Re: [ng-spice] Segmentation violation on running scripts
--
On Thu, 11 Jan 2001 00:12:00 Bob Carragher wrote:
>Hello,
>
>I too have run into a segmentation fault similar to what Alan
>describes. Perhaps it is the same one. In file variable.c,
>function cp_setparse(), at roughly line 359, is a call to
>tfree(),
>
> tfree(ss);/*DG: cp_unquote Memory leak*/
>
>This will eventually cause variable ss to be passed to free().
>It is at this point that a segmentation violation can occur.
>
>The call is located a few lines after a call to ft_numparse(),
>
> td = ft_numparse(&ss, FALSE);
>
>If I understand that function correctly, it can update the
>value of variable ss. Unfortunately, trying to free ss is
>what causes the segmentation violation. A fix would be to
>keep a copy of the original value of ss before it is passed
>to ft_numparse(), then pass that location to tfree() instead
>of ss. (That is the fix that I have applied to my local copy.)
>
>Is or will this fixed in a subsequent rework of NG Spice?
Yes,
I have already pointed out this problem in a previous mail.
This bug should be fixed in a next release; Here is the mail i sent
Cheers
********
Hi all,
I think that i know now why variable.c fails to run in some cases.
The reason is to be found in the cp_setparse function.
I used previously to free the pointer ss before call of the ft_numparse
function:
ss = cp_unquote(wl->wl_word);
td = ft_numparse(&ss, FALSE);
...
tfree(ss);
Here is the problem. When ss contains a number, the ft_numparse
increment ss so that at the end of the parsing ss points to the
end of the allocated area. Freeing ss results to a segfault. If
ss doesnot contains a number there is no problem.
So to fix the bug something like the following must be done.
copyval=ss = cp_unquote(wl->wl_word);
td = ft_numparse(&ss, FALSE);
...
tfree(copyval);
Apologies.
glao
HotBot - Search smarter.
http://www.hotbot.com
Partial thread listing:
- Re: [ng-spice] Segmentation violation on running scripts, (continued)
- Mark C. Johnson