Zorba

pointer being freed was not allocated

Bug #1176038 reported by Paul J. Lucas
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Zorba
Fix Released
Critical
Nicolae Brinza

Bug Description

Given this query:

  <a xmlns:prefix="http://www.w3.org/" xmlns:prefix="http://www.w3.org/"/>

one gets:

zorba(54566) malloc: *** error for object 0x7f9c3b488850: pointer being freed was not allocated
*** set a breakpoint in malloc_error_break to debug

Zorba was compiled with:

  cmake -G"Unix Makefiles" -DCMAKE_BUILD_TYPE=Debug ..

This is on a Mac. The stack trace is:

#0 0x00007fff945f9d46 in __kill ()
#1 0x00007fff899a7df0 in abort ()
#2 0x00007fff8997b9b9 in free ()
#3 0x000000010de89319 in zorba::parsenode::~parsenode (this=0x7ffb494887f0) at parsenode_base.h:49
#4 0x000000010dde2ade in zorba::SimpleRCObject::free (this=0x7ffb494887f0) at rchandle.h:144
#5 0x000000010dd9df91 in zorba::SimpleRCObject::removeReference (this=0x7ffb494887f0, lock=0x0) at rchandle.h:154
#6 0x000000010e1748ac in removeReference<zorba::parsenode> (t=0x7ffb494887f0) at rchandle.h:422
#7 0x000000010e18172c in release_hack<zorba::parsenode> (ref=0x7ffb494887f0) at xquery_parser.y:908
#8 0x000000010e177ced in zorba::xquery_parser::yydestruct_ (this=0x7fff51eda988, yymsg=0x0, yytype=529, yyvaluep=0x7ffb49487db8, yylocationp=0x7ffb49487f40) at xquery_parser.y:921
#9 0x000000010e1726ee in zorba::xquery_parser::parse (this=0x7fff51eda988) at /Users/pjl/src/flwor/zorba/repo/bug-1176038/zorba/build/src/compiler/parser/xquery_parser.cpp:11061
#10 0x000000010de46229 in zorba::xquery_driver::parse_stream (this=0x7fff51edaed0, in=@0x7fff51edb0d8, aFilename=@0x7ffb49486438) at /Users/pjl/src/flwor/zorba/repo/bug-1176038/zorba/src/compiler/parser/xquery_driver.cpp:199
#11 0x000000010e108f0c in zorba::XQueryCompiler::parse (this=0x7fff51edb4c0, aXQuery=@0x7ffb49485d80, aFileName=@0x7ffb49486438) at /Users/pjl/src/flwor/zorba/repo/bug-1176038/zorba/src/compiler/api/compiler_api.cpp:230
#12 0x000000010e109af2 in zorba::XQueryCompiler::compile (this=0x7fff51edb4c0, aXQuery=@0x7ffb49485d80, aFileName=@0x7ffb49486438, nextDynamicVarId=@0x7fff51edb5c8) at /Users/pjl/src/flwor/zorba/repo/bug-1176038/zorba/src/compiler/api/compiler_api.cpp:312
#13 0x000000010dd9392d in zorba::XQueryImpl::doCompile (this=0x7ffb494863e0, aQuery=@0x7ffb49485d80, aHints=@0x7fff51edbd38, fork_sctx=true, nextDynamicVarId=@0x7fff51edb5c8) at /Users/pjl/src/flwor/zorba/repo/bug-1176038/zorba/src/api/xqueryimpl.cpp:613
#14 0x000000010dd94334 in zorba::XQueryImpl::compile (this=0x7ffb494863e0, aQuery=@0x7ffb49485d80, aStaticContext=@0x7fff51edcab0, aHints=@0x7fff51edbd38) at /Users/pjl/src/flwor/zorba/repo/bug-1176038/zorba/src/api/xqueryimpl.cpp:541
#15 0x000000010dd28120 in compileAndExecute (zorbaInstance=0x10f6d9d90, properties=@0x7fff51edcf20, staticContext=@0x7fff51edcab0, qfilepath=@0x7fff51edcb90, qfile=@0x7ffb49485d80, outputStream=@0x7fff787d6f10, timing=@0x7fff51edc508) at /Users/pjl/src/flwor/zorba/repo/bug-1176038/zorba/bin/zorbacmd.cpp:776
#16 0x000000010dd2a985 in main (argc=3, argv=0x7fff51edd118) at /Users/pjl/src/flwor/zorba/repo/bug-1176038/zorba/bin/zorbacmd.cpp:1205

