array.c:1789)
==14220== by 0x4A5E57: array_putval (array.c:685)
==14220== by 0x494427: nv_putv (nvdisc.c:152)
==14220== by 0x4468B2: _nv_unset (name.c:2646)
==14220== by 0x446522: table_unset (name.c:2562)
==14220== by 0x4498CF: sh_unscope (name.c:3745)
==14220== by 0x471DB3: sh_funscope_20120720 (xec.c:4091)
==14220== by 0x4709F7: sh_funct (xec.c:3412)
==14220== by 0x46A4EC: sh_exec (xec.c:1584)
==14220== by 0x46CA4D: sh_exec (xec.c:2256)
==14220== by 0x471C93: sh_funscope_20120720 (xec.c:4082)
==14220== by 0x4709F7: sh_funct (xec.c:3412)
==14220== by 0x46A4EC: sh_exec (xec.c:1584)
==14220== by 0x40F7A2: exfile (main.c:610)
==14220== by 0x40E9ED: sh_main (main.c:382)
==14220== by 0x40DB70: main (pmain.c:45)
==14220==
==14220== Invalid read of size 8
==14220== at 0x449BFD: nv_name (name.c:3862)
==14220== by 0x44DF46: walk_tree (nvtree.c:1190)
==14220== by 0x44EA7A: put_tree (nvtree.c:1354)
==14220== by 0x494427: nv_putv (nvdisc.c:152)
==14220== by 0x4468B2: _nv_unset (name.c:2646)
==14220== by 0x446522: table_unset (name.c:2562)
==14220== by 0x4498CF: sh_unscope (name.c:3745)
==14220== by 0x471DB3: sh_funscope_20120720 (xec.c:4091)
==14220== by 0x4709F7: sh_funct (xec.c:3412)
==14220== by 0x46A4EC: sh_exec (xec.c:1584)
==14220== by 0x46CA4D: sh_exec (xec.c:2256)
==14220== by 0x471C93: sh_funscope_20120720 (xec.c:4082)
==14220== by 0x4709F7: sh_funct (xec.c:3412)
==14220== by 0x46A4EC: sh_exec (xec.c:1584)
==14220== by 0x40F7A2: exfile (main.c:610)
==14220== by 0x40E9ED: sh_main (main.c:382)
==14220== by 0x40DB70: main (pmain.c:45)
==14220== Address 0x59677b0 is 16 bytes inside a block of size 74 free'd
==14220== at 0x4C29BF2: _ast_free (vg_replace_malloc.c:1001)
==14220== by 0x4432E8: nv_delete (name.c:1383)
==14220== by 0x4A9300: nv_associative (array.c:1789)
==14220== by 0x4A5E57: array_putval (array.c:685)
==14220== by 0x494427: nv_putv (nvdisc.c:152)
==14220== by 0x4468B2: _nv_unset (name.c:2646)
==14220== by 0x446522: table_unset (name.c:2562)
==14220== by 0x4498CF: sh_unscope (name.c:3745)
==14220== by 0x471DB3: sh_funscope_20120720 (xec.c:4091)
==14220== by 0x4709F7: sh_funct (xec.c:3412)
==14220== by 0x46A4EC: sh_exec (xec.c:1584)
==14220== by 0x46CA4D: sh_exec (xec.c:2256)
==14220== by 0x471C93: sh_funscope_20120720 (xec.c:4082)
==14220== by 0x4709F7: sh_funct (xec.c:3412)
==14220== by 0x46A4EC: sh_exec (xec.c:1584)
==14220== by 0x40F7A2: exfile (main.c:610)
==14220== by 0x40E9ED: sh_main (main.c:382)
==14220== by 0x40DB70: main (pmain.c:45)
==14220==
==14220== Invalid read of size 1
==14220== at 0x449C01: nv_name (name.c:3862)
==14220== by 0x44DF46: walk_tree (nvtree.c:1190)
==14220== by 0x44EA7A: put_tree (nvtree.c:1354)
==14220== by 0x494427: nv_putv (nvdisc.c:152)
==14220== by 0x4468B2: _nv_unset (name.c:2646)
==14220== by 0x446522: table_unset (name.c:2562)
