[fpc-devel] bug in string (Ole)variants
Dominique Leducq
dleducq at magellan-ing.fr
Tue Jun 27 09:47:45 CEST 2006
Hi,
I found a bug in the way (Ole)variants that hold strings are handled.
I join a small program that causes a double mem free.
It seems that when passing an OleVariant holding a string to a procedure
expecting a Variant, the reference counter of the Widestring (which
stores the string internally) is not incremented correctly while passing
the parameter.
In the joined test program, this causes a double memory free, which in
turn causes a crash afterwards if you allocate more memory from the heap.
The compiler reserves two Variants on the stack when entering Proc2, and
initializes them (fpc_initialize). They are used for parameter passing
to Proc1. When copying the data into them (thus referencing the
widestring), the reference counter is increased for the first, not for
the second, but both are cleared by fpc_finalize when exiting Proc2, and
the reference counter off the widestring is decreased twice. I did not
identify the role of the second variant, nor the code where data is
copied into it.... I just see with a watchpoint that this happen while
calling Proc1.
I just filed a bug report for this on Mantis :
http://www.freepascal.org/mantis/view.php?id=7095
Dominique Leducq
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: mi_test_variants.pas
URL: <http://lists.freepascal.org/pipermail/fpc-devel/attachments/20060627/34c45ffc/attachment.ksh>
More information about the fpc-devel
mailing list