← Back to index | Original Bugzilla link

Bug 10838 – Null pointer dereference in gc.gcx.Gcx.isMarked

Status
RESOLVED
Resolution
FIXED
Severity
major
Priority
P2
Component
druntime
Product
D
Version
D2
Platform
x86_64
OS
Mac OS X
Creation time
2013-08-17T11:40:00Z
Last change time
2013-10-30T17:40:29Z
Keywords
pull
Assigned to
nobody
Creator
peter.alexander.au

Comments

Comment #0 by peter.alexander.au — 2013-08-17T11:40:46Z
Running with with the attached file as stdin (/usr/share/dict/words on OSX 10.8.4) results in a seg fault. import std.algorithm, std.range, std.array, std.stdio, std.string; void main() { auto ws = stdin.byLine.map!(a => a.dup.toLower).array; ws.zip(ws.map!(a => a.dup.sort)). array. sort!((a, b) => a[1] > b[1]). group!((a, b) => a[1] == b[1]). array; } % dmd words.d % gdb words ... (gdb) run words < dict ... Program received signal EXC_BAD_ACCESS, Could not access memory. Reason: KERN_INVALID_ADDRESS at address: 0x0000000000000004 0x0000000100025e5d in D2gc3gcx3Gcx8isMarkedMFPvZE2gc3gcx8IsMarked () ... (gdb) bt #0 0x0000000100025e5d in D2gc3gcx3Gcx8isMarkedMFPvZE2gc3gcx8IsMarked () #1 0x000000010001ea5e in thread_processGCMarks () #2 0x0000000100025803 in D2gc3gcx3Gcx11fullcollectMFZm () #3 0x0000000100024b2e in D2gc3gcx3Gcx8bigAllocMFmPPS2gc3gcx4PoolPmZPv () #4 0x00000001000223ac in D2gc3gcx2GC12mallocNoSyncMFmkPmZPv () #5 0x00000001000221da in D2gc3gcx2GC6mallocMFmkPmZPv () #6 0x0000000100021822 in gc_qalloc () #7 0x000000010001c5a4 in D4core6memory2GC6qallocFNaNbmkZS4core6memory8BlkInfo_ () #8 0x000000010001245f in D3std5array88__T8AppenderTAS3std8typecons51__T5TupleTS3std8typecons16__T5TupleTAaTAaZ5TupleTkZ5TupleZ8Appender13ensureAddableMFmZv () #9 0x000000010001275c in D3std5array88__T8AppenderTAS3std8typecons51__T5TupleTS3std8typecons16__T5TupleTAaTAaZ5TupleTkZ5TupleZ8Appender82__T3putTS3std8typecons51__T5TupleTS3std8typecons16__T5TupleTAaTAaZ5TupleTkZ5TupleZ3putMFS3std8typecons51__T5TupleTS3std8typecons16__T5TupleTAaTAaZ5TupleTkZ5TupleZv () #10 0x0000000100011fac in D3std5array149__T5arrayTSmain124__T5GroupS16main10__lambda10TSmain74__T11SortedRangeTAS3std8typecons16__T5TupleTAaTAaZ5TupleS14main9__lambda7Z11SortedRangeZ5GroupZ5arrayFSmain124__T5GroupS16main10__lambda10TSmain74__T11SortedRangeTAS3std8typecons16__T5TupleTAaTAaZ5TupleS14main9__lambda7Z11SortedRangeZ5GroupZAS3std8typecons51__T5TupleTS3std8typecons16__T5TupleTAaTAaZ5TupleTkZ5Tuple () #11 0x0000000100001547 in _Dmain () #12 0x0000000100028cf9 in D2rt6dmain211_d_run_mainUiPPaPUAAaZiZi7runMainMFZv () #13 0x0000000100028845 in D2rt6dmain211_d_run_mainUiPPaPUAAaZiZi7tryExecMFMDFZvZv () #14 0x0000000100028d45 in D2rt6dmain211_d_run_mainUiPPaPUAAaZiZi6runAllMFZv () #15 0x0000000100028845 in D2rt6dmain211_d_run_mainUiPPaPUAAaZiZi7tryExecMFMDFZvZv () #16 0x00000001000287f9 in _d_run_main () #17 0x0000000100028628 in main () I'm running OSX 10.8.4 with DMD 2.063. I've had no success so far trying to produce a smaller test case.
Comment #1 by peter.alexander.au — 2013-08-17T11:46:54Z
Attaching failed as it's too big (2MB). You can find the file at http://poita.org/misc/dict
Comment #2 by maxim — 2013-08-18T03:29:07Z
May be related - http://d.puremagic.com/issues/show_bug.cgi?id=10701 It isn't mentioned explicitly that segfault there also occures in gc.gc.Gcx.isMarked(). By the way, this case can't be reproduced in linux.
Comment #3 by safety0ff.bugz — 2013-10-25T12:16:56Z
https://github.com/D-Programming-Language/druntime/pull/642
Comment #4 by safety0ff.bugz — 2013-10-30T17:40:29Z
Fixed / Duplicate of #10701. See commit: https://github.com/D-Programming-Language/druntime/commit/545b44b934585b0f9ac552da84da73fed385735e