Closed jin-eld closed 3 years ago
Looks like you're using a pretty old version of the library, because that stack trace doesn't match up to the code.
Oops, I should have posted the version of course: libconfig-1.7.2-6.fc33.x86_64 which is the latest offered by Fedora 33, 1.7.2 seems also to be the latest release version available on https://hyperrealm.github.io/libconfig/
Looks like I've been lazy with the releases :-( I'll make a new one within the next couple of days.
Cool, thank you! I'll retest as soon as it's out :>
I wanted to check if the problem got fixed in the newer code I pulled master HEAD (commit 5ea446216255e90bfdbf646a06404e37651f192b) and retried, seems that the issue is still there:
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7e4ef00 in free () from /lib64/libc.so.6
(gdb) bt
#0 0x00007ffff7e4ef00 in free () from /lib64/libc.so.6
#1 0x00007ffff7fc3b85 in libconfig_strvec_delete (vec=0x405540) at strvec.c:69
#2 0x00007ffff7fc0895 in config_destroy (config=0x7fffffffdff0)
at libconfig.c:723
#3 0x000000000040125e in main () at test.c:36
I suspect the issue is that config_destroy()
tries to free config->filenames
which has already been freed by config_clear()
.
A quick fix that works for me is to set config->filenames
back to NULL after freeing:
diff --git a/lib/libconfig.c b/lib/libconfig.c
index e26e5e8..38e8623 100644
--- a/lib/libconfig.c
+++ b/lib/libconfig.c
@@ -732,7 +732,7 @@ void config_clear(config_t *config)
/* Destroy the root setting (recursively) and then create a new one. */
__config_setting_destroy(config->root);
libconfig_strvec_delete(config->filenames);
-
+ config->filenames = NULL;
config->root = __new(config_setting_t);
config->root->type = CONFIG_TYPE_GROUP;
config->root->config = config;
@jin-eld Your fix looks good to me.
If config->filenames
is meant to be reused, it has to be set to NULL
after freeing memory.
The unit tests do not fail and Valgrind does not complain.
@thomastrapp Thanks for checking, I was not sure if it had any deeper implications as I did not have time to dig into other functions that make use of config->filenames
, the unit tests did not fail indeed.
@hyperrealm if you'd like me to submit a PR, I can do that, I felt its probably not worth for a 1-liner and easier for you to quick patch yourself. Looking forward to a new release with the fix :)
@hyperrealm any chance you could roll a new release?
Sorry for delay...this turned out to be a double-free of config->filenames, because it wasn't set to NULL in config_clear(). I'll have a new release with this fix shortly.
This is fixed in the new release 1.7.3
Great, thank you!
Sure thing. I just now noticed the earlier comments where you'd found the solution yourself!
Hi,
I am looking at a segfault and as far as I can tell I am not doing anything wrong...
The trigger seems to be a call to
config_clear()
combined with loading of a configuration file. If I commentconfig_clear()
out, then it won't crash. The actual segfault happens inconfig_destroy()
.Sample config (save as
/tmp/test.cfg
):Code:
To compile:
gcc -ggdb -O0 -o test test.c $(pkg-config --cflags --libs libconfig)
Backtrace:
The saved file
/tmp/new.cfg
looks as expected in both cases, i.e. with and without the call toconfig_clear()
.Am I using the library in a wrong way, or is this a bug?