Double free(?) when returning owned self #6682

dotdash · 2013-05-22T15:52:45Z

trait M {
  fn m(self) -> Self;
}

impl M for ~int {
  fn m(self) -> ~int {
    self
  }
}

fn main() {
  (~1).m();
}

This crashes in free().

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ffff7f85700 (LWP 10508)]
__GI___libc_free (mem=0xffffffffffffffff) at malloc.c:2892
2892    malloc.c: No such file or directory.
(gdb) bt
#0  __GI___libc_free (mem=0xffffffffffffffff) at malloc.c:2892
#1  0x00007ffff7a5b859 in libc::funcs::c95::stdlib::free::_e26c3f5a54e72c6::_07pre () from /home/bs/src/rust/../../rust/lib/rustc/x86_64-unknown-linux-gnu/lib/libcore-c3ca5d77d81b46c1-0.7-pre.so
#2  0x0000000000404f38 in ?? ()
#3  0x00007ffff7ae8bdc in __morestack () from /home/bs/src/rust/../../rust/lib/rustc/x86_64-unknown-linux-gnu/lib/libcore-c3ca5d77d81b46c1-0.7-pre.so
#4  0x0000000000000000 in ?? ()

The text was updated successfully, but these errors were encountered:

dotdash · 2013-06-02T13:30:23Z

This is actually not related to the return value, but just passing self by value. The code ends up passing the stack address to glue_drop.

    .type   _ZN14__extensions__9meth_28651m17_7e6e9d6cd229cfd23_00E,@function
_ZN14__extensions__9meth_28651m17_7e6e9d6cd229cfd23_00E:
    .cfi_startproc
    cmpq    %fs:112, %rsp
    ja  .LBB0_0
    movabsq $40, %r10
    movabsq $0, %r11
    callq   __morestack
    ret
.LBB0_0:
    pushq   %rbp
.Ltmp2:
    .cfi_def_cfa_offset 16
.Ltmp3:
    .cfi_offset %rbp, -16
    movq    %rsp, %rbp
.Ltmp4:
    .cfi_def_cfa_register %rbp
    subq    $32, %rsp
    movq    %rdi, -16(%rbp)
    jmp .LBB0_2
.LBB0_1:
    addq    $32, %rsp
    popq    %rbp
    ret
.LBB0_2:
    movq    -16(%rbp), %rax
    movq    %rax, -24(%rbp)
    movabsq $0, %rax
    movq    %rax, %rdi
    movq    %rax, %rsi
    movq    -24(%rbp), %rdx
    callq   _ZN9_ubox_u3217_d8e692bd4656d07e14glue_drop_2877E
    jmp .LBB0_1
.Ltmp5:
    .size   _ZN14__extensions__9meth_28651m17_7e6e9d6cd229cfd23_00E, .Ltmp5-_ZN14__extensions__9meth_28651m17_7e6e9d6cd229cfd23_00E

For types that are passed by value, we can't just cast the value to a pointer, but have to use an alloca and copy the value there. This handling is already present for all other arguments, but was missing for "self". Fixes rust-lang#6682, rust-lang#4850 and rust-lang#4878

For types that are passed by value, we can't just cast the value to a pointer, but have to use an alloca and copy the value there. This handling is already present for all other arguments, but was missing for "self". Fixes #6682 #4850 #4878

Fix let_underscore_drop FP changelog: Fix let_underscore_drop false positives and negatives Fixes rust-lang#6633

dotdash mentioned this issue Jun 2, 2013

Fix passing self by value for types passed by value #6903

Closed

dotdash closed this as completed Jun 3, 2013

flip1995 pushed a commit to flip1995/rust that referenced this issue Feb 11, 2021

Auto merge of rust-lang#6682 - camsteffen:let-underscore-ref, r=llogiq

d792210

Fix let_underscore_drop FP changelog: Fix let_underscore_drop false positives and negatives Fixes rust-lang#6633

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Double free(?) when returning owned self #6682

Double free(?) when returning owned self #6682

dotdash commented May 22, 2013

dotdash commented Jun 2, 2013

Double free(?) when returning owned self #6682

Double free(?) when returning owned self #6682

Comments

dotdash commented May 22, 2013

dotdash commented Jun 2, 2013