2006-08-30 20:29:22 |
Geraint Bevan |
bug |
|
|
added bug |
2006-08-30 20:59:41 |
Micah Cowan |
gawk: status |
Unconfirmed |
Confirmed |
|
2006-08-30 20:59:41 |
Micah Cowan |
gawk: statusexplanation |
|
Confirmed on Dapper, for gawk_3.1.5-2build1 |
|
2007-04-05 22:06:19 |
Micah Cowan |
gawk: assignee |
|
micah-cowan |
|
2007-04-05 22:06:19 |
Micah Cowan |
gawk: statusexplanation |
Confirmed on Dapper, for gawk_3.1.5-2build1 |
|
|
2007-04-06 06:11:03 |
Micah Cowan |
gawk: status |
Confirmed |
In Progress |
|
2007-04-06 06:11:03 |
Micah Cowan |
gawk: statusexplanation |
|
glibc isn't "noticing" every time the double-free happens: for instance, a minimal example of «printf "\na\nb\n" | gawk '{length($1)}'» doesn't crash on my system, but running «printf "\na\nb\n" | valgrind gawk '{length($1)}'» produces the error in valgrind's output.
I've isolated the problem, and expect to prepare a patch soon. The bug is that a "Null field" value gets a pointer value written to one of its members (specifically, the one to hold the "wide string" version of its normal string vaue). The Null field value is used to initialize certain newly created field values, but when that pointer value is encountered, it is freed. Since the Null field value is used to initialize multiple other variables, that pointer value is freed multiple times. |
|
2007-04-06 19:35:00 |
Micah Cowan |
bug |
|
|
added attachment 'gawk.debdiff' (Patch including some changes from CVS that address the problem.) |
2007-04-10 01:06:33 |
Micah Cowan |
bug |
|
|
added subscriber Ubuntu Sponsors for universe |
2007-04-11 21:50:33 |
Micah Cowan |
bug |
|
|
assigned to gawk (Debian) |
2007-04-12 06:53:47 |
Bug Watch Updater |
gawk: status |
Unknown |
Unconfirmed |
|
2007-04-18 16:08:33 |
Micah Cowan |
bug |
|
|
added subscriber Ubuntu Sponsors for main |
2007-05-15 16:53:43 |
Colin Watson |
gawk: status |
In Progress |
Fix Released |
|
2007-05-15 16:53:43 |
Colin Watson |
gawk: statusexplanation |
glibc isn't "noticing" every time the double-free happens: for instance, a minimal example of «printf "\na\nb\n" | gawk '{length($1)}'» doesn't crash on my system, but running «printf "\na\nb\n" | valgrind gawk '{length($1)}'» produces the error in valgrind's output.
I've isolated the problem, and expect to prepare a patch soon. The bug is that a "Null field" value gets a pointer value written to one of its members (specifically, the one to hold the "wide string" version of its normal string vaue). The Null field value is used to initialize certain newly created field values, but when that pointer value is encountered, it is freed. Since the Null field value is used to initialize multiple other variables, that pointer value is freed multiple times. |
gawk (1:3.1.5.dfsg-4ubuntu1) gutsy; urgency=low
* 25_free_wstr-and-multiple-frees.dpatch: brought in some changes from
current CVS, to resolve an issue with multiple frees (LP: #58256).
-- Micah Cowan <micah@cowan.name> Tue, 15 May 2007 17:29:34 +0100
Sorry for our delay in dealing with this! |
|
2008-03-16 08:43:41 |
Bug Watch Updater |
gawk: status |
New |
Fix Committed |
|
2008-03-20 12:21:06 |
Bug Watch Updater |
gawk: status |
Fix Committed |
Fix Released |
|
2009-06-25 05:24:38 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/karmic/gawk |
|
2011-02-17 12:49:39 |
Daniel Holbach |
removed subscriber [DEPRECATED] Ubuntu Sponsors for main |
|
|
|