glibc isn't "noticing" every time the double-free happens: for instance,
a minimal example of «printf "\na\nb\n" | gawk '{length($1)}'» doesn't
crash on my system, but running «printf "\na\nb\n" | valgrind gawk
'{length($1)}'» produces the error in valgrind's output.

I've isolated the problem, and expect to prepare a patch soon. The bug
is that a "Null field" value gets a pointer value written to one of its
members (specifically, the one to hold the "wide string" version of its
normal string vaue). The Null field value is used to initialize certain
newly created field values, but when that pointer value is encountered,
it is freed. Since the Null field value is used to initialize multiple
other variables, that pointer value is freed multiple times.

** Changed in: gawk (Ubuntu)
       Status: Confirmed => In Progress

-- 
length() memory error 
https://bugs.launchpad.net/bugs/58256
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to