<html>
    <head>
      <base href="https://llvm.org/bugs/" />
    </head>
    <body><table border="1" cellspacing="0" cellpadding="8">
        <tr>
          <th>Bug ID</th>
          <td><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW --- - double free or corruption"
   href="https://llvm.org/bugs/show_bug.cgi?id=25522">25522</a>
          </td>
        </tr>

        <tr>
          <th>Summary</th>
          <td>double free or corruption
          </td>
        </tr>

        <tr>
          <th>Product</th>
          <td>clang
          </td>
        </tr>

        <tr>
          <th>Version</th>
          <td>3.5
          </td>
        </tr>

        <tr>
          <th>Hardware</th>
          <td>PC
          </td>
        </tr>

        <tr>
          <th>OS</th>
          <td>Linux
          </td>
        </tr>

        <tr>
          <th>Status</th>
          <td>NEW
          </td>
        </tr>

        <tr>
          <th>Severity</th>
          <td>normal
          </td>
        </tr>

        <tr>
          <th>Priority</th>
          <td>P
          </td>
        </tr>

        <tr>
          <th>Component</th>
          <td>libclang
          </td>
        </tr>

        <tr>
          <th>Assignee</th>
          <td>unassignedclangbugs@nondot.org
          </td>
        </tr>

        <tr>
          <th>Reporter</th>
          <td>reznikmm@gmail.com
          </td>
        </tr>

        <tr>
          <th>CC</th>
          <td>klimek@google.com, llvm-bugs@lists.llvm.org
          </td>
        </tr>

        <tr>
          <th>Classification</th>
          <td>Unclassified
          </td>
        </tr></table>
      <p>
        <div>
        <pre>CXIndex is supposed to be thread-safe.
(See for instance
<a href="http://clang-developers.42468.n3.nabble.com/Is-a-CXIndex-thread-safe-td4027810.html">http://clang-developers.42468.n3.nabble.com/Is-a-CXIndex-thread-safe-td4027810.html</a>)

But sometimes we get error:

 *** Error in `./gps_exe': double free or corruption (fasttop):

Demangled backtrace for libclang.so looks like this:

/lib64/libc.so.6(+0x75a4f)[0x7f5925b50a4f]
/lib64/libc.so.6(+0x7cd78)[0x7f5925b57d78]
<clang::CIndexer::getClangResourcesPath()+596>
<clang_parseTranslationUnit_Impl+1418>
<llvm::CrashRecoveryContext::RunSafely(llvm::function_ref<void ()>)+187>
<RunSafelyOnThread_Dispatch(void*)+23>
<ExecuteOnThread_Dispatch(void*)+13>

clang::CIndexer::getClangResourcesPath is very simple function.
Double deallocation could be happen there when two threads call it
on the same object at the same time (and this should be the very first
call). In this case it caches the result in object's member property
(std::string ResourcesPath;).

Because writing to std::string is not thread-safe, call to
getClangResourcesPath is not thread-safe neither and results in memory
corruption.</pre>
        </div>
      </p>
      <hr>
      <span>You are receiving this mail because:</span>
      
      <ul>
          <li>You are on the CC list for the bug.</li>
      </ul>
    </body>
</html>