[Issue 18691] New: assigning a std.regex.Captures with 3 or more groups causes double free
d-bugmail at puremagic.com
d-bugmail at puremagic.com
Thu Mar 29 02:00:44 UTC 2018
https://issues.dlang.org/show_bug.cgi?id=18691
Issue ID: 18691
Summary: assigning a std.regex.Captures with 3 or more groups
causes double free
Product: D
Version: D2
Hardware: x86_64
OS: Linux
Status: NEW
Severity: regression
Priority: P1
Component: phobos
Assignee: nobody at puremagic.com
Reporter: martin.dorey at hitachivantara.com
This minimal test case crashes:
martind at swiftboat:~/tmp/D134366$ cat utilimal.d
import std.regex;
void main() {
auto rx = regex("()()()");
auto ma = "".matchFirst(rx);
ma = "".matchFirst(rx);
}
martind at swiftboat:~/tmp/D134366$
~/download/d/dmd/generated/linux/release/64/dmd -g utilimal.d && valgrind
./utilimal
...
==655== Invalid free() / delete / delete[] / realloc()
==655== at 0x4C29E90: free (vg_replace_malloc.c:473)
==655== by 0x4C1E26: _D3std5regex__T8CapturesTAyaZQo6__dtorMFNbNiNeZv
(/home/martind/download/d/dmd/generated/linux/release/64/../../../../../phobos/std/regex/package.d:565)
==655== by 0x48A1CB: _Dmain (utilimal.d:5)
==655== by 0x4C6F5F:
_D2rt6dmain211_d_run_mainUiPPaPUAAaZiZ6runAllMFZ9__lambda1MFZv (in
/home/martind/tmp/D134366/utilimal)
==655== by 0x4C6DEF: _D2rt6dmain211_d_run_mainUiPPaPUAAaZiZ7tryExecMFMDFZvZv
(in /home/martind/tmp/D134366/utilimal)
==655== by 0x4C6ECE: _D2rt6dmain211_d_run_mainUiPPaPUAAaZiZ6runAllMFZv (in
/home/martind/tmp/D134366/utilimal)
==655== by 0x4C6DEF: _D2rt6dmain211_d_run_mainUiPPaPUAAaZiZ7tryExecMFMDFZvZv
(in /home/martind/tmp/D134366/utilimal)
==655== by 0x4C6D5A: _d_run_main (in /home/martind/tmp/D134366/utilimal)
==655== by 0x4C303D: main (in /home/martind/tmp/D134366/utilimal)
==655== Address 0x5d2be50 is 0 bytes inside a block of size 64 free'd
==655== at 0x4C29E90: free (vg_replace_malloc.c:473)
==655== by 0x4C1E26: _D3std5regex__T8CapturesTAyaZQo6__dtorMFNbNiNeZv
(/home/martind/download/d/dmd/generated/linux/release/64/../../../../../phobos/std/regex/package.d:565)
==655== by 0x4C2D2F:
_D3std5regex__T8CapturesTAyaZQo__T8opAssignZQkMFNbNiNeSQCbQCa__TQBxTQBrZQCfZQw
(/home/martind/download/d/dmd/generated/linux/release/64/../../../../../phobos/std/regex/package.d:685)
==655== by 0x48A181: _Dmain (utilimal.d:6)
==655== by 0x4C6F5F:
_D2rt6dmain211_d_run_mainUiPPaPUAAaZiZ6runAllMFZ9__lambda1MFZv (in
/home/martind/tmp/D134366/utilimal)
==655== by 0x4C6DEF: _D2rt6dmain211_d_run_mainUiPPaPUAAaZiZ7tryExecMFMDFZvZv
(in /home/martind/tmp/D134366/utilimal)
==655== by 0x4C6ECE: _D2rt6dmain211_d_run_mainUiPPaPUAAaZiZ6runAllMFZv (in
/home/martind/tmp/D134366/utilimal)
==655== by 0x4C6DEF: _D2rt6dmain211_d_run_mainUiPPaPUAAaZiZ7tryExecMFMDFZvZv
(in /home/martind/tmp/D134366/utilimal)
==655== by 0x4C6D5A: _d_run_main (in /home/martind/tmp/D134366/utilimal)
==655== by 0x4C303D: main (in /home/martind/tmp/D134366/utilimal)
My testing suggests that this is a regression in 2.079.0 over 2.078.3-0. I
might risk a guess that it's due to the addition of opAssign to the Captures
struct in:
https://github.com/dlang/phobos/commit/59520969ef73eaf0691972ee00b389e5bbc4c8fb#diff-4715499b2ff2d74e4eb3c6f3909c611c
in an attempt by @MartinNowak to "fix Issue 18114 - regex performance
regression". Do we now have big_matches in two Captures objects referring to
the same calloc/free memory but each with their own _refcount? Have we also
leaked any old memory that (lhs) big_matches owned?
--
More information about the Digitalmars-d-bugs
mailing list