double free from las
Imported from http://bugzilla.roxen.com/bugzilla/show_bug.cgi?id=4173
Reported by Martin Nilsson, IDA nilsson@pike.ida.liu.se
The code
array x =
# 1 "/home/nilsson/xx"
({
1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
1, 1
})
# 1 "x"
;
results in
*** glibc detected *** corrupted double-linked list: 0x082fa4c0 ***
Program received signal SIGABRT, Aborted.
[Switching to Thread -1210734912 (LWP 20468)]
0xffffe410 in __kernel_vsyscall ()
(gdb) bt
#0 0xffffe410 in __kernel_vsyscall ()
#1 0xb7d839d1 in raise () from /lib/tls/i686/cmov/libc.so.6
#2 0xb7d852e9 in abort () from /lib/tls/i686/cmov/libc.so.6
#3 0xb7db770a in __fsetlocking () from /lib/tls/i686/cmov/libc.so.6
#4 0xb7dbe172 in malloc_trim () from /lib/tls/i686/cmov/libc.so.6
#5 0xb7dbe2ea in free () from /lib/tls/i686/cmov/libc.so.6
#6 0x0809a88a in really_free_array (v=0xb7e84ff4)
at /home/nilsson/Pike/7.6/src/array.c:135
#7 0x08141182 in eval (n=Variable "n" is not available.
) at /home/nilsson/Pike/7.6/src/las.c:5542
#8 0x08141a61 in optimize (n=0x8320930)
at /home/nilsson/Pike/7.6/src/las.c:5240
#9 0x08145924 in dooptcode (name=0x82c2b54, n=0x8320840, type=0x82c36d0,
modifiers=1) at /home/nilsson/Pike/7.6/src/las.c:5670
#10 0x08109065 in end_first_pass (finish=1)
at /home/nilsson/Pike/7.6/src/program.c:3087
#11 0x081094ce in debug_end_program ()
at /home/nilsson/Pike/7.6/src/program.c:3198
#12 0x081098fb in run_pass2 (c=0x82fd538)
at /home/nilsson/Pike/7.6/src/program.c:6552
#13 0x08109b1f in compile (aprog=0x82fcc80, ahandler=0x0, amajor=0, aminor=
0,
atarget=0x83173b0, aplaceholder=0x0)
at /home/nilsson/Pike/7.6/src/program.c:6759
#14 0x0814cd3f in f_compile (args=6)
at /home/nilsson/Pike/7.6/src/builtin_functions.c:3689