Package: gnat-4.4
Version: 4.4.1-1
Severity: normal
There is a problem with Unchecked_Deallocation on amd64 when freeing
memory of an extended type object which defines an Unbounded_String
field (and possibly other fields). The following code reproduces the
problem:
---
with Ada.Strings.Unbounded;
use Ada.Strings.Unbounded;
package Double_Free is
type Test_Base is tagged null record;
type Test_Class_Access is access all Test_Base'Class;
type Test_Extension is new Test_Base with record
Last_Name : Unbounded_String := Null_Unbounded_String;
end record;
end Double_Free;
---
with Ada.Unchecked_Deallocation;
with Double_Free; use Double_Free;
procedure Main is
procedure Free is new Ada.Unchecked_Deallocation
(Object => Test_Base'Class,
Name => Test_Class_Access);
Handle : Test_Class_Access := new Test_Extension;
begin
Free (Handle);
end Main;
---
Executing the 'main' binary produced by gnat-4.4 leads to *** glibc
detected *** obj/main: double free or corruption errors. Valgrind trace:
valgrind --leak-check=full --show-reachable=yes --leak-resolution=high
../obj/main
==5772== Memcheck, a memory error detector.
==5772== Copyright (C) 2002-2008, and GNU GPL'd, by Julian Seward et al.
==5772== Using LibVEX rev 1884, a library for dynamic binary translation.
==5772== Copyright (C) 2004-2008, and GNU GPL'd, by OpenWorks LLP.
==5772== Using valgrind-3.4.1-Debian, a dynamic binary instrumentation
framework.
==5772== Copyright (C) 2000-2008, and GNU GPL'd, by Julian Seward et al.
==5772== For more details, rerun with: -v
==5772==
==5772== Invalid free() / delete / delete[]
==5772== at 0x4C2261F: free (vg_replace_malloc.c:323)
==5772== by 0x50A8D84: __gnat_free (in /usr/lib/libgnat-4.4.so.1)
==5772== by 0x403FC4: _ada_main (in /home/reet/double-free/obj/main)
==5772== by 0x40327B: main (in /home/reet/double-free/obj/main)
==5772== Address 0x5b3b040 is 16 bytes inside a block of size 136 alloc'd
==5772== at 0x4C2391E: malloc (vg_replace_malloc.c:207)
==5772== by 0x50A8DC7: __gnat_malloc (in /usr/lib/libgnat-4.4.so.1)
==5772== by 0x403EF0: _ada_main (in /home/reet/double-free/obj/main)
==5772== by 0x40327B: main (in /home/reet/double-free/obj/main)
==5772==
==5772== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 8 from 1)
==5772== malloc/free: in use at exit: 136 bytes in 1 blocks.
==5772== malloc/free: 1 allocs, 1 frees, 136 bytes allocated.
==5772== For counts of detected errors, rerun with: -v
==5772== searching for pointers to 1 not-freed blocks.
==5772== checked 203,328 bytes.
==5772==
==5772==
==5772== 136 bytes in 1 blocks are definitely lost in loss record 1 of 1
==5772== at 0x4C2391E: malloc (vg_replace_malloc.c:207)
==5772== by 0x50A8DC7: __gnat_malloc (in /usr/lib/libgnat-4.4.so.1)
==5772== by 0x403EF0: _ada_main (in /home/reet/double-free/obj/main)
==5772== by 0x40327B: main (in /home/reet/double-free/obj/main)
==5772==
==5772== LEAK SUMMARY:
==5772== definitely lost: 136 bytes in 1 blocks.
==5772== possibly lost: 0 bytes in 0 blocks.
==5772== still reachable: 0 bytes in 0 blocks.
==5772== suppressed: 0 bytes in 0 blocks.
Freeing memory of a base type object (Test_Base) works without problems.
When the unbounded string field (Name) is removed or replaced (e.g. by
an Integer), freeing also works for the type extension.
The code has been tested with the following compiler / arch
combinations:
i386/gnat-4.3 : works
i386/gnat-4.4 : works
amd64/gnat-4.3 : works
amd64/gnat-4.4 : FAILS
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.26-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages gnat-4.4 depends on:
ii gcc-4.4 4.4.1-1 The GNU C compiler
ii gnat-4.4-base 4.4.1-1 The GNU Compiler Collection (gnat
ii libc6 2.9-24 GNU C Library: Shared libraries
ii libc6-dev 2.9-24 GNU C Library: Development Librari
ii libcloog-ppl0 0.15-2 the Chunky Loop Generator (runtime
ii libgcc1 1:4.4.1-1 GCC support library
ii libgmp3c2 2:4.3.1+dfsg-3 Multiprecision arithmetic library
ii libgmpxx4ldbl 2:4.3.1+dfsg-3 Multiprecision arithmetic library
ii libgnat-4.4 4.4.1-1 Runtime library for GNU Ada applic
ii libgnatprj4.4 4.4.1-1 GNU Ada Project Manager
ii libgnatvsn4.4 4.4.1-1 GNU Ada compiler version library
ii libmpfr1ldbl 2.4.1-2 multiple precision floating-point
ii libppl-c2 0.10.2-2 Parma Polyhedra Library (C interfa
ii libppl7 0.10.2-2 Parma Polyhedra Library (runtime l
gnat-4.4 recommends no packages.
Versions of packages gnat-4.4 suggests:
pn ada-reference-manual <none> (no description available)
pn gnat-4.4-doc <none> (no description available)
-- no debconf information
--
To UNSUBSCRIBE, email to debian-gcc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
