Main Site Documentation

Lynx - Pointer double delete


#1

I mentioned before that I suspected a memory issue, it looks like the current library code in the GIT repository (11/10/2013) has a double delete issue.

For example:

IO60P16.cpp has the following destructor


IO60P16::~IO60P16() {
	delete this->io60Chip;
}

This deletes the I2CDevice instance for the IO60P16. This destructor is indirectly invoked by the following line in the FEZLynzS4 destructor.


delete this->Extender;

After this the Mainboard destructor runs and deletes all the I2CDevice instances in the linked list tracking the I2CDevices.


for (I2CBus* current = (I2CBus*)this->i2cBusses.startV(); !this->i2cBusses.ended();  current = (I2CBus*)this->i2cBusses.nextV())
		delete current;

The problem is that the IO60P16 I2CDevice had already been deleted, but was not removed from the list, so the Mainboard destructor is performing a secondary delete on this pointer. Which is undefined behavior and is likely to cause really hard to track down bugs in user projects.

I suspect similar issues might exist with all the devices being tracked like this, but I have not investigated these lines yet.

Possible solutions:
[ol]Track the pointer with std::shared_ptr
Add a releaseI2CDevice(I2CDevice*) method to the I2CBus which is responsible for deleting the pointer and removing it from the collection. This should be called instead of delete.[/ol]
These are 2 quick and dirty solutions, otherwise you might need a more elaborate rework of the interface, but to be honest, I have not put much thought into it.

I hope I have been able to explain the path through the code clearly, if not please ping me I would be happy to work with you to get this resolved.


#2

Thanks, we’ll take a look at it. A lot of the code is still being worked on and needs some final polish, so a few more bugs like this will probably pop up.


#3

@ John - It is a pleasure. Btw. The library looks good, I think I am going to enjoy playing with it.