Hi, > I just have a question about the implementation intention of obstack_free (an > API in obstack, which is widely used in various gnu libraries, e.g.c Glibc, > more details in > https://gcc.gnu.org/onlinedocs/libiberty<https://gcc.gnu.org/onlinedocs/libiberty/>)
I believe the definitive documentation of the obstack module is in <https://www.gnu.org/software/libc/manual/html_node/Obstacks.html> not in <https://gcc.gnu.org/onlinedocs/libiberty/Obstacks.html> But for your current question the answer is the same. > The question is about the intention of how does obstack_free free an address > at the bottom of a chunk in the obstack. Here is a quick demonstration code: > https://godbolt.org/z/arv4ha19b > > My point here is that the address "string_obstack->chunk" in obstrack_free > (line 40) is a valid address from this chunk, and it should be freed normally > as other pointers (execute this line will crash). The documentation says about the second argument of obstack_free: "If object is a null pointer, everything allocated in the obstack is freed. Otherwise, object must be the address of an object allocated in the obstack." In my interpretation, "address of an object allocated in the obstack" means the result of a past obstack_alloc() invocation. Neither string_obstack->chunk nor s+4177 are valid arguments. Therefore a crash is justified. Bruno
