[Gc] Possible bug: GC_realloc

Bryan Ischo bji at tivo.com
Fri Feb 15 09:59:13 PST 2013


Hi there.  I believe there is a bug in libgc surrounding GC_realloc.  I
have attached a simple program which demonstrates this problem.  At
first I thought the problem was with GC_realloc mixed with
GC_register_finalizer, but when I added in code to turn off use of
GC_register_finalizer, I still get the bug.  So I now think that
GC_register_finalizer is a red herring and has nothing to do with the
problem.

As far as I can tell, the error occurs when an attempt is made to call
GC_realloc on memory that was already GC_realloc'd; i.e.

void *a = GC_malloc(...);
void *b = GC_realloc(a, ...);
void *c = GC_realloc(b, ...);

It is only when the third GC_realloc is done that the error occurs. When
GC_DEBUG is enabled, the error printed is this:

Attempt to reallocate invalid pointer 0x7f9ca0

When GC_DEBUG is not enabled, the result is a segmentation fault.

Note that this does not occur on every such realloc sequence (a trivial
program doing just the three lines above does not experience the
problem), it does seem to require some nontrivial sequence of allocs and
reallocs to occur.

For my operating system (Linux 3.6.4, x86_64) and version of libgc
(7.2), the test program fails after the 290th iteration; I will attach
my sample output as well.

(I a running with NO_FINALIZER set because I don't believe that
finalizers actually have any bearing on the problem after all)

Here is how I compile the program:

g++ -o gcbug gcbug.cpp -lgc

Here is how I run the program:

