You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@apr.apache.org by bu...@apache.org on 2013/04/25 13:48:49 UTC
[Bug 54892] New: Free without malloc (apr_pool_create_unmanaged_ex)
https://issues.apache.org/bugzilla/show_bug.cgi?id=54892
Bug ID: 54892
Summary: Free without malloc (apr_pool_create_unmanaged_ex)
Product: APR
Version: HEAD
Hardware: PC
Status: NEW
Severity: major
Priority: P2
Component: APR
Assignee: bugs@apr.apache.org
Reporter: hzdbyte@gmail.com
Classification: Unclassified
If APR_ALLOCATOR_USES_MMAP is 0, then APR tries to use memory block allocated
as pool_allocator for the first node too (in apr_pool_create_unmanaged_ex
function).
Then on pool allocator destruction it tries to free memory block for this node
too, but as it was not allocated separately, MSVC CRT produces runtime error:
---------------------------
Microsoft Visual C++ Debug Library
---------------------------
Debug Assertion Failed!
Program: ...\app.exe
File: f:\dd\vctools\crt_bld\self_x86\crt\src\dbgheap.c
Line: 1317
Expression: _CrtIsValidHeapPointer(pUserData)
For information on how your program can cause an assertion
failure, see the Visual C++ documentation on asserts.
(Press Retry to debug the application)
Stack trace:
ntdll.dll!_RtlpBreakPointHeap@4() + 0x23 bytes
ntdll.dll!_RtlpValidateHeapEntry@12() + 0x45da9 bytes
ntdll.dll!_RtlValidateHeap@12() + 0x7a bytes
> KernelBase.dll!_HeapValidate@12() + 0x14 bytes
msvcr90d.dll!_CrtIsValidHeapPointer(const void * pUserData=0x03d95a08)
Line 2103 C++
msvcr90d.dll!_free_dbg_nolock(void * pUserData=0x03d95a08, int
nBlockUse=1) Line 1317 + 0x9 bytes C++
msvcr90d.dll!_free_dbg(void * pUserData=0x03d95a08, int nBlockUse=1) Line
1258 + 0xd bytes C++
msvcr90d.dll!free(void * pUserData=0x03d95a08) Line 49 + 0xb bytes C++
app.exe!apr_allocator_destroy(apr_allocator_t * allocator=0x03d959a0)
Line 158 + 0xa bytes C
app.exe!apr_pool_destroy(apr_pool_t * pool=0x03d95a20) Line 895 C
app.exe!decaf::internal::AprPool::destroyPool() Line 53 C++
app.exe!decaf::internal::AprPool::~AprPool() Line 34 C++
app.exe!decaf::net::InetAddress::getLocalHost() Line 175 + 0xab bytes
C++
app.exe!activemq::util::IdGeneratorKernel::IdGeneratorKernel() Line 60 +
0xc bytes C++
app.exe!activemq::util::IdGenerator::initialize() Line 169 + 0x22 bytes
C++
app.exe!activemq::library::ActiveMQCPP::initializeLibrary(int argc=0, char
* * argv=0x00000000) Line 67 C++
app.exe!activemq::library::ActiveMQCPP::initializeLibrary() Line 71 + 0x9
bytes C++
app.exe!RcServiceProcess::LibInitializer::Initialize() Line 52 + 0x9
bytes C++
app.exe!RcServiceProcess::Initialize() Line 100 + 0xe bytes C++
app.exe!RcServiceProcess::OnStart() Line 271 + 0x8 bytes C++
PTLibd.dll!PServiceProcess::ThreadEntry() Line 1041 + 0x10 bytes C++
PTLibd.dll!PServiceProcess::StaticThreadEntry(void * arg=0x03d455b8) Line
1028 C++
msvcr90d.dll!_callthreadstart() Line 293 + 0xf bytes C
msvcr90d.dll!_threadstart(void * ptd=0x03d41730) Line 277 C
kernel32.dll!@BaseThreadInitThunk@12() + 0x12 bytes
ntdll.dll!___RtlUserThreadStart@8() + 0x27 bytes
ntdll.dll!__RtlUserThreadStart@8() + 0x1b bytes
I've fixed this bug with such code:
// BUGFIX: Free without malloc
/*
#if !APR_ALLOCATOR_USES_MMAP
if ((pool_allocator = malloc(MIN_ALLOC)) == NULL) {
if (abort_fn)
abort_fn(APR_ENOMEM);
return APR_ENOMEM;
}
memset(pool_allocator, 0, SIZEOF_ALLOCATOR_T);
pool_allocator->max_free_index = APR_ALLOCATOR_MAX_FREE_UNLIMITED;
node = (apr_memnode_t *)((char *)pool_allocator + SIZEOF_ALLOCATOR_T);
node->next = NULL;
node->index = 1;
node->first_avail = (char *)node + APR_MEMNODE_T_SIZE;
node->endp = (char *)pool_allocator + MIN_ALLOC;
#else
*/
if (apr_allocator_create(&pool_allocator) != APR_SUCCESS) {
if (abort_fn)
abort_fn(APR_ENOMEM);
return APR_ENOMEM;
}
if ((node = allocator_alloc(pool_allocator,
MIN_ALLOC - APR_MEMNODE_T_SIZE)) == NULL) {
if (abort_fn)
abort_fn(APR_ENOMEM);
return APR_ENOMEM;
}
//#endif
So we'll always allocate memory block for the node.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@apr.apache.org
For additional commands, e-mail: bugs-help@apr.apache.org
[Bug 54892] Free without malloc (apr_pool_create_unmanaged_ex)
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=54892
Valeriy V. Argunov <hz...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |hzdbyte@gmail.com
OS| |All
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@apr.apache.org
For additional commands, e-mail: bugs-help@apr.apache.org
[Bug 54892] Free without malloc (apr_pool_create_unmanaged_ex)
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=54892
Stefan Fritsch <sf...@sfritsch.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--- Comment #1 from Stefan Fritsch <sf...@sfritsch.de> ---
Thanks. Committed as r1478934. This does not seem to affect 1.x
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@apr.apache.org
For additional commands, e-mail: bugs-help@apr.apache.org