[Mono-bugs] [Bug 76605][Nor] New - marshalling causing glibc "double free or corruption" crash?

bugzilla-daemon at bugzilla.ximian.com bugzilla-daemon at bugzilla.ximian.com
Mon Oct 31 17:10:06 EST 2005


Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.

Changed by trow at ximian.com.

http://bugzilla.ximian.com/show_bug.cgi?id=76605

--- shadow/76605	2005-10-31 17:10:06.000000000 -0500
+++ shadow/76605.tmp.26029	2005-10-31 17:10:06.000000000 -0500
@@ -0,0 +1,72 @@
+Bug#: 76605
+Product: Mono: Runtime
+Version: 1.1
+OS: 
+OS Details: 
+Status: NEW   
+Resolution: 
+Severity: 
+Priority: Normal
+Component: interop
+AssignedTo: mono-bugs at ximian.com                            
+ReportedBy: trow at ximian.com               
+QAContact: mono-bugs at ximian.com
+TargetMilestone: ---
+URL: 
+Summary: marshalling causing glibc "double free or corruption" crash?
+
+Beagle is crashing with a "*** glibc detected *** double free or corruption
+(!prev): 0xblahblah" error.
+
+I got a backtrace with gdb, and filled in some of the method names by using
+the info emitted by the runtime when invoked with the -v argument.  The
+full backtrace w/ all threads is attached, but I think the crash is related
+to marshalling a StringBuilder when p/invoking into a C function that takes
+a char* argument.  The relevant section of the backtrace is:
+
+Thread 5 (Thread 1118833584 (LWP 32579)):
+#0  0xffffe410 in ?? ()
+#1  0x42affa04 in ?? ()
+#2  0x00000006 in ?? ()
+#3  0x00007f43 in ?? ()
+#4  0x40146541 in raise () from /lib/tls/libc.so.6
+#5  0x40147dbb in abort () from /lib/tls/libc.so.6
+#6  0x4017c8b5 in __libc_message () from /lib/tls/libc.so.6
+#7  0x40182842 in malloc_printerr () from /lib/tls/libc.so.6
+#8  0x401831f4 in free () from /lib/tls/libc.so.6
+#9  0x4006e5d2 in g_free () from /opt/gnome/lib/libglib-2.0.so.0
+#10 0x412b0dfd in (wrapper managed-to-native)
+System.Object:__icall_wrapper_mono_marshal_free (intptr)
+#11 0x41fff598 in ?? ()
+#12 0x42affcd8 in ?? ()
+#13 0x082c65f0 in ?? ()
+#14 0x0827bec8 in ?? ()
+#15 0x41fff598 in ?? ()
+#16 0x004aeb40 in ?? ()
+#17 0x00000000 in ?? ()
+#18 0x42affcc4 in ?? ()
+#19 0x412b0ddc in (wrapper managed-to-native)
+System.Object:__icall_wrapper_mono_marshal_free (intptr)
+#20 0x42affcf8 in ?? ()
+#21 0x4220242d in (wrapper managed-to-native)
+Beagle.Util.DirectoryWalker:sys_readdir (intptr,System.Text.StringBuilder)
+#22 0x41fff598 in ?? ()
+#23 0x004aeb40 in ?? ()
+#24 0x00000000 in ?? ()
+#25 0x084f06c0 in ?? ()
+#26 0x082c65f0 in ?? ()
+#27 0x41f22f98 in ?? ()
+#28 0x00000000 in ?? ()
+#29 0x004aeb40 in ?? ()
+#30 0x00000000 in ?? ()
+#31 0x42affcf8 in ?? ()
+#32 0x422023d4 in (wrapper managed-to-native)
+Beagle.Util.DirectoryWalker:sys_readdir (intptr,System.Text.StringBuilder)
+#33 0x42affd14 in ?? ()
+#34 0x422022f1 in Beagle.Util.DirectoryWalker:readdir
+(intptr,System.Text.StringBuilder)
+
+sys_readdir is a small C function that wraps readdir.  This backtrace is a
+bit suspicious, since sys_readdir appears twice... but it is the only
+useful information I've been able to extract.  I've tried reproducing this
+crash with simpler test cases, but have not had any luck.


More information about the mono-bugs mailing list