[fpc-devel] bug in string (Ole)variants
Dominique Leducq
dleducq at magellan-ing.fr
Tue Jun 27 09:47:45 CEST 2006
Hi,
I found a bug in the way (Ole)variants that hold strings are handled.
I join a small program that causes a double mem free.
It seems that when passing an OleVariant holding a string to a procedure =
expecting a Variant, the reference counter of the Widestring (which =
stores the string internally) is not incremented correctly while passing =
the parameter.
In the joined test program, this causes a double memory free, which in =
turn causes a crash afterwards if you allocate more memory from the heap.
The compiler reserves two Variants on the stack when entering Proc2, and =
initializes them (fpc_initialize). They are used for parameter passing =
to Proc1. When copying the data into them (thus referencing the =
widestring), the reference counter is increased for the first, not for =
the second, but both are cleared by fpc_finalize when exiting Proc2, and =
the reference counter off the widestring is decreased twice. I did not =
identify the role of the second variant, nor the code where data is =
copied into it.... I just see with a watchpoint that this happen while =
calling Proc1.
I just filed a bug report for this on Mantis :
http://www.freepascal.org/mantis/view.php?id=3D7095
Dominique Leducq
-------------- next part --------------
program test_variants2;
uses
variants;
procedure Proc1(V : Variant);
begin
WriteLn('Proc1');
end;
procedure Proc2(V : OleVariant);
begin
WriteLn('Proc2');
Proc1(V);
Proc1(V);
end;
const
s: string =3D 'a';
begin
Proc2(s);
Proc2(s);
end.
More information about the fpc-devel
mailing list