The copy constructor and assignment operator for af::index are not explicitly defined so their are created by the compiler, who just copies the impl private member. If af::index contains an af_array that array handle is copied without increasing the reference count. This leads to a double free when both the original and the new af::index are destroyed.
The following code exemplifies the problem:
#include <arrayfire.h>
int main(int argc, char ** argv){
af::array A = af::constant(0,1, s32);
af::index s1;
// This will just copy the members of af::index,
// using an implicit assignment operator,
// without updating the reference counting
s1 = af::index(A);
if(argc > 1){
// without this A will be released twice, once
// during the destructor of A and once during
// the destructor of s1.
af_array tmp;
af_retain_array(&tmp, s1.get().idx.arr);
}
return 0;
}
When run with no arguments on my machine it outputs:
index_copy(8076,0x7fff7dac3300) malloc: *** error for object 0x7fdd850e6470: pointer being freed was not allocated
*** set a breakpoint in malloc_error_break to debug
Abort trap: 6
the result of the double free.
The copy constructor and assignment operator for af::index are not explicitly defined so their are created by the compiler, who just copies the impl private member. If af::index contains an af_array that array handle is copied without increasing the reference count. This leads to a double free when both the original and the new af::index are destroyed.
The following code exemplifies the problem:
When run with no arguments on my machine it outputs:
the result of the double free.