search

vermaseren / form

The FORM project for symbolic manipulation of very big expressions
GNU General Public License v3.0
1.16k stars 138 forks source link

Memory bug via expanding the triple dot operator #146

Closed tueda closed 7 years ago

tueda commented 7 years ago

The following code gives memory problems in the assignment of the $-variable:

Auto S x;
L F = x1+...+x123;
#$n = 1;
.end

The first error (of 46) is

FORM 4.1 (Nov 15 2016, v4.1-20131025-263-g033e880) 64-bits  Run: Wed Nov 23 14:41:01 2016
    Auto S x;
    L F = x1+...+x123;
==25300== Invalid write of size 1
==25300==    at 0x51E708: LoadStatement (pre.c:1317)
==25300==    by 0x51D829: PreProcessor (pre.c:961)
==25300==    by 0x5850ED: main (startup.c:1586)
==25300==  Address 0x50d8cdf is 15 bytes inside a block of size 520 free'd
==25300==    at 0x4A06430: free (vg_replace_malloc.c:446)
==25300==    by 0x5AD9A2: M_free (tools.c:2357)
==25300==    by 0x5AE2D0: DoubleLList (tools.c:2814)
==25300==    by 0x51F3E1: ExpandTripleDots (pre.c:1551)
==25300==    by 0x51EB1C: LoadStatement (pre.c:1417)
==25300==    by 0x51D829: PreProcessor (pre.c:961)
==25300==    by 0x5850ED: main (startup.c:1586)

The problem doesn't occur when x1+...+x123 is inlined by hand.

tueda commented 7 years ago

This bug was introduced by ad8f4b7a0de01c798f221de15d2a6e8549584bfa.