[RTEMS Project] #3755: leak in realloc

RTEMS trac trac at rtems.org
Thu Aug 6 19:47:33 UTC 2020 

#3755: leak in realloc
--------------------------+---------------------
 Reporter:  Jeffrey Hill  |       Owner:  (none)
     Type:  defect        |      Status:  new
 Priority:  normal        |   Milestone:
Component:  score         |     Version:  4.11
 Severity:  normal        |  Resolution:
 Keywords:  realloc leak  |  Blocked By:
 Blocking:                |
--------------------------+---------------------

Comment (by Jeffrey Hill):

 I feel obligated to update this issue with information about an
 interesting coincidence.

 The coincidence is that recently I have discovered, based on experimental
 evidence, that removing calls to GCC's de-mangler appears to eliminate
 some rare pool corruption incidents. Now admittedly, this function has a
 very complicated API and the possibility for pilot error is high. However,
 I repeatedly re-code the call to this function in multiple ways, following
 examples on the web, and the end result is always the same, if I wait long
 enough; corrupted pool. I expect some sort of re-entrant function state
 bug in a multi-threaded context.

 Below is my call to the gcc de-mangler. The pointer to the Thread Private
 class below is obtained from a thread private variable.

 Ok, so here is the coincidence; I haven't looked inside the de-mangler,
 but one could make a pretty good guess that it might internally make some
 calls to realloc. I also looked at our production builds and we currently
 have Lua configured to not base its memory allocator on realloc, when its
 an RTEMS build.

 {{{#!C++
 string ThreadPrivate :: demangle ( const char * const pMangledName )
 {
     /*
      * on nios2 with gcc 4.8 the implementation of
      * __cxa_demangle appears to corrupt pool no
      * matter if it is called to reuse a thread
      * private storage or not
      */
 #if __GNUC__ >= 6
     int status = -1000;
     char * const pBufResult =
         abi :: __cxa_demangle ( pMangledName, m_pBuf,
                                     & m_bufLen, & status );
     if ( pBufResult ) {
         m_pBuf = pBufResult;
         if ( status == 0 ) {
             return string ( pBufResult );
         }
     }
 #endif
     return string ( pMangledName );
 }
 }}}

--
Ticket URL: <http://devel.rtems.org/ticket/3755#comment:18>
RTEMS Project <http://www.rtems.org/>
RTEMS Project

More information about the bugs mailing list