NO_FINALIZER=1 gcbug

Thanks!
Bryan



________________________________

This email and any attachments may contain confidential and privileged material for the sole use of the intended recipient. Any review, copying, or distribution of this email (or any attachments) by others is prohibited. If you are not the intended recipient, please contact the sender immediately and permanently delete this email and any attachments. No employee or agent of TiVo Inc. is authorized to conclude any binding agreement on behalf of TiVo Inc. by email. Binding agreements with TiVo Inc. may only be made by a signed written agreement.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gcbug.cpp
Type: text/x-c++src
Size: 1928 bytes
Desc: not available
Url : http://napali.hpl.hp.com/pipermail/gc/attachments/20130215/ccbf1800/gcbug.cpp
-------------- next part --------------
Created: 0x2334c20 (884)
Created: 0x2335e20 (416)
Removed: 0x2334c20
Created: 0x2336aa0 (1150)
Realloced: 0x2336aa0 -> 0x2336560 (1191)
Removed: 0x2336560
Removed: 0x2335e20
Created: 0x2335c20 (427)
Removed: 0x2335c20
Created: 0x2335a20 (369)
Created: 0x2334820 (783)
Realloced: 0x2334820 -> 0x2337f70 (68)
Removed: 0x2337f70
Created: 0x2338d40 (523)
Realloced: 0x2338d40 -> 0x2339820 (1394)
Removed: 0x2339820
Removed: 0x2335a20
Created: 0x2334420 (874)
Realloced: 0x2334420 -> 0x233afc0 (38)
Realloced: 0x233afc0 -> 0x2334020 (816)
Created: 0x2335820 (414)
Removed: 0x2334020
Realloced: 0x2335820 -> 0x2335620 (363)
Realloced: 0x2335620 -> 0x233bc20 (782)
Created: 0x2339020 (1426)
Created: 0x233b820 (837)
Removed: 0x233bc20
Removed: 0x233b820
Created: 0x233c820 (1396)
Created: 0x233de80 (315)
Realloced: 0x233de80 -> 0x2338aa0 (544)
Realloced: 0x233c820 -> 0x233c020 (1309)
Created: 0x2336020 (1179)
Created: 0x233b420 (904)
Realloced: 0x233b420 -> 0x2335420 (433)
Created: 0x233ef00 (177)
Removed: 0x2335420
Removed: 0x2338aa0
Created: 0x2338800 (540)
Removed: 0x2338800
Removed: 0x233ef00
Created: 0x233faa0 (1098)
Created: 0x2338560 (493)
Realloced: 0x233c020 -> 0x233f560 (1281)
Realloced: 0x2336020 -> 0x2340820 (1366)
Realloced: 0x2340820 -> 0x2341f20 (120)
Removed: 0x2341f20
Created: 0x233f020 (1118)
Realloced: 0x233faa0 -> 0x2342aa0 (1176)
Created: 0x2335220 (428)
Removed: 0x2335220
Created: 0x2342560 (1087)
Removed: 0x2342560
Realloced: 0x2342aa0 -> 0x233af70 (29)
Created: 0x2342020 (1233)
Created: 0x2343aa0 (1020)
Created: 0x2345f20 (209)
Removed: 0x2342020
Created: 0x2343560 (1224)
Removed: 0x2345f20
Created: 0x2335020 (422)
Realloced: 0x2339020 -> 0x233b020 (765)
Realloced: 0x233f560 -> 0x2346e20 (351)
Removed: 0x2343560
Realloced: 0x233af70 -> 0x23382c0 (625)
Removed: 0x2335020
Realloced: 0x233b020 -> 0x2340020 (1492)
Realloced: 0x233f020 -> 0x2347820 (1360)
Removed: 0x2340020
Realloced: 0x2346e20 -> 0x2343020 (1229)
Realloced: 0x23382c0 -> 0x2338020 (475)
Removed: 0x2343020
Removed: 0x2343aa0
Removed: 0x2338560
Removed: 0x2347820
Realloced: 0x2338020 -> 0x2348aa0 (1012)
Created: 0x2348560 (1030)
Removed: 0x2348560
Removed: 0x2348aa0
Created: 0x233af20 (39)
Removed: 0x233af20
Created: 0x2347020 (1319)
Created: 0x2346c20 (370)
Realloced: 0x2347020 -> 0x2349c20 (825)
Created: 0x234a820 (1471)
Realloced: 0x234a820 -> 0x2349820 (773)
Realloced: 0x2349c20 -> 0x234bf50 (91)
Realloced: 0x234bf50 -> 0x234a020 (1455)
Removed: 0x2346c20
Realloced: 0x2349820 -> 0x2346a20 (465)
Removed: 0x2346a20
Created: 0x234cde0 (305)
Realloced: 0x234a020 -> 0x2349420 (829)
Realloced: 0x2349420 -> 0x2348020 (1247)
Realloced: 0x234cde0 -> 0x2349020 (923)
Realloced: 0x2348020 -> 0x2341e80 (106)
Removed: 0x2341e80
Created: 0x234d820 (1379)
Created: 0x234eec0 (237)
Created: 0x234fd40 (523)
Realloced: 0x2349020 -> 0x2350e90 (283)
Realloced: 0x234d820 -> 0x2351aa0 (1138)
Created: 0x2351560 (1125)
Created: 0x2346820 (453)
Created: 0x234faa0 (551)
Realloced: 0x2351aa0 -> 0x2352f40 (132)
Created: 0x2346620 (431)
Realloced: 0x2346820 -> 0x2353c20 (664)
Removed: 0x2352f40
Realloced: 0x2346620 -> 0x2346420 (460)
Created: 0x233dd10 (314)
Realloced: 0x233dd10 -> 0x2353820 (927)
Realloced: 0x234faa0 -> 0x2353420 (841)
Removed: 0x2353c20
Created: 0x2354f80 (43)
Removed: 0x2353820
Created: 0x2353020 (680)
Realloced: 0x2346420 -> 0x234d020 (1349)
Removed: 0x2351560
Created: 0x2355c20 (837)
Created: 0x234f800 (588)
Created: 0x2351020 (1214)
Removed: 0x2353020
Realloced: 0x2354f80 -> 0x2356aa0 (1222)
Realloced: 0x234fd40 -> 0x2355820 (812)
Realloced: 0x2355820 -> 0x2356560 (1206)
Created: 0x2356020 (1128)
Created: 0x2355420 (659)
Removed: 0x2356aa0
Realloced: 0x2351020 -> 0x2357aa0 (1082)
Created: 0x234f560 (585)
