Date: Tue, 14 Oct 1997 19:23:47 -0700 (PDT)
Message-Id: <199710150223.TAA04283@adit.ap.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
To: ao950 AT FreeNet DOT Carleton DOT CA (Paul Derbyshire), djgpp AT delorie DOT com
From: Nate Eldredge <eldredge AT ap DOT net>
Subject: Re: Bug in __builtin_new in GCC!!
Precedence: bulk

At 09:55  10/10/1997 GMT, Paul Derbyshire wrote:
>
>
>Compiling a C++ program I encountered repeated SIGSEGV in __builtin_new.
>[snipped]
>Debugger use showed that _size is a legit value in the former occurrence,
>namely 1, so _size*2 is 2. Array is a local variable of type int *. _size
>is a member of an object and the object came from a pointer, but the
>object exists (pointer is valid) so accessing _size isn't causing it to seg
>out.
>In the latter case, similarly _next is legitimate, has value NULL, and
>this time there aren't even any arguments to new.
>
>I am forced to conclude that there is a bug in GCC's implementation of
>new, because new is apparently segging out when every input to new is
>legit. I verified that the malloc arena is not being corrupted.
>Specifically, I am nowhere writing arrays out of bounds, everything I new
>I delete, everything I array-new I array-delete, and I'm not leaking core.

Sorry, I think you are wrong. I recompiled malloc with RCHECK defined, which
adds some checking of the arena, and it got one of its magic numbers
clobbered. I believe you are overruning an array somewhere. I don't have
time to try to figure out where, and I don't know C++ that well, but try
Sentinel to help you find the bug. SET's home page, where I believe it may
be found, is:
http://www.geocities.com/SiliconValley/Vista/6552/

Hope this helps.

Nate Eldredge
eldredge AT ap DOT net