From: Jun T <takimoto-j@kba.biglobe.ne.jp>
To: zsh-workers@zsh.org
Subject: memory leak (2): named reference
Date: Fri, 28 Jun 2024 19:19:34 +0900 [thread overview]
Message-ID: <0D741AF4-0E8C-4FAA-B45A-E787958FCC41@kba.biglobe.ne.jp> (raw)
This is the second problem (related with the named reference).
In the following all the tests are run as
% valgrind --leak-check=full zsh -f test_n
% cat test1
typeset -n ptr
ptr=ptr
Invalid read of size 8
at 0x1A498C: assignstrvalue (params.c:2814)
Address 0x4bd6120 is 48 bytes inside a block of size 80 free'd
by 0x193DB1: zfree (mem.c:1871)
by 0x1AE241: freeparamnode (params.c:5913)
by 0x1AA4A1: unsetparam_pm (params.c:3871)
by 0x1AF873: setscope (params.c:6374)
by 0x1A4983: assignstrvalue (params.c:2813)
assignstrvalue() calls setscope(pm), and when it finds the self reference
(params.c:6374) it calls (indirectly) zfree(pm). But just after returning
from setscope() (params.c:2814) the freed pm is used.
% cat test2
typeset -n ptr
for ptr in foo
do; done
4 bytes in 1 blocks are definitely lost in loss record 20 of 384
by 0x1935B9: zalloc (mem.c:966)
by 0x1CEB5E: ztrdup (string.c:83)
by 0x188FBE: execfor (loop.c:168)
This is simple. In execfor()
loop.c:168 setloopvar(name, ztrdup(str))
but in setloopvar(name, value)
params.c:6329 SETREFNAME(pm, ztrdup(value))
I think we don't need two ztrdup()'s here, and the problem can be fixed
by removing the second ztrdup().
% cat test3
typeset -n ref
for ref in one ref
do; done
Invalid read of size 4
at 0x1AF3D9: setloopvar (params.c:6333)
Address 0x4bd5af0 is 16 bytes inside a block of size 80 free'd
by 0x193DB1: zfree (mem.c:1871)
by 0x1AE241: freeparamnode (params.c:5913)
by 0x1AA4A1: unsetparam_pm (params.c:3871)
by 0x1AFB27: setscope (params.c:6409)
by 0x1AF3D4: setloopvar (params.c:6332)
This similar to test1. setscope(pm) (params.c:6332) calls zfree(pm),
but the pm used just after it.
test3 also causes two memory leaks.
One is the same as test2; 7 bytes ("aa" and "ref", allocated by
ztrdup() at loop.c:168) are lost.
In the other, 4 bytes ("ref", allocated by ztrdup() at params.c:6329)
are lost. This is caused by aborting the loop by the self reference
and can't be fixed by removing the ztrdup() from params.c:6329.
reply other threads:[~2024-06-28 10:20 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0D741AF4-0E8C-4FAA-B45A-E787958FCC41@kba.biglobe.ne.jp \
--to=takimoto-j@kba.biglobe.ne.jp \
--cc=zsh-workers@zsh.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/zsh/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).