==14220== by 0x4498CF: sh_unscope (name.c:3745)
==14220== by 0x471DB3: sh_funscope_20120720 (xec.c:4091)
==14220== by 0x4709F7: sh_funct (xec.c:3412)
==14220== by 0x46A4EC: sh_exec (xec.c:1584)
==14220== by 0x46CA4D: sh_exec (xec.c:2256)
==14220== by 0x471C93: sh_funscope_20120720 (xec.c:4082)
==14220== by 0x4709F7: sh_funct (xec.c:3412)
==14220== by 0x46A4EC: sh_exec (xec.c:1584)
==14220== by 0x40F7A2: exfile (main.c:610)
==14220== by 0x40E9ED: sh_main (main.c:382)
==14220== by 0x40DB70: main (pmain.c:45)
==14220== Address 0x59677e0 is 64 bytes inside a block of size 74 free'd
==14220== at 0x4C29BF2: _ast_free (vg_replace_malloc.c:1001)
==14220== by 0x4432E8: nv_delete (name.c:1383)
==14220== by 0x4A9300: nv_associative (array.c:1789)
==14220== by 0x4A5E57: array_putval (array.c:685)
==14220== by 0x494427: nv_putv (nvdisc.c:152)
==14220== by 0x4468B2: _nv_unset (name.c:2646)
==14220== by 0x446522: table_unset (name.c:2562)
==14220== by 0x4498CF: sh_unscope (name.c:3745)
==14220== by 0x471DB3: sh_funscope_20120720 (xec.c:4091)
==14220== by 0x4709F7: sh_funct (xec.c:3412)
==14220== by 0x46A4EC: sh_exec (xec.c:1584)
==14220== by 0x46CA4D: sh_exec (xec.c:2256)
==14220== by 0x471C93: sh_funscope_20120720 (xec.c:4082)
==14220== by 0x4709F7: sh_funct (xec.c:3412)
==14220== by 0x46A4EC: sh_exec (xec.c:1584)
==14220== by 0x40F7A2: exfile (main.c:610)
==14220== by 0x40E9ED: sh_main (main.c:382)
==14220== by 0x40DB70: main (pmain.c:45)
==14220==
==14220== Invalid read of size 2
==14220== at 0x49CD8C: nv_type (nvtype.c:1362)
==14220== by 0x449C45: nv_name (name.c:3864)
==14220== by 0x44DF46: walk_tree (nvtree.c:1190)
==14220== by 0x44EA7A: put_tree (nvtree.c:1354)
==14220== by 0x494427: nv_putv (nvdisc.c:152)
==14220== by 0x4468B2: _nv_unset (name.c:2646)
==14220== by 0x446522: table_unset (name.c:2562)
==14220== by 0x4498CF: sh_unscope (name.c:3745)
==14220== by 0x471DB3: sh_funscope_20120720 (xec.c:4091)
==14220== by 0x4709F7: sh_funct (xec.c:3412)
==14220== by 0x46A4EC: sh_exec (xec.c:1584)
==14220== by 0x46CA4D: sh_exec (xec.c:2256)
==14220== by 0x471C93: sh_funscope_20120720 (xec.c:4082)
==14220== by 0x4709F7: sh_funct (xec.c:3412)
==14220== by 0x46A4EC: sh_exec (xec.c:1584)
==14220== by 0x40F7A2: exfile (main.c:610)
==14220== by 0x40E9ED: sh_main (main.c:382)
==14220== by 0x40DB70: main (pmain.c:45)
==14220== Address 0x59677b8 is 24 bytes inside a block of size 74 free'd
==14220== at 0x4C29BF2: _ast_free (vg_replace_malloc.c:1001)
==14220== by 0x4432E8: nv_delete (name.c:1383)
==14220== by 0x4A9300: nv_associative (array.c:1789)
==14220== by 0x4A5E57: array_putval (array.c:685)
==14220== by 0x494427: nv_putv (nvdisc.c:152)
==14220== by 0x4468B2: _nv_unset (name.c:2646)
==14220== by 0x446522: table_unset (name.c:2562)
==14220== by 0x4498CF: sh_unscope (name.c:3745)
