[LLVMbugs] [Bug 4432] New: OCaml binding use-after-free
bugzilla-daemon at cs.uiuc.edu
bugzilla-daemon at cs.uiuc.edu
Tue Jun 23 06:48:36 PDT 2009
http://llvm.org/bugs/show_bug.cgi?id=4432
Summary: OCaml binding use-after-free
Product: new-bugs
Version: unspecified
Platform: PC
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: new bugs
AssignedTo: unassignedbugs at nondot.org
ReportedBy: baldrick at free.fr
CC: llvmbugs at cs.uiuc.edu
Running the test/Bindings/Ocaml/vmcore.ml test under valgrind results in
==8604== Invalid read of size 8
==8604== at 0x577EDF0: std::_Rb_tree_increment(std::_Rb_tree_node_base*) (in
/usr/lib/libstdc++.so.6.0.12)
==8604== by 0x45438A: std::_Rb_tree_iterator<std::pair<std::string const,
llvm::Type const*> >::operator++() (stl_tree.h:184)
==8604== by 0x44AA30: LLVMDeleteTypeName (Core.cpp:78)
==8604== by 0x5503A0: llvm_delete_type_name (llvm_ocaml.c:138)
==8604== by 0x5639CE: caml_interprete (in
llvm-objects/test/Bindings/Ocaml/Output/vmcore.ml.tmp)
==8604== by 0x56527A: caml_main (in
llvm-objects/test/Bindings/Ocaml/Output/vmcore.ml.tmp)
==8604== by 0x562607: main (in
llvm-objects/test/Bindings/Ocaml/Output/vmcore.ml.tmp)
==8604== Address 0x61114f8 is 24 bytes inside a block of size 48 free'd
==8604== at 0x4C25A5D: operator delete(void*) (vg_replace_malloc.c:344)
==8604== by 0x4CCF2D:
__gnu_cxx::new_allocator<std::_Rb_tree_node<std::pair<std::string const,
llvm::Type const*> > >::deallocate(std::_Rb_tree_node<std::pair<std::string
const, llvm::Type const*> >*, unsigned long) (new_allocator.h:95)
==8604== by 0x4CCE27: std::_Rb_tree<std::string const, std::pair<std::string
const, llvm::Type const*>, std::_Select1st<std::pair<std::string const,
llvm::Type const*> >, std::less<std::string const>,
std::allocator<std::pair<std::string const, llvm::Type const*> >
>::_M_put_node(std::_Rb_tree_node<std::pair<std::string const, llvm::Type
const*> >*) (stl_tree.h:363)
==8604== by 0x4CCACB: std::_Rb_tree<std::string const, std::pair<std::string
const, llvm::Type const*>, std::_Select1st<std::pair<std::string const,
llvm::Type const*> >, std::less<std::string const>,
std::allocator<std::pair<std::string const, llvm::Type const*> >
>::_M_destroy_node(std::_Rb_tree_node<std::pair<std::string const, llvm::Type
const*> >*) (stl_tree.h:384)
==8604== by 0x4CC78B: std::_Rb_tree<std::string const, std::pair<std::string
const, llvm::Type const*>, std::_Select1st<std::pair<std::string const,
llvm::Type const*> >, std::less<std::string const>,
std::allocator<std::pair<std::string const, llvm::Type const*> >
>::erase(std::_Rb_tree_iterator<std::pair<std::string const, llvm::Type const*>
>) (stl_tree.h:1348)
==8604== by 0x4CC486: std::map<std::string const, llvm::Type const*,
std::less<std::string const>, std::allocator<std::pair<std::string const,
llvm::Type const*> > >::erase(std::_Rb_tree_iterator<std::pair<std::string
const, llvm::Type const*> >) (stl_map.h:567)
==8604== by 0x4CBDCD:
llvm::TypeSymbolTable::remove(std::_Rb_tree_iterator<std::pair<std::string
const, llvm::Type const*> >) (TypeSymbolTable.cpp:73)
==8604== by 0x44AA24: LLVMDeleteTypeName (Core.cpp:80)
==8604== by 0x5503A0: llvm_delete_type_name (llvm_ocaml.c:138)
==8604== by 0x5639CE: caml_interprete (in
llvm-objects/test/Bindings/Ocaml/Output/vmcore.ml.tmp)
==8604== by 0x56527A: caml_main (in
llvm-objects/test/Bindings/Ocaml/Output/vmcore.ml.tmp)
==8604== by 0x562607: main (in
llvm-objects/test/Bindings/Ocaml/Output/vmcore.ml.tmp)
--
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the llvm-bugs
mailing list