Bug 39166 - strlen() crashes with sigsegv on ubuntu 8.10
Summary: strlen() crashes with sigsegv on ubuntu 8.10
Status: RESOLVED INVALID
Alias: None
Product: gcc
Classification: Unclassified
Component: c (show other bugs)
Version: 4.3.2
: P3 normal
Target Milestone: ---
Assignee: Not yet assigned to anyone
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-02-12 10:54 UTC by Andrew Robb
Modified: 2009-02-13 04:05 UTC (History)
2 users (show)

See Also:
Host: i486-linux-gnu
Target: i486-linux-gnu
Build: i486-linux-gnu
Known to work: 4.2.1
Known to fail: 4.3.2
Last reconfirmed:

Attachments
small test file (1.16 KB, text/plain)
2009-02-12 10:58 UTC, Andrew Robb 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andrew Robb 2009-02-12 10:54:03 UTC 
I can print a string with printf("%s", str) but strlen(str) in the next statement fails with Segment fault.

$ gcc -v
Using built-in specs.
Target: i486-linux-gnu
Configured with: ../src/configure -v --with-pkgversion='Ubuntu 4.3.2-1ubuntu12' --with-bugurl=file:///usr/share/doc/gcc-4.3/README.Bugs --enable-languages=c,c++,fortran,objc,obj-c++ --prefix=/usr --enable-shared --with-system-zlib --libexecdir=/usr/lib --without-included-gettext --enable-threads=posix --enable-nls --with-gxx-include-dir=/usr/include/c++/4.3 --program-suffix=-4.3 --enable-clocale=gnu --enable-libstdcxx-debug --enable-objc-gc --enable-mpfr --enable-targets=all --enable-checking=release --build=i486-linux-gnu --host=i486-linux-gnu --target=i486-linux-gnu
Thread model: posix
gcc version 4.3.2 (Ubuntu 4.3.2-1ubuntu12) 

"gcc -g soundex.c -S" gives the following assembler for the 2 calls:
        .loc 1 57 0
        movl    stderr, %edx
        movl    8(%ebp), %eax
        movl    %eax, 8(%esp)
        movl    $.LC7, 4(%esp)
        movl    %edx, (%esp)
        call    fprintf
        .loc 1 58 0
        movl    8(%ebp), %eax
        movl    %eax, (%esp)
        call    strlen
        addl    8(%ebp), %eax
        movl    %eax, 12(%ebp)

"gcc -O3 -fomit-frame-pointer soundex.c -S" gives:
        movl    stderr, %eax
        movl    %esi, 12(%esp)
        movl    $.LC0, 8(%esp)
        movl    $1, 4(%esp)
        movl    %eax, (%esp)
        call    __fprintf_chk
        movl    %esi, (%esp)
        call    strlen
        leal    (%esi,%eax), %edi

Strangely, this optimised code works fine.
Comment 1 Andrew Robb 2009-02-12 10:58:52 UTC 
Created attachment 17285 [details]
small test file

run as:
./soundex burroughs ashcraft brc mcknight mcnaught mcknawt

The optimised code produces:
strlen("burroughs")
B620 burroughs
strlen("ashcraft")
A261 ashcraft
strlen("brc")
B620 brc
strlen("mcknight")
M252 mcknight
strlen("mcnaught")
M252 mcnaught
strlen("mcknawt")
M253 mcknawt

The debug code produces:
strlen("burroughs")
B620 burroughs
strlen("ashcraft")
Segmentation fault
Comment 2 Andrew Robb 2009-02-12 11:26:59 UTC 
I have tested the assembler outputs from the two compilers. Both assembler files were generated with:
gcc -g soundex.c -S -o soundex.s

I then compiled both on the failing platform:
gcc -g soundex.s -o soundex

If I compile the assembler from 4.2.1 with 4.3.2, the program works.

If I compile the assembler from 4.3.2 with 4.3.2, the program fails.
Comment 3 Andrew Robb 2009-02-13 04:05:12 UTC 
Many apologies. The bug was in line 66 of my code: should read:

while (src < end && dst < lim) {

This was polluting the stack - hardly surprising it crashed!