Comment 5 for bug 9917

On Sat, Nov 06, 2004 at 08:18:11AM +0900, GOTO Masanori wrote:
> severity 279722 normal
> thanks
>
> At Thu, 04 Nov 2004 22:37:34 +0100,
> wim delvaux wrote:
> > Valgrind shows the following backtrace ...
> >
> > ==7105== Invalid read of size 4
> > ==7105== at 0x1C22857E: __gconv_release_step (gconv_db.c:198)
> > ==7105== by 0x1C22914C: __gconv_close_transform (gconv_db.c:751)
> > ==7105== by 0x1C2A1C76: _nl_cleanup_ctype (wcsmbsload.c:265)
> > ==7105== by 0x1C31C9A2: _nl_archive_subfreeres (loadarchive.c:517)
> > ==7105== by 0x1C31C89F: free_mem (setlocale.c:494)
> > ==7105== by 0x1C31CC44: __GI___libc_freeres (set-freeres.c:49)
> > ==7105== by 0x1B8FEC50: _vgw(float, long double,...)(...)(long double,...)(short) (vg_intercept.c:117)
> > ==7105== by 0x1C23CB17: exit (exit.c:82)
> > ==7105== by 0x1C226DCD: __libc_start_main (libc-start.c:245)
> > ==7105== by 0x804EF00: ??? (start.S:102)
> > ==7105== Address 0x1CCE3138 is 8 bytes inside a block of size 60 free'd
> > ==7105== at 0x1B907460: free (vg_replace_malloc.c:153)
> > ==7105== by 0x1C228527: free_derivation (gconv_db.c:188)
> > ==7105== by 0x1C2E6EE2: tdestroy_recurse (tsearch.c:642)
> > ==7105== by 0x1C2E6F05: tdestroy_recurse (tsearch.c:639)
> > ==7105== by 0x1C31C721: free_mem (gconv_db.c:796)
> > ==7105== by 0x1C31CC44: __GI___libc_freeres (set-freeres.c:49)
> > ==7105== by 0x1B8FEC50: _vgw(float, long double,...)(...)(long double,...)(short) (vg_intercept.c:117)
> > ==7105== by 0x1C23CB17: exit (exit.c:82)
> > ==7105== by 0x1C226DCD: __libc_start_main (libc-start.c:245)
> > ==7105== by 0x804EF00: ??? (start.S:102)
>
> Even if there's memory leak, this does not show "application sometimes
> crashes". We need more explanation in detail.

"Invalid read" is not a memory leak - this says something has been
freed and then used. It looks like the destructors are running in the
wrong order, maybe.

We'd still need a testcase.

--
Daniel Jacobowitz