When dehydra_visitFunctionDecl is called, it sets *v = NULL. If it's called again with the same 'f', then it reads key = *v, so key = 0. It then calls dehydra_getRootedObject with key = 0, which overwrites the rootedFreeArray root. Eventually GC happens and the unrooted rootedFreeArray gets corrupted. The attached patch adds some assertions to reduce the chance of rootedFreeArray getting silently overwritten. It also ignores all visits to a function decl after the first. (I have no idea *why* a declaration gets visited twice - I've only seen it happen in one instance, in the middle of a load of template code, and can't find a short way to reproduce it.)
Status: NEW → RESOLVED
Last Resolved: 9 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.