==14220== by 0x471DB3: sh_funscope_20120720 (xec.c:4091)
==14220== by 0x4709F7: sh_funct (xec.c:3412)
==14220== by 0x46A4EC: sh_exec (xec.c:1584)
==14220== by 0x46CA4D: sh_exec (xec.c:2256)
==14220== by 0x471C93: sh_funscope_20120720 (xec.c:4082)
==14220== by 0x4709F7: sh_funct (xec.c:3412)
==14220== by 0x46A4EC: sh_exec (xec.c:1584)
==14220== by 0x40F7A2: exfile (main.c:610)
==14220== by 0x40E9ED: sh_main (main.c:382)
==14220== by 0x40DB70: main (pmain.c:45)
==14220==
==14220== Invalid read of size 8
==14220== at 0x49CDC9: nv_type (nvtype.c:1367)
==14220== by 0x449C45: nv_name (name.c:3864)
==14220== by 0x44DF46: walk_tree (nvtree.c:1190)
==14220== by 0x44EA7A: put_tree (nvtree.c:1354)
==14220== by 0x494427: nv_putv (nvdisc.c:152)
==14220== by 0x4468B2: _nv_unset (name.c:2646)
==14220== by 0x446522: table_unset (name.c:2562)
==14220== by 0x4498CF: sh_unscope (name.c:3745)
==14220== by 0x471DB3: sh_funscope_20120720 (xec.c:4091)
==14220== by 0x4709F7: sh_funct (xec.c:3412)
==14220== by 0x46A4EC: sh_exec (xec.c:1584)
==14220== by 0x46CA4D: sh_exec (xec.c:2256)
==14220== by 0x471C93: sh_funscope_20120720 (xec.c:4082)
==14220== by 0x4709F7: sh_funct (xec.c:3412)
==14220== by 0x46A4EC: sh_exec (xec.c:1584)
==14220== by 0x40F7A2: exfile (main.c:610)
==14220== by 0x40E9ED: sh_main (main.c:382)
==14220== by 0x40DB70: main (pmain.c:45)
==14220== Address 0x59677c0 is 32 bytes inside a block of size 74 free'd
==14220== at 0x4C29BF2: _ast_free (vg_replace_malloc.c:1001)
==14220== by 0x4432E8: nv_delete (name.c:1383)
==14220== by 0x4A9300: nv_associative (array.c:1789)
==14220== by 0x4A5E57: array_putval (array.c:685)
==14220== by 0x494427: nv_putv (nvdisc.c:152)
==14220== by 0x4468B2: _nv_unset (name.c:2646)
==14220== by 0x446522: table_unset (name.c:2562)
==14220== by 0x4498CF: sh_unscope (name.c:3745)
==14220== by 0x471DB3: sh_funscope_20120720 (xec.c:4091)
==14220== by 0x4709F7: sh_funct (xec.c:3412)
==14220== by 0x46A4EC: sh_exec (xec.c:1584)
==14220== by 0x46CA4D: sh_exec (xec.c:2256)
==14220== by 0x471C93: sh_funscope_20120720 (xec.c:4082)
==14220== by 0x4709F7: sh_funct (xec.c:3412)
==14220== by 0x46A4EC: sh_exec (xec.c:1584)
==14220== by 0x40F7A2: exfile (main.c:610)
==14220== by 0x40E9ED: sh_main (main.c:382)
==14220== by 0x40DB70: main (pmain.c:45)
==14220==
==14220== Invalid read of size 2
==14220== at 0x449C4F: nv_name (name.c:3864)
==14220== by 0x44DF46: walk_tree (nvtree.c:1190)
==14220== by 0x44EA7A: put_tree (nvtree.c:1354)
==14220== by 0x494427: nv_putv (nvdisc.c:152)
==14220== by 0x4468B2: _nv_unset (name.c:2646)
==14220== by 0x446522: table_unset (name.c:2562)
==14220== by 0x4498CF: sh_unscope (name.c:3745)
==14220== by 0x471DB3: sh_funscope_20120720 (xec.c:4091)
==14220== by 0x4709F7: sh_funct (xec.c:3412)
