| Anonymous | Login | Signup for a new account | 2013-05-19 15:34 CEST |  |
| Main | My View | View Issues | Change Log | Roadmap |
| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | |||
| 0004234 | OCaml | OCaml general | public | 2007-03-20 00:14 | 2007-03-26 20:00 | |||
| Reporter | MatthewFluet | |||||||
| Assigned To | ||||||||
| Priority | normal | Severity | minor | Reproducibility | always | |||
| Status | closed | Resolution | fixed | |||||
| Platform | OS | OS Version | ||||||
| Product Version | ||||||||
| Target Version | Fixed in Version | 3.10+dev | ||||||
| Summary | 0004234: out-of-range bugs in globroots.c | |||||||
| Description | There appear to be a a bug in the management of global roots, related to registering very many global roots. I see a segmentation fault (on both amd64-linux and x86-darwin) with the following program: crash.c: /**********/ #include <stdlib.h> #include "caml/mlvalues.h" #include "caml/memory.h" struct crash_s { value v; }; void crash_fn(value v) { struct crash_s* p; p = (struct crash_s*) malloc(sizeof(struct crash_s)); caml_register_global_root(&(p->v)); caml_remove_global_root(&(p->v)); free(p); return; } /**********/ crash.ml (**********) external crash_fn : unit -> unit = "crash_fn" let rec crashLoop () = (crash_fn (); crashLoop ()) let _ = crashLoop () (**********) | |||||||
| Additional Information | I believe that the issue arises from the fact that random_level function of byterun/globroots.c may return the value 15 (or 16), but all of the arrays have size MAX_LEVEL (= 15), so accessing index 15 (or 16) yields undefined results. Furthermore, despite the Assert in the random_level function, random_level may return the value 16 (observed by repeatedly calling random_level). Indeed, if r is set equal to 0xFFFFFFFFU by the PRNG, then random_level will return 16. Nonetheless, the fix seems clear: Change #define MAX_LEVELS 15 to #define MAX_LEVELS 16 and change array declarations ty arr[MAX_LEVELS]; to ty arr[MAX_LEVELS+1]; | |||||||
| Tags | No tags attached. | |||||||
| Attached Files | ||||||||
 Relationships |
|
 Relationships |
|
Notes |
|
|
(0003981) MatthewFluet (reporter) 2007-03-20 00:17 |
Oops, failed to change Category to "OCaml general". |
|
(0003994) doligez (manager) 2007-03-26 20:00 |
This will be fixed for 3.10. Thanks for the nice report. |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2007-03-20 00:14 | MatthewFluet | New Issue | |
| 2007-03-20 00:17 | MatthewFluet | Note Added: 0003981 | |
| 2007-03-26 15:00 | doligez | Category | Caml-light => OCaml general |
| 2007-03-26 20:00 | doligez | Note Added: 0003994 | |
| 2007-03-26 20:00 | doligez | Status | new => closed |
| 2007-03-26 20:00 | doligez | Resolution | open => fixed |
| 2007-03-26 20:00 | doligez | Fixed in Version | => 3.10+dev |
|
Issue History |
| Copyright © 2000 - 2011 MantisBT Group |
 |