Fix leak_test crash in print_callers if free() is redirected

* dbg_mlc.c [REDIRECT_MALLOC && (GC_LINUX_THREADS || GC_SOLARIS_THREADS
|| MSWIN32 || NEED_CALLINFO && GC_HAVE_BUILTIN_BACKTRACE)]
(GC_debug_free): If the object is not in the GC heap then just return
(instead of ABORT).
* malloc.c [REDIRECT_MALLOC && NEED_CALLINFO
&& GC_HAVE_BUILTIN_BACKTRACE] (GC_free): If hhdr is null (i.e. the
object is not in the GC heap) then return without the object
deallocation; add comment.
* os_dep.c [NEED_CALLINFO && GC_HAVE_BUILTIN_BACKTRACE
&& !GC_BACKTRACE_SYMBOLS_BROKEN] (GC_print_callers): Adjust comment
for free().

diff --git a/dbg_mlc.c b/dbg_mlc.c
index 21d423daf3c7967c7cd4a3c10c8818a2f6ff902f..724d9cff5be6b7195705319a9b0843618f171bc1 100644 (file)
--- a/dbg_mlc.c
+++ b/dbg_mlc.c
@@ -837,6 +837,14 @@ GC_API void GC_CALL GC_debug_free(void * p)
 
     base = GC_base(p);
     if (base == 0) {
+#     if defined(REDIRECT_MALLOC) \
+         && ((defined(NEED_CALLINFO) && defined(GC_HAVE_BUILTIN_BACKTRACE)) \
+             || defined(GC_LINUX_THREADS) || defined(GC_SOLARIS_THREADS) \
+             || defined(MSWIN32))
+        /* In some cases, we should ignore objects that do not belong   */
+        /* to the GC heap.  See the comment in GC_free.                 */
+        if (!GC_is_heap_ptr(p)) return;
+#     endif
       ABORT_ARG1("Invalid pointer passed to free()", ": %p", p);
     }
     if ((ptr_t)p - (ptr_t)base != sizeof(oh)) {

diff --git a/malloc.c b/malloc.c
index 28b2ac6cf33a0f26cd52490f5eaf5f60c715a041..502b3e3b02099a1203666994f5117bb61d1c4f2e 100644 (file)
--- a/malloc.c
+++ b/malloc.c
@@ -520,8 +520,11 @@ GC_API void GC_CALL GC_free(void * p)
     h = HBLKPTR(p);
     hhdr = HDR(h);
 #   if defined(REDIRECT_MALLOC) && \
-        (defined(GC_SOLARIS_THREADS) || defined(GC_LINUX_THREADS) \
+        ((defined(NEED_CALLINFO) && defined(GC_HAVE_BUILTIN_BACKTRACE)) \
+         || defined(GC_SOLARIS_THREADS) || defined(GC_LINUX_THREADS) \
          || defined(MSWIN32))
+        /* This might be called indirectly by GC_print_callers to free  */
+        /* the result of backtrace_symbols.                             */
         /* For Solaris, we have to redirect malloc calls during         */
         /* initialization.  For the others, this seems to happen        */
         /* implicitly.                                                  */

diff --git a/os_dep.c b/os_dep.c
index a2afb1e764fbf0f017c4ca444fe665c0a7d3c921..62e42040062d7946daa232226d434b539506f902 100644 (file)
--- a/os_dep.c
+++ b/os_dep.c
@@ -4723,7 +4723,7 @@ GC_INNER void GC_print_callers(struct callinfo info[NFRAMES])
           GC_err_printf("\t\t%s\n", name);
 #         if defined(GC_HAVE_BUILTIN_BACKTRACE) \
              && !defined(GC_BACKTRACE_SYMBOLS_BROKEN)
-            free(sym_name);  /* May call GC_free; that's OK */
+            free(sym_name);  /* May call GC_[debug_]free; that's OK */
 #         endif
         }
     }