==14220== by 0x46A4EC: sh_exec (xec.c:1584)
==14220== by 0x46CA4D: sh_exec (xec.c:2256)
==14220== by 0x471C93: sh_funscope_20120720 (xec.c:4082)
==14220== by 0x4709F7: sh_funct (xec.c:3412)
==14220== by 0x46A4EC: sh_exec (xec.c:1584)
==14220== by 0x40F7A2: exfile (main.c:610)
==14220== by 0x40E9ED: sh_main (main.c:382)
==14220== by 0x40DB70: main (pmain.c:45)
==14220== Address 0x59677b8 is 24 bytes inside a block of size 74 free'd
==14220== at 0x4C29BF2: _ast_free (vg_replace_malloc.c:1001)
==14220== by 0x4432E8: nv_delete (name.c:1383)
==14220== by 0x4A9300: nv_associative (array.c:1789)
==14220== by 0x4A5E57: array_putval (array.c:685)
==14220== by 0x494427: nv_putv (nvdisc.c:152)
==14220== by 0x4468B2: _nv_unset (name.c:2646)
==14220== by 0x446522: table_unset (name.c:2562)
==14220== by 0x4498CF: sh_unscope (name.c:3745)
==14220== by 0x471DB3: sh_funscope_20120720 (xec.c:4091)
==14220== by 0x4709F7: sh_funct (xec.c:3412)
==14220== by 0x46A4EC: sh_exec (xec.c:1584)
==14220== by 0x46CA4D: sh_exec (xec.c:2256)
==14220== by 0x471C93: sh_funscope_20120720 (xec.c:4082)
==14220== by 0x4709F7: sh_funct (xec.c:3412)
==14220== by 0x46A4EC: sh_exec (xec.c:1584)
==14220== by 0x40F7A2: exfile (main.c:610)
==14220== by 0x40E9ED: sh_main (main.c:382)
==14220== by 0x40DB70: main (pmain.c:45)
==14220==
==14220==
==14220== in use at exit: 232,743 bytes in 183 blocks
==14220== total heap usage: 691 allocs, 508 frees, 483,318 bytes allocated
==14220==
==14220== definitely lost: 128 bytes in 2 blocks
==14220== indirectly lost: 0 bytes in 0 blocks
==14220== possibly lost: 10,570 bytes in 6 blocks
==14220== still reachable: 222,045 bytes in 175 blocks
==14220== suppressed: 0 bytes in 0 blocks
==14220== Rerun with --leak-check=full to see details of leaked memory
==14220==
==14220== For counts of detected and suppressed errors, rerun with: -v
==14220== ERROR SUMMARY: 7 errors from 7 contexts (suppressed: 0 from 0)
-- snip --
I think I reported this bug or a similar one the list a while ago... ;-(
I've seen that kind of bug before but could never pinpoint a it to a
point where I could create a reduced testcase. The bug seriously
impairs our ability to use the type system in ksh93 so a quick fix
would be appreciated.

Irek
Cedric Blancher
2013-09-27 09:35:46 UTC
Permalink
Post by Irek Szczesniak
Post by Roland Mainz
Hi!
----
The following testcase...
-- snip --
typeset -T x_t=(
bool running=true
function loopme
{
compound -A pt=(
[irc]=( compound events=( bool pollin='true'
pollhup='true' ) )
[userinput]=( compound events=( bool pollin='true' ) )
)
}
)
function main
{
x_t foo
foo.loopme
}
main
-- snip --
-- snip --
$ ~/vg/bin/valgrind --read-var-info=yes --num-callers=200 ~/bin/ksh /tmp/y.sh
==14220== Memcheck, a memory error detector
==14220== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al.
==14220== Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright info
==14220== Command: /home/test001/bin/ksh /tmp/y.sh
[snip]
==14220== Invalid read of size 8
==14220== at 0x449BF0: nv_name (name.c:3862)
==14220== by 0x44DF46: walk_tree (nvtree.c:1190)
==14220== by 0x44EA7A: put_tree (nvtree.c:1354)
==14220== by 0x494427: nv_putv (nvdisc.c:152)
==14220== by 0x4468B2: _nv_unset (name.c:2646)
==14220== by 0x446522: table_unset (name.c:2562)
==14220== by 0x4498CF: sh_unscope (name.c:3745)
==14220== by 0x471DB3: sh_funscope_20120720 (xec.c:4091)
==14220== by 0x4709F7: sh_funct (xec.c:3412)
==14220== by 0x46A4EC: sh_exec (xec.c:1584)
==14220== by 0x46CA4D: sh_exec (xec.c:2256)
==14220== by 0x471C93: sh_funscope_20120720 (xec.c:4082)
==14220== by 0x4709F7: sh_funct (xec.c:3412)
==14220== by 0x46A4EC: sh_exec (xec.c:1584)
==14220== by 0x40F7A2: exfile (main.c:610)
==14220== by 0x40E9ED: sh_main (main.c:382)
==14220== by 0x40DB70: main (pmain.c:45)
==14220== Address 0x59677b0 is 16 bytes inside a block of size 74 free'd
==14220== at 0x4C29BF2: _ast_free (vg_replace_malloc.c:1001)
==14220== by 0x4432E8: nv_delete (name.c:1383)
==14220== by 0x4A9300: nv_associative (array.c:1789)
==14220== by 0x4A5E57: array_putval (array.c:685)
==14220== by 0x494427: nv_putv (nvdisc.c:152)
==14220== by 0x4468B2: _nv_unset (name.c:2646)
==14220== by 0x446522: table_unset (name.c:2562)
==14220== by 0x4498CF: sh_unscope (name.c:3745)
==14220== by 0x471DB3: sh_funscope_20120720 (xec.c:4091)
==14220== by 0x4709F7: sh_funct (xec.c:3412)
==14220== by 0x46A4EC: sh_exec (xec.c:1584)
==14220== by 0x46CA4D: sh_exec (xec.c:2256)
==14220== by 0x471C93: sh_funscope_20120720 (xec.c:4082)
==14220== by 0x4709F7: sh_funct (xec.c:3412)
==14220== by 0x46A4EC: sh_exec (xec.c:1584)
==14220== by 0x40F7A2: exfile (main.c:610)
==14220== by 0x40E9ED: sh_main (main.c:382)
==14220== by 0x40DB70: main (pmain.c:45)
==14220==
==14220== Invalid read of size 8
==14220== at 0x449BFD: nv_name (name.c:3862)
==14220== by 0x44DF46: walk_tree (nvtree.c:1190)
==14220== by 0x44EA7A: put_tree (nvtree.c:1354)
==14220== by 0x494427: nv_putv (nvdisc.c:152)
==14220== by 0x4468B2: _nv_unset (name.c:2646)
==14220== by 0x446522: table_unset (name.c:2562)
==14220== by 0x4498CF: sh_unscope (name.c:3745)
==14220== by 0x471DB3: sh_funscope_20120720 (xec.c:4091)
==14220== by 0x4709F7: sh_funct (xec.c:3412)
==14220== by 0x46A4EC: sh_exec (xec.c:1584)
==14220== by 0x46CA4D: sh_exec (xec.c:2256)
==14220== by 0x471C93: sh_funscope_20120720 (xec.c:4082)
==14220== by 0x4709F7: sh_funct (xec.c:3412)
==14220== by 0x46A4EC: sh_exec (xec.c:1584)
==14220== by 0x40F7A2: exfile (main.c:610)
==14220== by 0x40E9ED: sh_main (main.c:382)
==14220== by 0x40DB70: main (pmain.c:45)
==14220== Address 0x59677b0 is 16 bytes inside a block of size 74 free'd
==14220== at 0x4C29BF2: _ast_free (vg_replace_malloc.c:1001)
==14220== by 0x4432E8: nv_delete (name.c:1383)
==14220== by 0x4A9300: nv_associative (array.c:1789)
==14220== by 0x4A5E57: array_putval (array.c:685)
==14220== by 0x494427: nv_putv (nvdisc.c:152)
