[Xorp-hackers] valgrind: selector.cc: Reading free'd memory

Ben Greear greearb at candelatech.com
Tue Sep 29 17:45:19 PDT 2009


Looks like we are running stale node objects that have since
been deleted by the resizing of the _selector entries.

This is from my code tree, so it's possible it's something I added,
but I don't think it is...

I'm going to work on fixing this, but if someone has any quick ideas, feel free
to let me know!



==19682== Invalid read of size 4
==19682==    at 0x5420AB: SelectorList::Node::run_hooks(SelectorMask, XorpFd) (selector.cc:169)

Bug is that 'this' is deleted, as far as I can tell.
selector.cc line 169:
       SelectorMask match = SelectorMask(_mask[i] & m & ~already_matched);

==19682==    by 0x5416DF: SelectorList::wait_and_dispatch(TimeVal&) (selector.cc:486)
==19682==    by 0x52EA2C: EventLoop::do_work(bool) (eventloop.cc:147)
==19682==    by 0x52E8C1: EventLoop::run() (eventloop.cc:100)
==19682==    by 0x4070D2: Rtrmgr::run() (main_rtrmgr.cc:346)
==19682==    by 0x407DB6: main (main_rtrmgr.cc:653)
==19682==  Address 0x4e9bfb4 is 3,524 bytes inside a block of size 3,608 free'd
==19682==    at 0x4A05E3F: operator delete(void*) (vg_replace_malloc.c:342)
==19682==    by 0x542F31: __gnu_cxx::new_allocator<SelectorList::Node>::deallocate(SelectorList::Node*, unsigned long) (new_allocator.h:95)
==19682==    by 0x542821: std::_Vector_base<SelectorList::Node, std::allocator<SelectorList::Node> >::_M_deallocate(SelectorList::Node*, unsigned long) 
(stl_vector.h:146)
==19682==    by 0x542DC0: std::vector<SelectorList::Node, std::allocator<SelectorList::Node> >::_M_fill_insert(__gnu_cxx::__normal_iterator<SelectorList::Node*, 
std::vector<SelectorList::Node, std::allocator<SelectorList::Node> > >, unsigned long, SelectorList::Node const&) (vector.tcc:451)
==19682==    by 0x54278F: std::vector<SelectorList::Node, std::allocator<SelectorList::Node> >::insert(__gnu_cxx::__normal_iterator<SelectorList::Node*, 
std::vector<SelectorList::Node, std::allocator<SelectorList::Node> > >, unsigned long, SelectorList::Node const&) (stl_vector.h:851)
==19682==    by 0x542563: std::vector<SelectorList::Node, std::allocator<SelectorList::Node> >::resize(unsigned long, SelectorList::Node) (stl_vector.h:557)
==19682==    by 0x5408F9: SelectorList::add_ioevent_cb(XorpFd, IoEventType, ref_ptr<XorpCallback2<void, XorpFd, IoEventType> > const&, int) (selector.cc:239)

// Bug is that this deletes old memory and allocates new..we must have saved a pointer to the old
// memory somewhere.
selector.cc:  239
	    _selector_entries.resize(fd + 32);

==19682==    by 0x52EA73: EventLoop::add_ioevent_cb(XorpFd, IoEventType, ref_ptr<XorpCallback2<void, XorpFd, IoEventType> > const&, int) (eventloop.cc:240)
==19682==    by 0x5285C5: AsyncFileReader::start() (asyncio.cc:307)
==19682==    by 0x53BD2D: RunCommandBase::execute() (run_command.cc:358)
==19682==    by 0x44B82A: ModuleManager::Process::startup(std::string&) (module_manager.cc:708)
==19682==    by 0x44AF9A: ModuleManager::execute_process(std::string const&, std::string&) (module_manager.cc:608)

-- 
Ben Greear <greearb at candelatech.com>
Candela Technologies Inc  http://www.candelatech.com



More information about the Xorp-hackers mailing list