Summary: | xserver_xorg-server-1.15.1 crash on RaspberryPi when compiled with gcc-4.9 | ||
---|---|---|---|
Product: | gcc | Reporter: | Peter Seiderer <ps.report> |
Component: | target | Assignee: | Not yet assigned to anyone <unassigned> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | ramana |
Priority: | P3 | Keywords: | wrong-code |
Version: | 4.9.3 | ||
Target Milestone: | 5.4 | ||
Host: | x86_64 | Target: | arm1176jzf-s arm-buildroot-linux-uclibcgnueabi-gcc |
Build: | Known to work: | 4.8.3, 4.8.4 | |
Known to fail: | 4.9.1, 4.9.3, 5.2.0 | Last reconfirmed: | 2015-10-10 00:00:00 |
Attachments: | Reduces test case from xserver_xorg-server-1.17.2/fb/fbpict.c |
Description
Peter Seiderer
2014-09-23 18:15:04 UTC
Crash still reproducible with buildroot 2015.11-git-00271-g81c4788 (xserver-1.17.2) gcc-4.9.3 and gcc-5.2.0 with optimization for space (-Os). No crash with gcc-5.2.0 and optimization '-O3'... Please try and provide a testcase to figure out what the problem might be. Without this it is very hard to work out what is going on in this particular case. Created attachment 36593 [details]
Reduces test case from xserver_xorg-server-1.17.2/fb/fbpict.c
Reduced (but not yet minimal) test case from the
original xserver_xorg-server-1.17.2/fb/fbpict.c file.
On x86_64:
$ ./fbpict_x86
$ cat my.log
fbGlyphs() pSrc = (nil) pDst = 0x602280 glyphs = 0x6021b0
glyphs = 0x6021b0 - 1
glyphs = 0x6021b8 - 2
glyphs = 0x602070 - 3
glyphs = 0x6021b8 - 1
glyphs = 0x6021c0 - 2
glyphs = 0x6020b0 - 3
glyphs = 0x6021c0 - 1
glyphs = 0x6021c8 - 2
glyphs = 0x6020f0 - 3
glyphs = 0x6021c8 - 1
glyphs = 0x6021d0 - 2
glyphs = 0x602130 - 3
glyphs = 0x6021d0 - 1
glyphs = 0x6021d8 - 2
glyphs = 0x602170 - 3
On Raspberry Pi (arm):
$ ./fbpict_arm
Segmentation fault
$ cat my.log
fbGlyphs() pSrc = (nil) pDst = 0x20c24 glyphs = 0x20ce4
glyphs = 0x20ce4 - 1
$ gdb ./fbpict_arm
(gdb) run
Starting program: /root/gcc_bug_63346/fbpict_arm
Program received signal SIGSEGV, Segmentation fault.
fbGlyphs (op=op@entry=0 '\000', pSrc=0x5, pSrc@entry=0x0, pDst=0x0,
pDst@entry=0x20c24 <pictureRec.5609>, maskFormat=0x5,
maskFormat@entry=0x0, xSrc=xSrc@entry=10, ySrc=ySrc@entry=10, nlist=-1,
nlist@entry=5, list=list@entry=0x20c6c <glyphList.5618>, glyphs=0x5,
glyphs@entry=0x20ce4 <glyph>) at fbpict.c:59
59 glyph = *glyphs++;
(gdb) disassemble
...
0x00010658 <+272>: beq 0x10794 <fbGlyphs+588>
0x0001065c <+276>: ldrsh r3, [r4, #-12]
0x00010660 <+280>: add r10, r10, r3
0x00010664 <+284>: ldrsh r3, [r4, #-10]
0x00010668 <+288>: add r11, r11, r3
0x0001066c <+292>: ldrb r3, [r4, #-8]
0x00010670 <+296>: str r3, [sp, #52] ; 0x34
0x00010674 <+300>: ldr r3, [sp, #52] ; 0x34
0x00010678 <+304>: cmp r3, #0
0x0001067c <+308>: beq 0x10780 <fbGlyphs+568>
0x00010680 <+312>: add r3, sp, #6336 ; 0x18c0
0x00010684 <+316>: ldr r1, [r3]
0x00010688 <+320>: ldr r0, [pc, #684] ; 0x1093c <fbGlyphs+1012>
0x0001068c <+324>: bl 0x1098c <my_printf>
=> 0x00010690 <+328>: ldr r3, [r2]
0x00010694 <+332>: add r2, sp, #6336 ; 0x18c0
0x00010698 <+336>: ldr r7, [r3], #4
0x0001069c <+340>: ldr r0, [pc, #668] ; 0x10940 <fbGlyphs+1016>
0x000106a0 <+344>: str r3, [r2]
0x000106a4 <+348>: ldr r1, [r2]
0x000106a8 <+352>: bl 0x1098c <my_printf>
0x000106ac <+356>: mov r1, r7
0x000106b0 <+360>: ldr r0, [pc, #652] ; 0x10944 <fbGlyphs+1020>
0x000106b4 <+364>: bl 0x1098c <my_printf>
0x000106b8 <+368>: ldr r3, [pc, #632] ; 0x10938 <fbGlyphs+1008>
0x000106bc <+372>: mov r2, #0
0x000106c0 <+376>: mov r1, r7
0x000106c4 <+380>: ldr r0, [r3]
0x000106c8 <+384>: bl 0x10970 <pixman_glyph_cache_lookup>
0x000106cc <+388>: subs r9, r0, #0
0x000106d0 <+392>: bne 0x10748 <fbGlyphs+512>
0x000106d4 <+396>: ldr r1, [sp, #84] ; 0x54
0x000106d8 <+400>: mov r0, r7
0x000106dc <+404>: bl 0x10978 <GetGlyphPicture>
Does this work in GCC 5.4.0? Seems to be fixed in 5.4.0, tested with the original buildroot/xserver/dillo testcase (with up to date buildroot) and the provided fbpict.c testcase. Fixed then. |