Bugzilla – Bug 321364
[Patch] GetDelegateForFunctionPointer is crashing
Last modified: 2007-09-15 21:24:46 UTC
---- Reported by jonathan.chambers@ansys.com 2006-06-14 01:00:40 MST ---- Please fill in this template when reporting a bug, unless you know what you are doing. Description of Problem: GetDelegateForFunctionPointer is crashing. Happened somewhere between r60000 and r61000 (I'm try to narrow down). Steps to reproduce the problem: 1. Run attached test app Actual Results: mono Program.exe Inside test_function *** glibc detected *** free(): invalid pointer: 0x081d2ac4 *** ================================================================= Got a SIGABRT while executing native code. This usually indicates a fatal error in the mono runtime or one of the native libraries used by your application. ================================================================= Stacktrace: in (wrapper managed-to-native) System.Runtime.InteropServices.Marshal:GetDelegateForFunctionPointerInternal (intptr,System.Type) <0x4> in (wrapper managed-to-native) System.Runtime.InteropServices.Marshal:GetDelegateForFunctionPointerInternal (intptr,System.Type) <0xfffff4da> in System.Runtime.InteropServices.Marshal:GetDelegateForFunctionPointer (intptr,System.Type) <0x4a> in testapp.Program:Main (string[]) <0x16> in (wrapper runtime-invoke) System.Object:runtime_invoke_void_string[] (object,intptr,intptr,intptr) <0x50c13879> Native stacktrace: mono(mono_handle_native_sigsegv+0x8d) [0x814be4d] [0xffffe440] /lib/tls/i686/cmov/libc.so.6(abort+0xe9) [0xb7d952e9] /lib/tls/i686/cmov/libc.so.6 [0xb7dc770a] /lib/tls/i686/cmov/libc.so.6 [0xb7dcdf74] /lib/tls/i686/cmov/libc.so.6(__libc_free+0x8a) [0xb7dce2ea] /usr/lib/libglib-2.0.so.0(g_free+0x22) [0xb7f1a054] mono(mono_ftnptr_to_delegate+0x1c0) [0x80baa60] [0xb7481861] [0xb7480d13] [0xb7480b87] [0xb7480a53] mono(mono_runtime_exec_main+0x52) [0x80942a2] mono(mono_runtime_run_main+0x133) [0x8097443] mono(mono_main+0xf69) [0x805d239] /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xd2) [0xb7d7fec2] mono [0x805bd71] Aborted Expected Results: no crash How often does this happen? everytime Additional Information: ---- Additional Comments From jonathan.chambers@ansys.com 2006-06-14 01:01:27 MST ---- Created an attachment (id=169985) Zip file of sample program ---- Additional Comments From jonathan.chambers@ansys.com 2006-06-14 01:19:37 MST ---- Somewhere between r60000 and r60500... ---- Additional Comments From jonathan.chambers@ansys.com 2006-06-14 09:19:50 MST ---- and now between r60400 and r60450. ---- Additional Comments From jonathan.chambers@ansys.com 2006-06-14 22:33:32 MST ---- Problem is with r60449, the change on line 385. The sig is allocated from the mempools, but g_free is still called on it below (line 404 in current svn). ---- Additional Comments From jonathan.chambers@ansys.com 2006-06-14 23:00:29 MST ---- Created an attachment (id=169986) Patch ---- Additional Comments From vargaz@gmail.com 2006-06-15 06:26:28 MST ---- Fixed in SVN. Thanks for tracking this down. Keeping it open so I could add some tests for GetDelegateForFunctionPointer (). ---- Additional Comments From vargaz@gmail.com 2006-06-15 14:14:02 MST ---- Fixed in SVN. Imported an attachment (id=169985) Imported an attachment (id=169986) Unknown operating system unknown. Setting to default OS "Other".