[Mono-devel-list] [PATCH] Improper free of return-value string pointers from unmanaged calls
Steven Brown
swbrown at ucsd.edu
Fri Jun 11 00:29:11 EDT 2004
Mono improperly tries to free string pointers passed as the return value
of unmanaged calls via P/Invoke. This removes the code that frees that
string pointer.
I've attached an example of the kind of bug this fixes. Can be tried like:
g++ foo.cc -shared -o foo.so && mcs Test.cs && LD_LIBRARY_PATH=. mono
Test.exe
If you're running valgrind, you'll see something like:
==15815== Thread 3:
==15815== Invalid free() / delete / delete[]
==15815== at 0x40027E7A: free (vg_replace_malloc.c:231)
==15815== by 0x403EB8CD: g_free (in /usr/lib/libglib-2.0.so.0.0.1)
==15815== by 0x418EC4E2: ???
==15815== by 0x418EC53D: ???
==15815== Address 0x418F5728 is not stack'd, malloc'd or free'd
If you aren't, it might or might not crash
(System.NullReferenceException from __icall_wrapper_g_free) depending on
your luck.
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: foo.cc
Url: http://lists.ximian.com/pipermail/mono-devel-list/attachments/20040610/f7fd4e65/attachment.pl
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: Test.cs
Url: http://lists.ximian.com/pipermail/mono-devel-list/attachments/20040610/f7fd4e65/attachment-0001.pl
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: mono-improper-retval-string-free-swb.patch
Url: http://lists.ximian.com/pipermail/mono-devel-list/attachments/20040610/f7fd4e65/attachment-0002.pl
More information about the Mono-devel-list
mailing list