Date: Sat, 11 Oct 1997 16:50:14 -0700 (PDT) Message-Id: <199710112350.QAA25258@adit.ap.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" To: ao950 AT FreeNet DOT Carleton DOT CA (Paul Derbyshire), djgpp AT delorie DOT com From: Nate Eldredge Subject: Re: Bug in __builtin_new in GCC!! Precedence: bulk At 09:55 10/10/1997 GMT, Paul Derbyshire wrote: > > >Compiling a C++ program I encountered repeated SIGSEGV in __builtin_new. >The lines causing the problem are > >array=new int[_size*2] > >and > >if (!_next) _next=new BlankListItem > >Debugger use showed that _size is a legit value in the former occurrence, >namely 1, so _size*2 is 2. Array is a local variable of type int *. _size >is a member of an object and the object came from a pointer, but the >object exists (pointer is valid) so accessing _size isn't causing it to seg >out. >In the latter case, similarly _next is legitimate, has value NULL, and >this time there aren't even any arguments to new. > >I am forced to conclude that there is a bug in GCC's implementation of >new, because new is apparently segging out when every input to new is >legit. I verified that the malloc arena is not being corrupted. >Specifically, I am nowhere writing arrays out of bounds, everything I new >I delete, everything I array-new I array-delete, and I'm not leaking core. It isn't gcc's fault. AFAIK, __builtin_new just calls malloc, so if anything, the bug is in the malloc code. You can try getting the malloc source, compiling with -g, ar'ing into libc.a (save a backup), recompiling, and using a debugger to see exactly where you crash. You might also try Sentinel (check SET's home page) to make sure you aren't messing up the arena. Also, maybe try stripping it down as much as possible, like don't `delete' *anything*, don't write to the arrays at all, etc. Nate Eldredge eldredge AT ap DOT net