Created: 0x2357560 (1173)
Removed: 0x2357aa0
Realloced: 0x2356020 -> 0x2358ca0 (641)
Realloced: 0x234f800 -> 0x2358980 (714)
Realloced: 0x2353420 -> 0x233aed0 (25)
Realloced: 0x2350e90 -> 0x2359fa0 (82)
Created: 0x235a820 (1337)
Removed: 0x2355c20
Removed: 0x234d020
Realloced: 0x234f560 -> 0x2355020 (777)
Created: 0x2357020 (1256)
Removed: 0x2357020
Removed: 0x2357560
Removed: 0x233aed0
Removed: 0x234eec0
Removed: 0x2358ca0
Realloced: 0x2356560 -> 0x2358660 (760)
Removed: 0x2355020
Removed: 0x2358980
Realloced: 0x2359fa0 -> 0x235bda0 (343)
Created: 0x234f2c0 (529)
Removed: 0x235bda0
Created: 0x234f020 (499)
Created: 0x235ce60 (254)
Created: 0x235a020 (1334)
Realloced: 0x234f2c0 -> 0x235daa0 (1255)
Removed: 0x2355420
Realloced: 0x235ce60 -> 0x235ed40 (501)
Created: 0x2350d40 (289)
Realloced: 0x235daa0 -> 0x235d560 (1304)
Removed: 0x235d560
Realloced: 0x2350d40 -> 0x235fc20 (893)
Created: 0x235d020 (1126)
Removed: 0x235a820
Realloced: 0x235ed40 -> 0x2358340 (730)
Removed: 0x2358660
Realloced: 0x235a020 -> 0x235f820 (961)
Realloced: 0x2358340 -> 0x2360aa0 (1028)
Realloced: 0x235f820 -> 0x235eaa0 (557)
Realloced: 0x235eaa0 -> 0x2360560 (1198)
Removed: 0x2360aa0
Realloced: 0x235d020 -> 0x2361820 (1429)
Created: 0x235e800 (501)
Realloced: 0x2361820 -> 0x2360020 (1160)
Realloced: 0x234f020 -> 0x2352e90 (135)
Removed: 0x235e800
Created: 0x235e560 (628)
Realloced: 0x235e560 -> 0x2361020 (1465)
Realloced: 0x2361020 -> 0x2362820 (1344)
Removed: 0x2360020
Removed: 0x2352e90
Realloced: 0x2362820 -> 0x235f420 (790)
Realloced: 0x2360560 -> 0x235f020 (793)
Realloced: 0x235f020 -> 0x2363f20 (145)
Created: 0x2362020 (1391)
Realloced: 0x235f420 -> 0x2337f00 (70)
Realloced: 0x235fc20 -> 0x2364c20 (762)
Created: 0x2346220 (361)
Created: 0x2364820 (762)
Created: 0x2358020 (691)
Realloced: 0x2364c20 -> 0x2365ca0 (678)
Created: 0x2365980 (691)
Removed: 0x2362020
Realloced: 0x2337f00 -> 0x2365660 (706)
Realloced: 0x2365660 -> 0x2364420 (887)
Removed: 0x2363f20
Created: 0x2366820 (1495)
Realloced: 0x2364420 -> 0x235e2c0 (530)
Created: 0x2364020 (791)
Removed: 0x2365ca0
Created: 0x2352de0 (132)
Removed: 0x2365980
Realloced: 0x2352de0 -> 0x2365340 (715)
Removed: 0x235e2c0
Realloced: 0x2346220 -> 0x2366020 (1480)
Realloced: 0x2358020 -> 0x2367f20 (190)
Realloced: 0x2367f20 -> 0x2365020 (642)
Realloced: 0x2365340 -> 0x2368aa0 (988)
Removed: 0x2365020
Removed: 0x2364820
Removed: 0x2366820
Created: 0x235e020 (607)
Removed: 0x2366020
Created: 0x2369d40 (560)
Created: 0x236a820 (1446)
Removed: 0x2369d40
Realloced: 0x2368aa0 -> 0x236bc20 (790)
Removed: 0x236bc20
Created: 0x2368560 (1258)
Created: 0x236cca0 (730)
Removed: 0x2368560
Removed: 0x235e020
Created: 0x2368020 (1075)
Removed: 0x236a820
Created: 0x236b820 (859)
Removed: 0x236cca0
Removed: 0x236b820
Removed: 0x2364020
Removed: 0x2368020
Created: 0x236b420 (848)
Removed: 0x236b420
Created: 0x236b020 (891)
Removed: 0x236b020
Created: 0x2369aa0 (616)
Realloced: 0x2369aa0 -> 0x2369800 (492)
Removed: 0x2369800
Created: 0x236df00 (232)
Realloced: 0x236df00 -> 0x2354f20 (55)
Realloced: 0x2354f20 -> 0x236a020 (1326)
Removed: 0x236a020
Created: 0x236efe0 (17)
Created: 0x236c980 (640)
Removed: 0x236efe0
Removed: 0x236c980
Created: 0x236efa0 (22)
Created: 0x236f820 (1313)
Created: 0x236c660 (686)
Created: 0x2370aa0 (1177)
Realloced: 0x2370aa0 -> 0x2346020 (358)
Removed: 0x2346020
Created: 0x2370560 (1128)
Realloced: 0x236efa0 -> 0x233dba0 (319)
Realloced: 0x233dba0 -> 0x2369560 (550)
Realloced: 0x2369560 -> 0x234cc80 (306)
Realloced: 0x234cc80 -> 0x2371e20 (376)
Realloced: 0x2370560 -> 0x23692c0 (590)
Removed: 0x236c660
Realloced: 0x236f820 -> 0x2371c20 (383)
Realloced: 0x23692c0 -> 0x2370020 (1218)
Realloced: 0x2371e20 -> 0x2359f20 (75)
Removed: 0x2370020
Created: 0x236c340 (754)
Created: 0x233da30 (315)
Realloced: 0x2359f20 -> 0x2372c20 (763)
Realloced: 0x2371c20 -> 0x236f020 (1420)
Realloced: 0x236c340 -> 0x2350bf0 (295)
Realloced: 0x236f020 -> 0x2373aa0 (1236)
Removed: 0x2373aa0
Removed: 0x2350bf0
Removed: 0x233da30
Created: 0x2373560 (1292)
Created: 0x236ddf0 (218)
Realloced: 0x236ddf0 -> 0x2373020 (1091)
Realloced: 0x2372c20 -> 0x2374820 (1405)
Realloced: 0x2373560 -> 0x236c020 (634)
Created: 0x2350aa0 (290)
Created: 0x2374020 (1352)
Removed: 0x2350aa0
Realloced: 0x2374820 -> 0x2369020 (507)
Created: 0x2335aa0 (1140)
Realloced: 0x2374020 -> 0x2335560 (1227)
Removed: 0x2369020
Created: 0x2334c20 (982)
Created: 0x2336d40 (537)
Created: 0x2337fe0 (19)
Created: 0x2338fc0 (33)
Removed: 0x236c020
Attempt to reallocate invalid pointer 0x2373020
Invalid pointer passed to realloc()


More information about the Gc mailing list