You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Original bug ID: 4234 Reporter: MatthewFluet Status: closed (set by @damiendoligez on 2007-03-26T18:00:23Z) Resolution: fixed Priority: normal Severity: minor Fixed in version: 3.10+dev Category: ~DO NOT USE (was: OCaml general) Monitored by:@mmottl
Bug description
There appear to be a a bug in the management of global roots, related to registering very many global roots.
I see a segmentation fault (on both amd64-linux and x86-darwin) with the following program:
crash.ml
(**********)
external crash_fn : unit -> unit = "crash_fn"
let rec crashLoop () = (crash_fn (); crashLoop ())
let _ = crashLoop ()
(**********)
Additional information
I believe that the issue arises from the fact that random_level function of byterun/globroots.c may return the value 15 (or 16), but all of the arrays have size MAX_LEVEL (= 15), so accessing index 15 (or 16) yields undefined results.
Furthermore, despite the Assert in the random_level function, random_level may return the value 16 (observed by repeatedly calling random_level).
Indeed, if r is set equal to 0xFFFFFFFFU by the PRNG, then random_level will return 16.
Nonetheless, the fix seems clear:
Change
#define MAX_LEVELS 15
to
#define MAX_LEVELS 16
and change array declarations
ty arr[MAX_LEVELS];
to
ty arr[MAX_LEVELS+1];
The text was updated successfully, but these errors were encountered:
Original bug ID: 4234
Reporter: MatthewFluet
Status: closed (set by @damiendoligez on 2007-03-26T18:00:23Z)
Resolution: fixed
Priority: normal
Severity: minor
Fixed in version: 3.10+dev
Category: ~DO NOT USE (was: OCaml general)
Monitored by: @mmottl
Bug description
There appear to be a a bug in the management of global roots, related to registering very many global roots.
I see a segmentation fault (on both amd64-linux and x86-darwin) with the following program:
crash.c:
/**********/
#include <stdlib.h>
#include "caml/mlvalues.h"
#include "caml/memory.h"
struct crash_s {
value v;
};
void crash_fn(value v) {
struct crash_s* p;
p = (struct crash_s*) malloc(sizeof(struct crash_s));
caml_register_global_root(&(p->v));
caml_remove_global_root(&(p->v));
free(p);
return;
}
/**********/
crash.ml
(**********)
external crash_fn : unit -> unit = "crash_fn"
let rec crashLoop () = (crash_fn (); crashLoop ())
let _ = crashLoop ()
(**********)
Additional information
I believe that the issue arises from the fact that random_level function of byterun/globroots.c may return the value 15 (or 16), but all of the arrays have size MAX_LEVEL (= 15), so accessing index 15 (or 16) yields undefined results.
Furthermore, despite the Assert in the random_level function, random_level may return the value 16 (observed by repeatedly calling random_level).
Indeed, if r is set equal to 0xFFFFFFFFU by the PRNG, then random_level will return 16.
Nonetheless, the fix seems clear:
Change
#define MAX_LEVELS 15
to
#define MAX_LEVELS 16
and change array declarations
ty arr[MAX_LEVELS];
to
ty arr[MAX_LEVELS+1];
The text was updated successfully, but these errors were encountered: