ReferenceCountManager::dereference accesses uninitialized memory

Peter Oberndorfer kumbayo84 at arcor.de
Fri May 1 18:23:32 UTC 2009 

Hi,

i updated kdevelop sometimes see the Q_ASSERT(ref) in ReferenceCountManager::dereference fire.
For debugging i ran kdevelop under valgrind, which reported the trace attached.

In the example i added debugging output, which shows a reference count of
1528522103, which is a bit high IMO.
Addrefing such a high invalid value does not result in a immediate obvious crash,
but dereferencing a value of 0 causes the assert.

This happens also when removing .kdevduchain and then starting KDevelop.
Kdevelop loads some files from the last session and during parsing of them
the error is reported by valgrind.

Greetings Peter
-------------- next part --------------
kdevelop(11272)/kdevplatform (language) KDevelop::IndexedQualifiedIdentifier::operator=: ( 1255 ) "" 65538
kdevelop(11272)/kdevplatform (language) KDevelop::enableDUChainReferenceCounting: enabling reference counting
kdevelop(11272)/kdevplatform (language) KDevelop::disableDUChainReferenceCounting: disabling reference counting
kdevelop(11272)/kdevplatform (language) KDevelop::IndexedQualifiedIdentifier::~IndexedQualifiedIdentifier: ( 1256 ) "cmListFileLexer_Token" 65872
kdevelop(11272)/kdevplatform (language) KDevelop::IndexedQualifiedIdentifier::~IndexedQualifiedIdentifier: ( 1257 ) "cmListFileLexer_Token" 65872
kdevelop(11272)/kdevplatform (language) KDevelop::IndexedQualifiedIdentifier::IndexedQualifiedIdentifier: ( 1258 ) "cmListFileLexer_Token" 65872
kdevelop(11272)/kdevplatform (language) KDevelop::IndexedQualifiedIdentifier::IndexedQualifiedIdentifier: ( 1259 ) "" 65538
kdevelop(11272)/kdevplatform (language) KDevelop::IndexedQualifiedIdentifier::operator=: ( 1260 ) "" 65538
kdevelop(11272)/kdevplatform (language) KDevelop::enableDUChainReferenceCounting: enabling reference counting
kdevelop(11272)/kdevplatform (language) KDevelop::disableDUChainReferenceCounting: disabling reference counting
kdevelop(11272)/kdevplatform (language) KDevelop::IndexedQualifiedIdentifier::~IndexedQualifiedIdentifier: ( 1261 ) "cmListFileLexer_Token" 65872
kdevelop(11272)/kdevplatform (language) KDevelop::IndexedQualifiedIdentifier::~IndexedQualifiedIdentifier: ( 1262 ) "cmListFileLexer_Token" 65872
kdevelop(11272)/kdevplatform (language) KDevelop::IndexedQualifiedIdentifier::IndexedQualifiedIdentifier: ( 1263 ) "" 65538
kdevelop(11272)/kdevplatform (language) KDevelop::IndexedQualifiedIdentifier::IndexedQualifiedIdentifier: ( 1264 ) "" 65538
kdevelop(11272)/kdevplatform (language) KDevelop::IndexedQualifiedIdentifier::operator=: ( 1265 ) "" 65538
kdevelop(11272)/kdevplatform (language) KDevelop::IndexedQualifiedIdentifier::~IndexedQualifiedIdentifier: ( 1266 ) "" 65538
kdevelop(11272)/kdevplatform (language) KDevelop::IndexedQualifiedIdentifier::~IndexedQualifiedIdentifier: ( 1267 ) "" 65538
kdevelop(11272)/kdevplatform (language) KDevelop::IndexedQualifiedIdentifier::IndexedQualifiedIdentifier: ( 1268 ) "" 65538
kdevelop(11272)/kdevplatform (language) KDevelop::IndexedQualifiedIdentifier::IndexedQualifiedIdentifier: ( 1269 ) "" 65538
kdevelop(11272)/kdevplatform (language) KDevelop::IndexedQualifiedIdentifier::operator=: ( 1270 ) "" 65538
kdevelop(11272)/kdevplatform (language) KDevelop::IndexedQualifiedIdentifier::~IndexedQualifiedIdentifier: ( 1271 ) "" 65538
kdevelop(11272)/kdevplatform (language) KDevelop::IndexedQualifiedIdentifier::~IndexedQualifiedIdentifier: ( 1272 ) "" 65538
kdevelop(11272)/kdevplatform (language) KDevelop::IndexedQualifiedIdentifier::IndexedQualifiedIdentifier: ( 1273 ) "" 65538
kdevelop(11272)/kdevplatform (language) KDevelop::IndexedQualifiedIdentifier::IndexedQualifiedIdentifier: ( 1274 ) "" 65538
kdevelop(11272)/kdevplatform (language) KDevelop::IndexedQualifiedIdentifier::operator=: ( 1275 ) "" 65538
kdevelop(11272)/kdevplatform (language) KDevelop::IndexedQualifiedIdentifier::~IndexedQualifiedIdentifier: ( 1276 ) "" 65538
kdevelop(11272)/kdevplatform (language) KDevelop::IndexedQualifiedIdentifier::IndexedQualifiedIdentifier: ( 1277 ) "cmListFileLexer_Token_s" 65846
kdevelop(11272)/kdevplatform (language) KDevelop::IndexedQualifiedIdentifier::IndexedQualifiedIdentifier: ( 1278 ) "" 65538
kdevelop(11272)/kdevplatform (language) KDevelop::IndexedQualifiedIdentifier::operator=: ( 1279 ) "" 65538
kdevelop(11272)/kdevplatform (language) KDevelop::enableDUChainReferenceCounting: enabling reference counting
kdevelop(11272)/kdevplatform (language) KDevelop::enableDUChainReferenceCounting: enabling reference counting
kdevelop(11272)/kdevplatform (language) KDevelop::IndexedQualifiedIdentifier::~IndexedQualifiedIdentifier: ( 1280 ) "cmListFileLexer_Token_s" 65846
kdevelop(11272)/kdevplatform (language) KDevelop::IndexedQualifiedIdentifier::~IndexedQualifiedIdentifier: 65846 decreasing
kdevelop(11272)/kdevplatform (language) KDevelop::ReferenceCountManager::decrease: decreasing 0x109f5aca from 1528522103 targetId 65846
==11272==
==11272== Conditional jump or move depends on uninitialised value(s)
==11272==    at 0x5F415DA: KDevelop::ReferenceCountManager::decrease(unsigned int&, unsigned int) (referencecounting.h:69)
==11272==    by 0x5F337F5: KDevelop::IndexedQualifiedIdentifier::~IndexedQualifiedIdentifier() (identifier.cpp:1327)
==11272==    by 0x5F9635D: KDevelop::PersistentSymbolTableItem::~PersistentSymbolTableItem() (persistentsymboltable.cpp:55)
==11272==    by 0x5F96374: KDevelop::PersistentSymbolTableRequestItem::destroy(KDevelop::PersistentSymbolTableItem*, KDevelop::AbstractItemRepository&) (persistentsymboltable.cpp:101)
==11272==    by 0x5F9652A: void KDevelop::Bucket<KDevelop::PersistentSymbolTableItem, KDevelop::PersistentSymbolTableRequestItem, true, 0u>::deleteItem<KDevelop::ItemRepository<KDevelop::PersistentSymbolTableItem, KDevelop::PersistentSymbolTableRequestItem, true, false, 0u, 1048576u> >(unsigned short, unsigned int, KDevelop::ItemRepository<KDevelop::PersistentSymbolTableItem, KDevelop::PersistentSymbolTableRequestItem, true, false, 0u, 1048576u>&) (itemrepository.h:782)
