Klaus Schmidinger wrote: > Udo Richter wrote: >> Udo Richter wrote: >>> ==4652== Invalid free() / delete / delete[] >>> ==4652== at 0x1B904B04: free (vg_replace_malloc.c:152) >>> ==4652== by 0x8103F5F: cTimer::operator=(cTimer const&) >>> (timers.c:108) >>> ==4652== by 0x80FE349: cSVDRP::CmdMODT(char const*) (svdrp.c:1136) >>> ==4652== by 0x81015C1: cSVDRP::Process() (svdrp.c:1563) >>> ==4652== by 0x80B3458: cInterface::GetKey(bool) (interface.c:37) >>> ==4652== by 0x810D919: main (vdr.c:866) >>> ==4652== Address 0x1BEEAC90 is 0 bytes inside a block of size 63 free'd >>> ==4652== at 0x1B904B04: free (vg_replace_malloc.c:152) >>> ==4652== by 0x8104D6F: cTimer::Parse(char const*) (timers.c:244) >>> ==4652== by 0x80FE493: cSVDRP::CmdMODT(char const*) (svdrp.c:1132) >>> ==4652== by 0x81015C1: cSVDRP::Process() (svdrp.c:1563) >>> ==4652== by 0x80B3458: cInterface::GetKey(bool) (interface.c:37) >>> ==4652== by 0x810D919: main (vdr.c:866) >> >> >> I think I've found it: >> >> This is line 1127 of svdrp.c: >> >> cTimer t = *timer; >> >> Although this looks like it calls cTimer::operator=, it actually calls >> the default copy constructor of cTimer, because in this case = is not >> an assignment, but an initialization. Because of that, the aux field >> is used by both objects, thus the double free. Try this line to see if >> it causes this: >> >> cTimer t; >> t = *timer; > > It's probably best to implement an actual copy-constructor. > > Please try the attached patch, which contains both changes. Opps, sorry, there was a typo. Attached is the correct version. (Never code when in a hurry... ;-) Klaus -------------- next part -------------- A non-text attachment was scrubbed... Name: vdr-1.4.2-1-timerassign.diff Type: text/x-patch Size: 1957 bytes Desc: not available Url : http://www.linuxtv.org/pipermail/vdr/attachments/20060904/eea9575f/vdr-1.4.2-1-timerassign.bin
