Bug #788: r20287 broke rb_str_replace
http://redmine.ruby-lang.org/issues/show/788

Author: Jeremy Kemper
Status: Open, Priority: High
Assigned to: Nobuyoshi Nakada

$ ruby -rrexml/document -e "REXML::Document.new('<a>b</a>')"
ruby(17210) malloc: *** error for object 0xab1f8: pointer being reallocated was not allocated
*** set a breakpoint in malloc_error_break to debug
ruby(17210) malloc: *** error for object 0xab1f8: pointer being reallocated was not allocated
*** set a breakpoint in malloc_error_break to debug
/usr/local/ruby/1.8.7-gc/lib/ruby/1.8/rexml/text.rb:77:in `initialize_copy': failed to allocate memory (NoMemoryError)
	from /usr/local/ruby/1.8.7-gc/lib/ruby/1.8/rexml/text.rb:77:in `clone'
	from /usr/local/ruby/1.8.7-gc/lib/ruby/1.8/rexml/text.rb:77:in `initialize'
	from /usr/local/ruby/1.8.7-gc/lib/ruby/1.8/rexml/parsers/treeparser.rb:43:in `new'
	from /usr/local/ruby/1.8.7-gc/lib/ruby/1.8/rexml/parsers/treeparser.rb:43:in `parse'
	from /usr/local/ruby/1.8.7-gc/lib/ruby/1.8/rexml/document.rb:227:in `build'
	from /usr/local/ruby/1.8.7-gc/lib/ruby/1.8/rexml/document.rb:43:in `initialize'
	from -e:1:in `new'
	from -e:1

$ gdb ruby
GNU gdb 6.3.50-20050815 (Apple version gdb-908) (Tue Feb 19 15:23:53 UTC 2008)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-apple-darwin"...Reading symbols for shared libraries .... done

(gdb) break malloc_error_break
Breakpoint 1 at 0xe812e
(gdb) run -rrexml/document -e "REXML::Document.new('<a>b</a>')"
Starting program: /usr/local/ruby/1.8.7-gc/bin/ruby -rrexml/document -e "REXML::Document.new('<a>b</a>')"
Reading symbols for shared libraries +++... done
Breakpoint 1 at 0x95f43131
ruby(17253) malloc: *** error for object 0xab1f8: pointer being reallocated was not allocated
*** set a breakpoint in malloc_error_break to debug

Breakpoint 1, 0x95f43131 in malloc_error_break ()
(gdb) bt
#0  0x95f43131 in malloc_error_break ()
#1  0x95f3e11f in szone_error ()
#2  0x95e66cbd in szone_realloc ()
#3  0x95e66c0e in malloc_zone_realloc ()
#4  0x95e66b81 in realloc ()
#5  0x0003ccae in ruby_xrealloc (ptr=0xab1f8, size=2) at gc.c:228
#6  0x0008e9c2 in rb_str_resize (str=0, len=700920) at string.c:706
#7  0x00091d12 in rb_str_replace (str=0, str2=28003820) at string.c:2324
#8  0x00024df2 in rb_call0 (klass=28766640, recv=28003780, id=2977, oid=2977, argc=-1073755048, argv=0xbfffcd70, body=0x1b6f110, flags=<value temporarily unavailable, due to optimizations>) at eval.c:5908
#9  0x000259fc in rb_call (klass=28766640, recv=28003780, mid=2977, argc=1, argv=0xbfffcd70, scope=1, self=6) at eval.c:6155
#10 0x0002675d in vafuncall (recv=28003780, mid=2977, n=1, ar=0xbfffcdec) at eval.c:6232
#11 0x000268b1 in rb_funcall (recv=0, mid=2514863270, n=-1073756068) at eval.c:6249
#12 0x000570be in init_copy (dest=28003780, obj=28003820) at object.c:188
#13 0x0005857b in rb_obj_clone (obj=28003780) at object.c:227


----------------------------------------
http://redmine.ruby-lang.org