==14220== by 0x4468B2: _nv_unset (name.c:2646)
==14220== by 0x446522: table_unset (name.c:2562)
==14220== by 0x4498CF: sh_unscope (name.c:3745)
==14220== by 0x471DB3: sh_funscope_20120720 (xec.c:4091)
==14220== by 0x4709F7: sh_funct (xec.c:3412)
==14220== by 0x46A4EC: sh_exec (xec.c:1584)
==14220== by 0x46CA4D: sh_exec (xec.c:2256)
==14220== by 0x471C93: sh_funscope_20120720 (xec.c:4082)
==14220== by 0x4709F7: sh_funct (xec.c:3412)
==14220== by 0x46A4EC: sh_exec (xec.c:1584)
==14220== by 0x40F7A2: exfile (main.c:610)
==14220== by 0x40E9ED: sh_main (main.c:382)
==14220== by 0x40DB70: main (pmain.c:45)
==14220==
==14220== Invalid read of size 1
==14220== at 0x449C01: nv_name (name.c:3862)
==14220== by 0x44DF46: walk_tree (nvtree.c:1190)
==14220== by 0x44EA7A: put_tree (nvtree.c:1354)
==14220== by 0x494427: nv_putv (nvdisc.c:152)
==14220== by 0x4468B2: _nv_unset (name.c:2646)
==14220== by 0x446522: table_unset (name.c:2562)
==14220== by 0x4498CF: sh_unscope (name.c:3745)
==14220== by 0x471DB3: sh_funscope_20120720 (xec.c:4091)
==14220== by 0x4709F7: sh_funct (xec.c:3412)
==14220== by 0x46A4EC: sh_exec (xec.c:1584)
==14220== by 0x46CA4D: sh_exec (xec.c:2256)
==14220== by 0x471C93: sh_funscope_20120720 (xec.c:4082)
==14220== by 0x4709F7: sh_funct (xec.c:3412)
==14220== by 0x46A4EC: sh_exec (xec.c:1584)
==14220== by 0x40F7A2: exfile (main.c:610)
==14220== by 0x40E9ED: sh_main (main.c:382)
==14220== by 0x40DB70: main (pmain.c:45)
==14220== Address 0x59677e0 is 64 bytes inside a block of size 74 free'd
==14220== at 0x4C29BF2: _ast_free (vg_replace_malloc.c:1001)
==14220== by 0x4432E8: nv_delete (name.c:1383)
==14220== by 0x4A9300: nv_associative (array.c:1789)
==14220== by 0x4A5E57: array_putval (array.c:685)
==14220== by 0x494427: nv_putv (nvdisc.c:152)
==14220== by 0x4468B2: _nv_unset (name.c:2646)
==14220== by 0x446522: table_unset (name.c:2562)
==14220== by 0x4498CF: sh_unscope (name.c:3745)
==14220== by 0x471DB3: sh_funscope_20120720 (xec.c:4091)
==14220== by 0x4709F7: sh_funct (xec.c:3412)
==14220== by 0x46A4EC: sh_exec (xec.c:1584)
==14220== by 0x46CA4D: sh_exec (xec.c:2256)
==14220== by 0x471C93: sh_funscope_20120720 (xec.c:4082)
==14220== by 0x4709F7: sh_funct (xec.c:3412)
==14220== by 0x46A4EC: sh_exec (xec.c:1584)
==14220== by 0x40F7A2: exfile (main.c:610)
==14220== by 0x40E9ED: sh_main (main.c:382)
==14220== by 0x40DB70: main (pmain.c:45)
==14220==
==14220== Invalid read of size 2
==14220== at 0x49CD8C: nv_type (nvtype.c:1362)
==14220== by 0x449C45: nv_name (name.c:3864)
==14220== by 0x44DF46: walk_tree (nvtree.c:1190)
==14220== by 0x44EA7A: put_tree (nvtree.c:1354)
==14220== by 0x494427: nv_putv (nvdisc.c:152)
==14220== by 0x4468B2: _nv_unset (name.c:2646)
==14220== by 0x446522: table_unset (name.c:2562)
==14220== by 0x4498CF: sh_unscope (name.c:3745)
==14220== by 0x471DB3: sh_funscope_20120720 (xec.c:4091)
==14220== by 0x4709F7: sh_funct (xec.c:3412)
==14220== by 0x46A4EC: sh_exec (xec.c:1584)
==14220== by 0x46CA4D: sh_exec (xec.c:2256)