==11272==    by 0x5F969E6: KDevelop::ItemRepository<KDevelop::PersistentSymbolTableItem, KDevelop::PersistentSymbolTableRequestItem, true, false, 0u, 1048576u>::deleteItem(unsigned int) (itemrepository.h:1662)
==11272==    by 0x5F7C1B4: KDevelop::PersistentSymbolTable::addDeclaration(KDevelop::IndexedQualifiedIdentifier const&, KDevelop::IndexedDeclaration const&) (persistentsymboltable.cpp:267)
==11272==    by 0x5F17220: KDevelop::Declaration::setInSymbolTable(bool) (declaration.cpp:646)
==11272==    by 0x5F176F0: KDevelop::Declaration::setIdentifier(KDevelop::Identifier const&) (declaration.cpp:291)
==11272==    by 0xEC3E1AA: KDevelop::ClassDeclaration* DeclarationBuilder::openDeclarationReal<KDevelop::ClassDeclaration>(NameAST*, AST*, KDevelop::Identifier const&, bool, bool, KDevelop::SimpleRange const*) (declarationbuilder.cpp:553)
==11272==    by 0xEC3E899: KDevelop::ClassDeclaration* DeclarationBuilder::openDeclaration<KDevelop::ClassDeclaration>(NameAST*, AST*, KDevelop::Identifier const&, bool, bool) (declarationbuilder.cpp:407)
==11272==    by 0xEC11B96: DeclarationBuilder::openClassDefinition(NameAST*, AST*, bool, KDevelop::ClassDeclarationData::ClassType) (declarationbuilder.cpp:610)
==11272==  Uninitialised value was created by a heap allocation
==11272==    at 0x4024554: operator new(unsigned int) (vg_replace_malloc.c:195)
==11272==    by 0x5F31CFB: KDevelop::QualifiedIdentifier::prepareWrite() (identifier.cpp:1031)
==11272==    by 0x5F32BA2: KDevelop::QualifiedIdentifier::push(KDevelop::Identifier const&) (identifier.cpp:923)
==11272==    by 0x5F167FA: KDevelop::Declaration::qualifiedIdentifier() const (declaration.cpp:334)
==11272==    by 0x5F171DC: KDevelop::Declaration::setInSymbolTable(bool) (declaration.cpp:645)
==11272==    by 0x5F176F0: KDevelop::Declaration::setIdentifier(KDevelop::Identifier const&) (declaration.cpp:291)
==11272==    by 0xEC40F46: KDevelop::ForwardDeclaration* DeclarationBuilder::openDeclarationReal<KDevelop::ForwardDeclaration>(NameAST*, AST*, KDevelop::Identifier const&, bool, bool, KDevelop::SimpleRange const*) (declarationbuilder.cpp:553)
==11272==    by 0xEC41635: KDevelop::ForwardDeclaration* DeclarationBuilder::openDeclaration<KDevelop::ForwardDeclaration>(NameAST*, AST*, KDevelop::Identifier const&, bool, bool) (declarationbuilder.cpp:407)
==11272==    by 0xEC1261D: DeclarationBuilder::openForwardDeclaration(NameAST*, AST*) (declarationbuilder.cpp:368)
==11272==    by 0xEC12B2F: DeclarationBuilder::visitElaboratedTypeSpecifier(ElaboratedTypeSpecifierAST*) (declarationbuilder.cpp:1263)
==11272==    by 0xECF2A6D: Visitor::visit(AST*) (visitor.cpp:113)
==11272==    by 0xECF094D: DefaultVisitor::visitTypedef(TypedefAST*) (default_visitor.cpp:431)
kdevelop(11272)/kdevplatform (language) KDevelop::disableDUChainReferenceCounting: disabling reference counting
kdevelop(11272)/kdevplatform (language) KDevelop::disableDUChainReferenceCounting: disabling reference counting

More information about the KDevelop-devel mailing list