[Lazarus] Memory corruption when allocating and freeing 1 byte memory

Vincent Snijders vincent.snijders at gmail.com
Sat Feb 26 09:27:19 CET 2011


2011/2/25 Juha Manninen <juha.manninen62 at gmail.com>:
> Hi
>
> I fixed a nasty memory corruption issue in r29667.
> It happens when TRegExpr is passed an empty source file.
> SearchFrm.pas has:
>     RE.InputString:=Src;
>
> Then GetMem reserves only 1 byte of memory.
> Then FreeMem causes a crash and Lazarus dies (in my machine, in certain
> conditions):
>
> Marked memory at $00007F806D2E3D00 invalid
> Wrong signature $1BD5F2DE instead of 4125C513
>  $00000000005D12E2 line 678 of ../inc/heaptrc.pp
>  $00000000005D1401 line 718 of ../inc/heaptrc.pp
>  $00000000005C4586 line 291 of ../inc/heap.inc
>  $0000000000F90D8A line 1187 of synregexpr.pas
>  $00000000005BDD8F line 278 of ../inc/objpas.inc
>  $00000000005F0C23 line 132 of ../objpas/sysutils/sysutils.inc
>  $0000000001155D54 line 603 of searchfrm.pas
>  $0000000001158607 line 873 of searchfrm.pas
>  $0000000001157C34 line 780 of searchfrm.pas
>
>
> No useful backtrace was available from gdb and I was looking for the reason
> for some time.
> This may be a bug in FPC heap manager (?) maybe related to 64-bits.
> My system is AMD 64-bit Fedora Linux.
>
> The strange thing is that I experienced the crash only with QT bindings
> although the problem has nothing to do with widget bindings.
> Strange...
> I bet most developers can't reproduce my findings (again).

It probably is some buffer overrun, at least that is more likely than
a bug in the heap manager.

WIthout sample source that can be compiled and run it is hard to draw
any conclusion form the heaptrc and I doubt that anybody can reproduce
your findings.

Vincent




More information about the Lazarus mailing list