• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: setlocale problem for some locale
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: setlocale problem for some locale

  • Subject: Re: setlocale problem for some locale
  • From: Steve Checkoway <email@hidden>
  • Date: Tue, 16 Jun 2009 12:45:25 -0700

On Jun 16, 2009, at 1:11 AM, Nicholas Ellis wrote:

When using the malloc utilities, I see that there is a double free in setlocale using malloc_info 


It looks like a bug in setlocale() to me.

What I believe is happening is the following, based on looking at <http://www.opensource.apple.com/source/Libc/Libc-498.1.7/locale/setlocale-fbsd.c >.

setlocale is getting called with LC_ALL. This eventually causes the reference count for __global_locale.__lc_numeric_loc to be incremented and then it goes through and tries to load all of the locale categories with loadlocale().

loadlocale(LC_NUMERIC) is one of those that gets called. __numeric_load_locale() gets called and doesn't return _LDP_ERROR so the reference count on __global_locale.__lc_numeric_loc is decremented, and then __global_locale.__lc_numeric_loc is set to NULL.

At some point later, loadlocale() fails and returns NULL. Then all of the new categories are replaced by the old categories, loadlocale() is called again for each (possibly twice). Since __global_locale.__lc_numeric_loc is NULL, XL_RELEASE does not cause a problem in these calls to loadlocale.

Next up, __global_locale._lc_numeric_loc is restored to the previous saved value, the ref count is decremented. At this point, it's probably been freed because the refcount was driven to zero. So __global_locale.__lc_numeric_loc is pointing to freed memory.

The next time setlocale() is called, it will muck around with freed memory (in XL_RETAIN, at least) and then it will try to free the memory again (in XL_RELEASE). This causes the double free error.

Note that in your example program, setlocale() is called 4 times.

Breakpoint 1, 0x91ee1909 in setlocale ()
(gdb) c
Continuing.
val is 123.000000

Breakpoint 1, 0x91ee1909 in setlocale ()
(gdb) c
Continuing.

Breakpoint 1, 0x91ee1909 in setlocale ()
(gdb) c
Continuing.

Breakpoint 1, 0x91ee1909 in setlocale ()
(gdb) c
Continuing.
a.out(643) malloc: *** error for object 0x801c00: double free
*** set a breakpoint in malloc_error_break to debug

You should file a bug report at <http://bugreport.apple.com>.

--
Steve Checkoway




_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden






References: 


 >setlocale problem for some locale (From: Nicholas Ellis <email@hidden>)






    

  • Prev by Date:
Re: ATTR_CMN_FNDRINFO flag in getattrlist()

    • 

  • Next by Date:
Re: ATTR_CMN_FNDRINFO flag in getattrlist()

    • 

  • Previous by thread:
setlocale problem for some locale

    • 

  • Next by thread:
SCSI programming on Mac OS X

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •