rc cases descriptor to be freed
| Bugzilla Link | 582 |
| Created on | Oct 29, 2009 11:37 |
| Version | 1.00beta |
| OS | Linux |
| Architecture | PC |
| Attachments | bug582.sac, bunzip2.sac |
Extended Description
The attached code produces the function: SACf__MAIN__decode__i_488__i this function passes a pointer to an uninitialised descriptor and array to the function: SACf__MAIN__get_bits__i_488__i__i for use as the return value. SACf__MAIN__get_bits__i_488__i__i seems to create the needed descriptor and array and passes them to: SACf__MAIN__compare__i_X__i_6 The first time it does this every thing seems fine the rc goes up and back down however when it calls: SACf__MAIN__compare__i_X__i_6 the second time it just goes down and not up. As a result the descripter is freeded and there for not returned by: SACf__MAIN__get_bits__i_488__i__i and then when SACf__MAIN__decode__i_488__i uses the memory the program segfalts.