#7919: Heap corruption (segfault) from large 'let' expression -------------------------------+-------------------------------------------- Reporter: duncan | Owner: Type: bug | Status: patch Priority: normal | Milestone: Component: Runtime System | Version: 7.6.3 Keywords: | Os: Linux Architecture: x86_64 (amd64) | Failure: Runtime crash Difficulty: Unknown | Testcase: Blockedby: | Blocking: Related: | -------------------------------+-------------------------------------------- Changes (by igloo): * status: new => patch * difficulty: => Unknown Comment: The program works with this patch: {{{ diff --git a/rts/sm/GCUtils.c b/rts/sm/GCUtils.c index 996b5f6..97d07ea 100644 --- a/rts/sm/GCUtils.c +++ b/rts/sm/GCUtils.c @@ -180,7 +180,7 @@ todo_block_full (nat size, gen_workspace *ws) // the limit. if (!looksEmptyWSDeque(ws->todo_q) || (ws->todo_free - bd->u.scan < WORK_UNIT_WORDS / 2)) { - if (ws->todo_free + size < bd->start + bd->blocks * BLOCK_SIZE_W) { + if (ws->todo_free + size <= bd->start + bd->blocks * BLOCK_SIZE_W) { ws->todo_lim = stg_min(bd->start + bd->blocks * BLOCK_SIZE_W, ws->todo_lim + stg_max(WORK_UNIT_WORDS,size)); debugTrace(DEBUG_gc, "increasing limit for %p to %p", bd->start, ws->todo_lim); }}} (note that the comment says "It cannot be empty, because then there would be enough room to copy the current object", but the comment and this guard don't agree when the size exactly fills the available space). I haven't looked at what exactly is going on, so want to check that this really looks right before committing, though. -- Ticket URL: http://hackage.haskell.org/trac/ghc/ticket/7919#comment:2 GHC http://www.haskell.org/ghc/ The Glasgow Haskell Compiler