Occasionally after editing a large file (over 32MB), joe will coredump on exit and leave its swapfile hanging around. I think the cause is that path.c:mktmp() allocates a stack Obj string for the filename, but since the allocation is done between the "startup_gc = vsmk(1)" at main.c:634 and the "obj_free(startup_gc)" at main.c:707, the filename gets freed, and vmem->name is now a dangling pointer to freed memory. Depending on what the user does after this point, and whether the OS fills freed memory, this can cause a crash inside the "vclose(vmem)" call at main.c:719 when vclose() tries to free vfile->name.
The fix is for mktmp() to call obj_perm(name) before returning, to keep it from getting gc'd.
Log in to post a comment.