The following program archives a vector of one string to the file "/tmp/foo" and then immediately un-archives "/tmp/foo" into an empty vector of strings. Deep in the bowels of the un-archiving process, malloc reports a bad call to free as noted in the comments at the end of the program. The bad call to free is made during a call to string.reserve(). Varying the program shows that the bad free occurs once for each element in the vector and is always the same address. The behavior is consistent across text, binary and xml archivers as well as vectors and maps of strings. Under different conditions the same error occurs during a call to string.assign(). I have tried gcc3.3/4.0 and 4.1 with no change in the results. My current work-around is to use vector<char> instead of string.

I am hoping that someone will be willing to help me debug this problem. I am running on a PPC Mac using the darwin ports development environment:

Darwin mars.notlem.com 8.7.0 Darwin Kernel Version 8.7.0: Fri May 26 15:20:53 PDT 2006; root:xnu-792.6.76.obj~1/RELEASE_PPC Power Macintosh powerpc
boost @1.33.1_0
gcc41 @4.1.1_0+darwin_8

cheers,
mark

=========================================================================
#include <iostream>
#include <fstream>
#include <vector>
#include <string>
#include <boost/archive/xml_iarchive.hpp>
#include <boost/archive/xml_oarchive.hpp>
#include <boost/serialization/utility.hpp>
#include <boost/serialization/vector.hpp>
#include <boost/serialization/string.hpp>

using namespace std;

int main(int argc, char const **argv)
{
    typedef vector<string> string_vector_t;
    string_vector_t output, input;
    output.push_back("a string");

    {
ofstream ofs("/tmp/foo");
assert(ofs.good());
boost::archive::xml_oarchive archiver(ofs);
archiver << BOOST_SERIALIZATION_NVP(output);
    }

    {
ifstream ifs("/tmp/foo");
assert(ifs.good());
boost::archive::xml_iarchive archiver(ifs);
archiver >> BOOST_SERIALIZATION_NVP(input);
    }

    return 0;
}


// $ ./bug
// bug(27658) malloc: ***  Deallocation of a pointer not malloced: 0x209c33c; This could be a double free(), or free() called with the middle of an allocated block; Try setting environment variable MallocHelp to see tools to help debug

================================================================================


#0  0x9000621c in free ()
#1  0x94afb8ec in std::string::_Rep::_M_destroy ()
#2  0x94afe6d0 in std::string::reserve ()
#3  0x0007617c in boost::archive::basic_xml_grammar<char>::my_parse ()
#4  0x000769b8 in boost::archive::basic_xml_grammar<char>::parse_start_tag ()
#5  0x00076c70 in boost::archive::basic_xml_iarchive<boost::archive::xml_iarchive>::load_start ()
#6  0x00004fc4 in boost::archive::detail::iserializer<boost::archive::xml_iarchive, std::vector<std::string, std::allocator<std::string> > >::load_object_data (this=0x300eb0, ar=@0xbfffe9d8, x=0xbfffed00, file_version=62) at /opt/local/include/boost/archive/basic_xml_iarchive.hpp:79
#7  0x000638e8 in boost::archive::detail::basic_iarchive::load_object ()
#8  0x00002d3c in main (argc=3149488, argv=0xbfffe9d8) at /opt/local/include/boost/archive/detail/iserializer.hpp:375