wordexp followed by strcpy = EXC_BAD_ACCESS + sharedlibrary apply-load-rules-all
- by fyngyrz
The implication is a memory problem. I have static allocations for these:
char akdir[400];
char homedir[400];
This crashes on the first strcpy():
void setuplibfoo()
{
long ii;
double x;
wordexp_t result;
// This obtains the user's home directory
// --------------------------------------
homedir[0]=0; // in case wordexp fails
switch (wordexp("~/",&result,0))
{
case 0: // Successful. We'll fall into deallocate when done.
{
strcpy(homedir,result.we_wordv[0]); // <<--- CRASH!
strcpy(akdir,homedir);
strcat(akdir,"ak-plugins/");
vs_status(akdir);
}
case WRDE_NOSPACE: // If the error was WRDE_NOSPACE, then
{ // perhaps part of the result was allocated.
wordfree (&result);
}
default: // all other errors do not require deallocation
{
break;
}
}
...additional code clipped.. doesn't get there on crash.
This is in a shared library I've written that is linked to my application, also something I've written. In this case, it doesn't get very far, although if it starts, it's fine.
...I've read the wordexp docs several times; they say they allocate new objects, so you just set up that type and call them with the address. The switch error model is right from the wordexp docs:
http://www.gnu.org/s/libc/manual/html_mono/libc.html#Wordexp-Example
It doesn't always crash. Just sometimes, and just under 10.6. Never under 10.5
I'm building debug mode with XCode 3.1.1, under OSX 10.5.8 it seems to run ok, I've not seen a crash -- under 10.6, it crashes... sometimes. But always with that same exception, and always in the same place.
The Google has it that this actually means, somehow, that it's too soon to allocate memory. But all the instances I could find were memory errors on the part of the programmer. Overruns, etc. And I can't find any docs on when it IS safe to allocate memory.
Now, the path that expands there is nowhere near 400 characters. it's this (it it completes):
/Users/flake/ak-plugins/
and this:
/Users/flake/
...if it doesn't.
the strcpy... copies 2nd param to first. Theirs to mine. And it works! under 10.5. :/
So is wordexp broke? Is 10.6 broke? Am I cRaZy?
Here's the debugger output:
0x00013446 <+0049> call 0xc98da <dyld_stub_wordexp>
0x0001344b <+0054> test %eax,%eax
0x0001344d <+0056> je 0x13454 <setuplibfoo+63>
0x0001344f <+0058> jmp 0x134da <setuplibfoo+197>
0x00013454 <+0063> mov -0x1c(%ebp),%eax
0x00013457 <+0066> mov (%eax),%eax
0x00013459 <+0068> mov %eax,0x4(%esp)
0x0001345d <+0072> lea 0xb6cc2(%ebx),%eax
0x00013463 <+0078> mov (%eax),%eax
0x00013465 <+0080> mov %eax,(%esp)
0x00013468 <+0083> call 0xc9898 <dyld_stub_strcpy>
0x0001346d <+0088> lea 0xb6cc2(%ebx),%eax <<--CRASH!