See original description

Related branches

lp:~zorba-coders/zorba/bug-1176038
Paul J. Lucas: Approve
Nicolae Brinza: Approve
Diff: 949 lines (+151/-67)
55 files modified
ChangeLog (+1/-0)
src/api/dynamiccontextimpl.cpp (+1/-0)
src/api/item.cpp (+3/-1)
src/api/itemfactoryimpl.cpp (+6/-3)
src/api/serialization/serializer.cpp (+1/-0)
src/capi/csequence.cpp (+4/-3)
src/compiler/expression/expr.cpp (+3/-0)
src/compiler/expression/expr_manager.cpp (+10/-8)
src/compiler/parser/symbol_table.cpp (+3/-0)
src/compiler/parsetree/parsenode_print_xml_visitor.cpp (+5/-2)
src/compiler/parsetree/parsenodes.cpp (+5/-3)
src/compiler/parsetree/parsenodes.h (+3/-0)
src/compiler/rewriter/rules/fold_rules.cpp (+2/-0)
src/functions/udf.cpp (+1/-0)
src/runtime/base/plan_iterator.cpp (+4/-8)
src/runtime/booleans/BooleanImpl.cpp (+1/-0)
src/runtime/collections/collections_base.h (+1/-0)
src/runtime/core/arithmetic_impl.cpp (+1/-0)
src/runtime/core/var_iterators.h (+1/-1)
src/runtime/durations_dates_times/durations_dates_times_impl.cpp (+2/-0)
src/runtime/full_text/ft_module_impl.cpp (+1/-0)
src/runtime/full_text/ft_util.cpp (+1/-0)
src/runtime/full_text/ftcontains_visitor.cpp (+1/-2)
src/runtime/hof/dynamic_fncall_iterator.cpp (+1/-0)
src/runtime/hof/fn_hof_functions_impl.cpp (+1/-0)
src/runtime/introspection/sctx_impl.cpp (+1/-0)
src/runtime/item/item_impl.cpp (+1/-0)
src/runtime/json/jsoniq_functions_impl.cpp (+1/-0)
src/runtime/maths/pregenerated/maths.h (+1/-0)
src/runtime/numerics/format_integer.cpp (+1/-0)
src/runtime/random/pregenerated/random.h (+1/-0)
src/runtime/sequences/pregenerated/sequences.h (+1/-0)
src/runtime/spec/maths/maths.xml (+1/-0)
src/runtime/spec/random/random.xml (+4/-0)
src/runtime/spec/sequences/sequences.xml (+1/-0)
src/runtime/store/maps_impl.cpp (+1/-0)
src/store/naive/atomic_items.cpp (+1/-1)
src/store/naive/atomic_items.h (+4/-1)
src/store/naive/collection.h (+1/-0)
src/store/naive/collection_tree_info.h (+1/-0)
src/store/naive/simple_index_value.h (+1/-0)
src/store/naive/simple_lazy_temp_seq.cpp (+2/-2)
src/store/naive/simple_pul.cpp (+3/-6)
src/store/naive/simple_temp_seq.cpp (+1/-0)
src/system/globalenv.cpp (+1/-0)
src/types/casting.cpp (+5/-2)
src/types/schema/XercesParseUtils.cpp (+7/-4)
src/util/stl_util.h (+18/-0)
src/zorbaserialization/serialize_basic_types.cpp (+1/-0)
src/zorbatypes/datetime.h (+3/-4)
src/zorbatypes/datetime/datetimetype.cpp (+9/-8)
src/zorbatypes/datetime/timezone.cpp (+1/-0)
src/zorbatypes/duration.h (+6/-6)
src/zorbatypes/numconversions.cpp (+8/-1)
src/zorbatypes/timezone.h (+1/-1)
Paul J. Lucas (paul-lucas)
description: updated
description: updated
description: updated
Paul J. Lucas (paul-lucas)
Changed in zorba:
assignee: nobody → Nicolae Brinza (nbrinza)
Revision history for this message
Paul J. Lucas (paul-lucas) wrote :

$ g++ -v
Using built-in specs.
Target: i686-apple-darwin11
Configured with: /private/var/tmp/llvmgcc42/llvmgcc42-2336.11~67/src/configure --disable-checking --enable-werror --prefix=/Applications/Xcode.app/Contents/Developer/usr/llvm-gcc-4.2 --mandir=/share/man --enable-languages=c,objc,c++,obj-c++ --program-prefix=llvm- --program-transform-name=/^[cg][^.-]*$/s/$/-4.2/ --with-slibdir=/usr/lib --build=i686-apple-darwin11 --enable-llvm=/private/var/tmp/llvmgcc42/llvmgcc42-2336.11~67/dst-llvmCore/Developer/usr/local --program-prefix=i686-apple-darwin11- --host=x86_64-apple-darwin11 --target=i686-apple-darwin11 --with-gxx-include-dir=/usr/include/c++/4.2.1
Thread model: posix
gcc version 4.2.1 (Based on Apple Inc. build 5658) (LLVM build 2336.11.00)

$ flex --version
flex 2.5.35 Apple(flex-31)

$ bison --version
bison (GNU Bison) 2.7

Paul J. Lucas (paul-lucas)
Changed in zorba:
status: New → Fix Committed
Dana Florescu (dflorescu)
Changed in zorba:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.