segfault in haskell!

Simon Marlow simonmar@microsoft.com
Fri, 25 Jul 2003 10:59:01 +0100


=20
> I've managed to get a segfault in haskell! And without even using the
> FFI... actually my code uses the FFI, but the changes that=20
> triggered the
> segfault don't involve that, they just use Text.Regex.
>=20
> The code that triggers the segfault is the function produced by:
>=20
> filetype_function :: IO (FilePath -> FileType)
> filetype_function =3D do
>     binsfile <- def_prefval "binariesfile" "_darcs/prefs/binaries"
>     bins <- (liftM lines $ readFile binsfile) `catch`
>              (\e-> if isDoesNotExistError e then return []=20
> else ioError e)
>     let rs =3D map (mkRegex.fixregex) bins
>         isbin f =3D or $ map (\r-> matchRegex r f /=3D Nothing) rs
>         ftf f =3D if isbin f then BinaryFile else TextFile
>         in
>         return ftf
>=20
> and the valgrind report on the segfault is:
>=20
> =3D=3D8705=3D=3D Invalid free() / delete / delete[]
> =3D=3D8705=3D=3D    at 0x4015D6A4: free (vg_clientfuncs.c:185)
> =3D=3D8705=3D=3D    by 0x40399A34: (within /lib/libc-2.3.1.so)
> =3D=3D8705=3D=3D    by 0x40399C13: regfree (in /lib/libc-2.3.1.so)
> =3D=3D8705=3D=3D    by 0x8117683: s67U_entry (in =
/home/droundy/darcs/darcs)
> =3D=3D8705=3D=3D    Address 0x1 is not stack'd, malloc'd or free'd
> =3D=3D8705=3D=3D=20
> =3D=3D8705=3D=3D Invalid read of size 4
> =3D=3D8705=3D=3D    at 0x40399A58: (within /lib/libc-2.3.1.so)
> =3D=3D8705=3D=3D    by 0x40399C13: regfree (in /lib/libc-2.3.1.so)
> =3D=3D8705=3D=3D    by 0x8117683: s67U_entry (in =
/home/droundy/darcs/darcs)
> =3D=3D8705=3D=3D    Address 0x22 is not stack'd, malloc'd or free'd

I've found one possible cause of this: we were calling regfree on the
regular expression structure even if regcomp failed.  This will be fixed
in GHC 6.0.1.

Workaround: don't pass any bogus regular expressions to regcomp.

Cheers,
	Simon