==14220== by 0x471C93: sh_funscope_20120720 (xec.c:4082)
==14220== by 0x4709F7: sh_funct (xec.c:3412)
==14220== by 0x46A4EC: sh_exec (xec.c:1584)
==14220== by 0x40F7A2: exfile (main.c:610)
==14220== by 0x40E9ED: sh_main (main.c:382)
==14220== by 0x40DB70: main (pmain.c:45)
==14220== Address 0x59677b8 is 24 bytes inside a block of size 74 free'd
==14220== at 0x4C29BF2: _ast_free (vg_replace_malloc.c:1001)
==14220== by 0x4432E8: nv_delete (name.c:1383)
==14220== by 0x4A9300: nv_associative (array.c:1789)
==14220== by 0x4A5E57: array_putval (array.c:685)
==14220== by 0x494427: nv_putv (nvdisc.c:152)
==14220== by 0x4468B2: _nv_unset (name.c:2646)
==14220== by 0x446522: table_unset (name.c:2562)
==14220== by 0x4498CF: sh_unscope (name.c:3745)
==14220== by 0x471DB3: sh_funscope_20120720 (xec.c:4091)
==14220== by 0x4709F7: sh_funct (xec.c:3412)
==14220== by 0x46A4EC: sh_exec (xec.c:1584)
==14220== by 0x46CA4D: sh_exec (xec.c:2256)
==14220== by 0x471C93: sh_funscope_20120720 (xec.c:4082)
==14220== by 0x4709F7: sh_funct (xec.c:3412)
==14220== by 0x46A4EC: sh_exec (xec.c:1584)
==14220== by 0x40F7A2: exfile (main.c:610)
==14220== by 0x40E9ED: sh_main (main.c:382)
==14220== by 0x40DB70: main (pmain.c:45)
==14220==
==14220== Invalid read of size 8
==14220== at 0x49CDC9: nv_type (nvtype.c:1367)
==14220== by 0x449C45: nv_name (name.c:3864)
==14220== by 0x44DF46: walk_tree (nvtree.c:1190)
==14220== by 0x44EA7A: put_tree (nvtree.c:1354)
==14220== by 0x494427: nv_putv (nvdisc.c:152)
==14220== by 0x4468B2: _nv_unset (name.c:2646)
==14220== by 0x446522: table_unset (name.c:2562)
==14220== by 0x4498CF: sh_unscope (name.c:3745)
==14220== by 0x471DB3: sh_funscope_20120720 (xec.c:4091)
==14220== by 0x4709F7: sh_funct (xec.c:3412)
==14220== by 0x46A4EC: sh_exec (xec.c:1584)
==14220== by 0x46CA4D: sh_exec (xec.c:2256)
==14220== by 0x471C93: sh_funscope_20120720 (xec.c:4082)
==14220== by 0x4709F7: sh_funct (xec.c:3412)
==14220== by 0x46A4EC: sh_exec (xec.c:1584)
==14220== by 0x40F7A2: exfile (main.c:610)
==14220== by 0x40E9ED: sh_main (main.c:382)
==14220== by 0x40DB70: main (pmain.c:45)
==14220== Address 0x59677c0 is 32 bytes inside a block of size 74 free'd
==14220== at 0x4C29BF2: _ast_free (vg_replace_malloc.c:1001)
==14220== by 0x4432E8: nv_delete (name.c:1383)
==14220== by 0x4A9300: nv_associative (array.c:1789)
==14220== by 0x4A5E57: array_putval (array.c:685)
==14220== by 0x494427: nv_putv (nvdisc.c:152)
==14220== by 0x4468B2: _nv_unset (name.c:2646)
==14220== by 0x446522: table_unset (name.c:2562)
==14220== by 0x4498CF: sh_unscope (name.c:3745)
==14220== by 0x471DB3: sh_funscope_20120720 (xec.c:4091)
==14220== by 0x4709F7: sh_funct (xec.c:3412)
==14220== by 0x46A4EC: sh_exec (xec.c:1584)
==14220== by 0x46CA4D: sh_exec (xec.c:2256)
==14220== by 0x471C93: sh_funscope_20120720 (xec.c:4082)
==14220== by 0x4709F7: sh_funct (xec.c:3412)
==14220== by 0x46A4EC: sh_exec (xec.c:1584)
==14220== by 0x40F7A2: exfile (main.c:610)
==14220== by 0x40E9ED: sh_main (main.c:382)
==14220== by 0x40DB70: main (pmain.c:45)
==14220==
==14220== Invalid read of size 2
