[Mono-bugs] [Bug 327438] New: [PATCH] Mono crashes with invalid g_free call

bugzilla_noreply at novell.com bugzilla_noreply at novell.com
Sat Sep 22 03:01:38 EDT 2007 

https://bugzilla.novell.com/show_bug.cgi?id=327438#c5

           Summary: [PATCH] Mono crashes with invalid g_free call
           Product: Mono: Runtime
           Version: unspecified
          Platform: Other
        OS/Version: Other
            Status: NEW
          Severity: Normal
          Priority: P5 - None
         Component: misc
        AssignedTo: mono-bugs at ximian.com
        ReportedBy: rkumpera at novell.com
         QAContact: mono-bugs at ximian.com
          Found By: ---


Created an attachment (id=174009)
 --> (https://bugzilla.novell.com/attachment.cgi?id=174009)
code to reproduce the bug

Running the attached program it abort with the following trace:

 0xb7dd6060 in raise () from /lib/libc.so.6
#5  0xb7dd7801 in abort () from /lib/libc.so.6
#6  0xb7e0babb in __libc_message () from /lib/libc.so.6
#7  0xb7e116e1 in malloc_printerr () from /lib/libc.so.6
#8  0xb7e12d79 in free () from /lib/libc.so.6
#9  0xb7f5c0d1 in g_free () from /opt/gnome/lib/libglib-2.0.so.0
#10 0x08107a0b in mono_type_create_from_typespec (image=0x8272a98,
type_spec=452984834) at metadata.c:4419
#11 0x08132eb4 in mono_type_retrieve_from_typespec (image=0x8272a98,
type_spec=452984834, context=0x0) at class.c:3615
#12 0x0813436a in mono_type_get_full (image=0x8272a98, type_token=452984834,
context=0x0) at class.c:4240
#13 0x0813589d in mono_ldtoken (image=0x8272a98, token=452984834,
handle_class=0xbfa3d91c, context=0x0) at class.c:4869
#14 0x08187d88 in mono_method_to_ir (cfg=0x82a2c00, method=0x8272fbc,
start_bblock=0x82c923c, end_bblock=0x82c92d4, locals_offset=0, return_var=0x0, 
    dont_inline=0x82c8e10, inline_args=0x0, inline_offset=0, is_virtual_call=0,
shared_context=0x0) at mini.c:7041
#15 0x081952fb in mini_method_compile (method=0x8272fbc, opts=13724159,
domain=0x21f00, run_cctors=1, compile_aot=0, parts=0) at mini.c:10660
#16 0x08196641 in mono_jit_compile_method_inner (method=0x8272fbc,
target_domain=0x21f00, opt=13724159) at mini.c:11073
#17 0x08196e3c in mono_jit_compile_method_with_opt (method=0x8272fbc,
opt=13724159) at mini.c:11241
#18 0x08196f36 in mono_jit_compile_method (method=0x8272fbc) at mini.c:11259
#19 0x081973c5 in mono_jit_runtime_invoke (method=0x8272fbc, obj=0x0,
params=0xbfa3e164, exc=0x0) at mini.c:11377
#20 0x0812070d in mono_runtime_invoke (method=0x8272fbc, obj=0x0,
params=0xbfa3e164, exc=0x0) at object.c:2006
#21 0x08121c1d in mono_runtime_exec_main (method=0x8272fbc, args=0x2ce60,
exc=0x0) at object.c:2835
#22 0x081216ee in mono_runtime_run_main (method=0x8272fbc, argc=0,
argv=0xbfa3e5ac, exc=0x0) at object.c:2631
#23 0x0805956d in mono_jit_exec (domain=0x21f00, assembly=0x82b4a00, argc=1,
argv=0xbfa3e5a8) at driver.c:853
#24 0x0805964a in main_thread_handler (user_data=0xbfa3e43c) at driver.c:888
#25 0x0805b1e6 in mono_main (argc=2, argv=0xbfa3e5a4) at driver.c:1382
#26 0x080586e6 in main (argc=0, argv=0x0) at main.c:6


The fix seens to be trivial, just remove the call to g_free in metadata.c 4419
as MonoType is allocated from a mempool and not g_new.

Expected behavior:

Gracefull termination with a System.TypeLoadException


-- 
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.

More information about the mono-bugs mailing list