I've managed to get a segfault in haskell! And without even using the FFI... actually my code uses the FFI, but the changes that triggered the segfault don't involve that, they just use Text.Regex.
The code that triggers the segfault is the function produced by:
filetype_function :: IO (FilePath -> FileType) filetype_function = do binsfile <- def_prefval "binariesfile" "_darcs/prefs/binaries" bins <- (liftM lines $ readFile binsfile) `catch` (\e-> if isDoesNotExistError e then return [] else ioError e) let rs = map (mkRegex.fixregex) bins isbin f = or $ map (\r-> matchRegex r f /= Nothing) rs ftf f = if isbin f then BinaryFile else TextFile in return ftf
and the valgrind report on the segfault is:
==8705== Invalid free() / delete / delete[] ==8705== at 0x4015D6A4: free (vg_clientfuncs.c:185) ==8705== by 0x40399A34: (within /lib/libc-2.3.1.so) ==8705== by 0x40399C13: regfree (in /lib/libc-2.3.1.so) ==8705== by 0x8117683: s67U_entry (in /home/droundy/darcs/darcs) ==8705== Address 0x1 is not stack'd, malloc'd or free'd ==8705== ==8705== Invalid read of size 4 ==8705== at 0x40399A58: (within /lib/libc-2.3.1.so) ==8705== by 0x40399C13: regfree (in /lib/libc-2.3.1.so) ==8705== by 0x8117683: s67U_entry (in /home/droundy/darcs/darcs) ==8705== Address 0x22 is not stack'd, malloc'd or free'd
I've found one possible cause of this: we were calling regfree on the regular expression structure even if regcomp failed. This will be fixed in GHC 6.0.1. Workaround: don't pass any bogus regular expressions to regcomp. Cheers, Simon