From: "Chad Rabbitt" Newsgroups: comp.os.msdos.djgpp Subject: Re: sigsegv on delete [] Date: 13 Jan 2000 21:36:49 EST Organization: Concentric Internet Services Lines: 180 Message-ID: <85m241$s2p@journal.concentric.net> References: NNTP-Posting-Host: ts004d10.lon-co.concentric.net X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 5.00.2919.6600 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 To: djgpp AT delorie DOT com DJ-Gateway: from newsgroup comp.os.msdos.djgpp Reply-To: djgpp AT delorie DOT com here's some more info. the bits of code are the files and line numbers in question. i really don't believe i'm running over the array bounds in either case. what information does dynamic memory store besides the actual data? i mean what is stored besides the data in djgpp dynamic memory? it seemed that in gdb, eight bytes extra were stored before and after the array, outside the defined size of the array. these eight bytes before and after the array never changed after the new and before the delete. once deleted, the first bit would change from 0 to 1. anyway, here's the dump and code. i'm hoping you may have seen something similar sometime or can give me a clue into what's wrong. ====BEGIN scrbuf.cpp 34 scrBuffer::~scrBuffer() 35 { 36 Update(_SCRBUFFER_SAVED); 37 38 #ifdef __BORLANDC__ 39 delete huge[] BufferAttributes; 40 delete huge[] Buffer; 41 #else 42 #ifdef __GNUC__ 43 delete [] BufferAttributes; 44 delete [] Buffer; 45 #else 46 #error "Unknown Compiler" 47 #endif 48 #endif 49 delete [] Display; 50 delete [] Saved; 51 } ... 72 int scrBuffer::SetBuffer(unsigned int L, unsigned int C, unsigned int R) 73 { 74 Update(_SCRBUFFER_SAVED); 75 76 #ifdef __BORLANDC__ 77 delete huge[] BufferAttributes; 78 delete huge[] Buffer; 79 #else 80 #ifdef __GNUC__ 81 delete [] BufferAttributes; 82 delete [] Buffer; 83 #else 84 #error "Unknown Compiler" 85 #endif 86 #endif 87 delete [] Display; 88 delete [] Saved; 89 90 BufferAttributes = NULL; 91 Buffer = NULL; 92 Display = NULL; 93 Saved = NULL; 94 95 if (C) Columns = C; 96 if (R) Rows = R; 97 if (L) Lines = L; 98 99 D_Bytes = Columns * Rows; 100 B_Bytes = Lines + Rows; 101 B_Bytes *= Columns; 102 103 Saved = new unsigned char[D_Bytes << 1]; 104 Display = new unsigned char[D_Bytes << 1]; 105 if (Saved == NULL || Display == NULL) { 106 State = _SCRBUFFER_ERROR; 107 return State; 108 } 109 110 #ifdef __BORLANDC__ 111 BufferAttributes = new unsigned char huge[B_Bytes]; 112 Buffer = new unsigned char huge[B_Bytes]; 113 #else 114 #ifdef __GNUC__ 115 BufferAttributes = new unsigned char[B_Bytes]; 116 Buffer = new unsigned char[B_Bytes]; 117 #else 118 #error "Unknown Compiler" 119 #endif 120 #endif 121 if (Buffer == NULL || BufferAttributes == NULL) { 122 State = _SCRBUFFER_ERROR; 123 return State; 124 } 125 126 if (State == _SCRBUFFER_ERROR) State = _SCRBUFFER_ON; 127 128 Clear(); 129 return State; 130 } Exiting due to signal SIGSEGV General Protection Fault at eip=000160e7 eax=002a2f30 ebx=000a8b94 ecx=000a8b94 edx=002c9ac8 esi=000aaabc edi=000a8bcc ebp=000a98d8 esp=000a98cc program=M:\USERS\RABBITT\DST\SEADST.EXE cs: sel=00a7 base=10000000 limit=000bffff ds: sel=00af base=10000000 limit=000bffff es: sel=00af base=10000000 limit=000bffff fs: sel=008f base=0003efb0 limit=0000ffff gs: sel=00bf base=00000000 limit=0010ffff ss: sel=00af base=10000000 limit=000bffff App stack: [000a9b68..00029b68] Exceptn stack: [00029ac4..00027b84] Call frame traceback EIPs: 0x000160e7 _free+119 0x0000f167 ___builtin_delete+23, line 0 of new2.cc 0x0000cd12 __$_9scrBuffer+142, line 50 of scrbuf.cpp 0x00007f9c _BufferClear__12seaInterface+36, line 685 of seaintfc.cpp 0x000027e6 _main+3630, line 238 of seadst.cpp 0x00011392 ___crt1_startup+178 seadst.cpp 124 textptr = new char[81]; 125 strcpy(textptr, "Viewing File "); strcpy(&textptr[13], text); 126 while (fgets(text, 80, file) == text) { 127 sea->Buffer(text); 128 } 129 fclose(file); file = NULL; 130 sea->Status(textptr, "\xb3 \x18/\x19=Scroll \xb3 Esc=Back"); 131 sea->BufferTop(); 132 while (key != ESC) { 133 key = sea->View(); 134 switch (key) { 135 case EXTENDED: 136 getch(); 137 break; 138 default: ; 139 } 140 } 141 delete [] textptr; textptr = NULL; Exiting due to signal SIGSEGV General Protection Fault at eip=00016167 eax=cc8195a0 ebx=000a909c ecx=000a912b edx=cc840138 esi=000a912b edi=73206568 ebp=000a9938 esp=000a992c program=M:\USERS\RABBITT\DST\SEADST.EXE cs: sel=00a7 base=10000000 limit=000bffff ds: sel=00af base=10000000 limit=000bffff es: sel=00af base=10000000 limit=000bffff fs: sel=008f base=0003efb0 limit=0000ffff gs: sel=00bf base=00000000 limit=0010ffff ss: sel=00af base=10000000 limit=000bffff App stack: [000a9b68..00029b68] Exceptn stack: [00029ac4..00027b84] Call frame traceback EIPs: 0x00016167 _free+247 0x0000f237 ___builtin_vec_delete+23, line 0 of new2.cc 0x0000211a _main+1890, line 141 of seadst.cpp 0x00011392 ___crt1_startup+178 ====END "Eli Zaretskii" wrote in message news:Pine DOT SUN DOT 3 DOT 91 DOT 1000112090254 DOT 28074Q-100000 AT is... On 11 Jan 2000, Chad Rabbitt wrote: > 0x..... _free+somenumber > 0x..... ___builtin_vec_delete+somenumber, line 0 of new2.cc > 0x..... _main+somenumber, line xx of main.cpp > etc... > > what is causing sigsegv's on a delete [] statement? Usually this happens when you either write past the end of allocated buffers, or try to free them more than once. Try using YAMD to find this bug. If you want more intelligent help, post the entire crash message, complete with registers' dump and call frame traceback, after running SYMIFY on it.