==14220== at 0x449C4F: nv_name (name.c:3864)
==14220== by 0x44DF46: walk_tree (nvtree.c:1190)
==14220== by 0x44EA7A: put_tree (nvtree.c:1354)
==14220== by 0x494427: nv_putv (nvdisc.c:152)
==14220== by 0x4468B2: _nv_unset (name.c:2646)
==14220== by 0x446522: table_unset (name.c:2562)
==14220== by 0x4498CF: sh_unscope (name.c:3745)
==14220== by 0x471DB3: sh_funscope_20120720 (xec.c:4091)
==14220== by 0x4709F7: sh_funct (xec.c:3412)
==14220== by 0x46A4EC: sh_exec (xec.c:1584)
==14220== by 0x46CA4D: sh_exec (xec.c:2256)
==14220== by 0x471C93: sh_funscope_20120720 (xec.c:4082)
==14220== by 0x4709F7: sh_funct (xec.c:3412)
==14220== by 0x46A4EC: sh_exec (xec.c:1584)
==14220== by 0x40F7A2: exfile (main.c:610)
==14220== by 0x40E9ED: sh_main (main.c:382)
==14220== by 0x40DB70: main (pmain.c:45)
==14220== Address 0x59677b8 is 24 bytes inside a block of size 74 free'd
==14220== at 0x4C29BF2: _ast_free (vg_replace_malloc.c:1001)
==14220== by 0x4432E8: nv_delete (name.c:1383)
==14220== by 0x4A9300: nv_associative (array.c:1789)
==14220== by 0x4A5E57: array_putval (array.c:685)
==14220== by 0x494427: nv_putv (nvdisc.c:152)
==14220== by 0x4468B2: _nv_unset (name.c:2646)
==14220== by 0x446522: table_unset (name.c:2562)
==14220== by 0x4498CF: sh_unscope (name.c:3745)
==14220== by 0x471DB3: sh_funscope_20120720 (xec.c:4091)
==14220== by 0x4709F7: sh_funct (xec.c:3412)
==14220== by 0x46A4EC: sh_exec (xec.c:1584)
==14220== by 0x46CA4D: sh_exec (xec.c:2256)
==14220== by 0x471C93: sh_funscope_20120720 (xec.c:4082)
==14220== by 0x4709F7: sh_funct (xec.c:3412)
==14220== by 0x46A4EC: sh_exec (xec.c:1584)
==14220== by 0x40F7A2: exfile (main.c:610)
==14220== by 0x40E9ED: sh_main (main.c:382)
==14220== by 0x40DB70: main (pmain.c:45)
==14220==
==14220==
==14220== in use at exit: 232,743 bytes in 183 blocks
==14220== total heap usage: 691 allocs, 508 frees, 483,318 bytes allocated
==14220==
==14220== definitely lost: 128 bytes in 2 blocks
==14220== indirectly lost: 0 bytes in 0 blocks
==14220== possibly lost: 10,570 bytes in 6 blocks
==14220== still reachable: 222,045 bytes in 175 blocks
==14220== suppressed: 0 bytes in 0 blocks
==14220== Rerun with --leak-check=full to see details of leaked memory
==14220==
==14220== For counts of detected and suppressed errors, rerun with: -v
==14220== ERROR SUMMARY: 7 errors from 7 contexts (suppressed: 0 from 0)
-- snip --
I think I reported this bug or a similar one the list a while ago... ;-(
I've seen that kind of bug before but could never pinpoint a it to a
point where I could create a reduced testcase. The bug seriously
impairs our ability to use the type system in ksh93 so a quick fix
would be appreciated.
I think the common cause are associative compound array + enum (bool).
After upgrading to ast-ksh.20130926 we've experienced total chaos
because our applications randomly crash; if I use
VMALLOC_OPTIONS='abort' we see similar stack traces than those
reported here with use-after-free().

Ced
--
Cedric Blancher <cedric.blancher at gmail.com>
Institute Pasteur
Loading...