c++/5757: segmentation fault in free during stack unwinding.

j.kuipers@chello.nl j.kuipers@chello.nl
Sat Feb 23 08:30:00 GMT 2002 

>Number:         5757
>Category:       c++
>Synopsis:       segmentation fault in free during stack unwinding.
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    unassigned
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Feb 23 06:06:02 PST 2002
>Closed-Date:
>Last-Modified:
>Originator:     Johan Kuipers
>Release:        3.0.3
>Organization:
>Environment:
System: Linux barrel 2.4.4-4GB #4 Sat Dec 1 23:57:55 CET 2001 i686 unknown
Architecture: i686
 
    Pentium II 450 Mhz, Linux/ELF
host: i686-pc-linux-gnu
build: i686-pc-linux-gnu
target: i686-pc-linux-gnu
configured with: ../gcc-3.0.3/configure --enable-threads --enable-shared --prefix=/usr/local/gcc-3.0.3
>Description:
If, during allocation of an array of T, one of the constructors throws an exception it causes a 'Segmentation fault' in function free(void*).
During stack unwinding operator delete[](void*) is called with an address different from the one returned by operator new[](unsigned).
In my example new returns 0x804aa80 while delete is passed 0x804aa84. I guess 4 is the array allocation overhead.
>How-To-Repeat:
Source file t.cpp with the following code:
 
class   X
{
public:
        X::X()
        {
            throw "";
        }
 
        X::~X()
        {
        }
};
 
int main()
{
    try
    {
        X* p = new X[4];
        delete [] p;
    }
    catch(...)
    {
    }
    return 0;
}
 
Compile with:
g++ -Wall -Werror t.cpp -o t
>Fix:
N/A
>Release-Note:
>Audit-Trail:
>Unformatted:
----gnatsweb-attachment----
Content-Type: text/x-c++src; name="t.ii"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="t.ii"

IyAxICJ0LmNwcCIKY2xhc3MgWAp7CnB1YmxpYzoKICAgICAgICAgICAgICAgIFg6OlgoKQogICAg
ICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICAgICB0aHJvdyAiIjsKICAgICAgICAg
ICAgICAgIH0KCiAgICAgICAgICAgICAgICBYOjp+WCgpCiAgICAgICAgICAgICAgICB7CiAgICAg
ICAgICAgICAgICB9Cn07CgppbnQgbWFpbigpCnsKICAgICAgICB0cnkKICAgICAgICB7CiAgICAg
ICAgICAgICAgICBYKiBwID0gbmV3IFhbNF07CiAgICAgICAgICAgICAgICBkZWxldGUgW10gcDsK
ICAgICAgICB9CiAgICAgICAgY2F0Y2goLi4uKQogICAgICAgIHsKICAgICAgICB9CiAgICAgICAg
cmV0dXJuIDA7Cn0K

More information about the Gcc-bugs mailing list