Description of Problem: When trying to build lclint beta-release I get a bison coredump while compiling its cgrammar.y file. Using ElectricFence shows a duplicate free() in src/symtab.c:145: | XFREE(bp->tag) src/reduce.c:362 seems to responsible: | free(tags[i]); because tags[i] is assigned as 'tags[bp->value] = bp->tag;' in reader.c. Therefore, multiple free() can happen on the same bp->tag. Removing the line in reduce.c removes the coredump also, but I don't know if it opens memory leaks (I have not found a place where tags[i] got a newly allocated value assigned, so this should not happen). BTW: Please add an URL tag to the rpm-package; it would make it easier to determine an address for upstream bugreports. Version-Release number of selected component (if applicable): bison-1.30-2 ElectricFence-2.2.2-8 How Reproducible: everytime Steps to Reproduce: 1. wget http://lclint.cs.virginia.edu/downloads/lclint-3.0.0.17.src.tgz 2. tar -xzf lclint-3.0.0.17.src.tgz 3. cd lclint-3.0.0.17/src/ 4. export EF_PROTECT_FREE=1 4. ef bison -d cgrammar.y Actual Results: $ ef bison -d cgrammar.y Electric Fence 2.2.0 Copyright (C) 1987-1999 Bruce Perens <bruce> cgrammar.y contains 1 useless nonterminal and 1 useless rule ElectricFence Aborting: free(404d4fe8): address not from malloc(). /usr/bin/ef: line 20: 8535 Illegal instruction (core dumped) ( export LD_PRELOAD=libefence.so.0.0; exec $* ) Expected Results: no coredump
Thanks for your infos. It should be fixed in bison-1.30-3. sorry, i don't find a valid Url for bison!
FYI: reported it upstream (see http://mail.gnu.org/pipermail/bug-bison/2001-November/000893.html) URL tag should be "http://www.gnu.org/software/bison/bison.html"