[Lazarus] Memory corruption when allocating and freeing 1 byte memory
Juha Manninen
juha.manninen62 at gmail.com
Sat Feb 26 11:54:07 CET 2011
Vincent Snijders kirjoitti lauantai 26 helmikuu 2011 10:27:19:
> It probably is some buffer overrun, at least that is more likely than
> a bug in the heap manager.
>
> WIthout sample source that can be compiled and run it is hard to draw
> any conclusion form the heaptrc and I doubt that anybody can reproduce
> your findings.
True. The actual bug is still hiding somewhere.
It is annoying that there is no systematic way to trap bugs, although we have
compiler features like range checks and heap tracer.
Sometimes a completely unrelated change in code triggers a bug to show up.
My 3-CPU-core computer seems to be good at revealing some bugs that nobody
else can reproduce.
If someone wants to try to reproduce it, this is what I did:
- Latest Lazarus trunk and FPC trunk versions.
- 64-bit AMD CPU, Linux.
- Lazarus built with QT bindings (GTK2 bindings did not show the bug)
- Find in File (Shift-Ctrl-F),
Text to find: "Color ?:="
Options: Regular expressions
Where: Search in directories
Directory: Lazarus source directory + Include sub directories
The search first finds 902 matches, then file
components/codetools/examples/scanexamples/empty.inc
causes the crash.
In total there are around 2000 matches.
The buffer overrun is most likely in the TRegExpr component.
It uses PChar and GetMem while it could just use strings which are more
resistant against memory corruption issues.
Juha
More information about the Lazarus
mailing list