This is the mail archive of the gcc-bugs@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug other/71760] New: libiberty - Segmentation fault when attempting to delete a non-existent element in a hash table

From: "rocco at tecsiel dot it" <gcc-bugzilla at gcc dot gnu dot org>
To: gcc-bugs at gcc dot gnu dot org
Date: Mon, 04 Jul 2016 17:50:50 +0000
Subject: [Bug other/71760] New: libiberty - Segmentation fault when attempting to delete a non-existent element in a hash table
Auto-submitted: auto-generated

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=71760

            Bug ID: 71760
           Summary: libiberty - Segmentation fault when attempting to
                    delete a non-existent element in a hash table
           Product: gcc
           Version: unknown
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: other
          Assignee: unassigned at gcc dot gnu.org
          Reporter: rocco at tecsiel dot it
  Target Milestone: ---

Created attachment 38831
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=38831&action=edit
C source file to reproduce the bug

Hello people,                                                        
the attached C-program can be used to reproduce a segmentation fault 
found in libliberty/hashtab.c

I am using a libiberty tar-gzipped source version found in a recent Debian 
Archive File (libiberty_20160215.tar.xz) where the first entry in ChangeLog is: 
 * 2016-01-27  Iain Buclaw  <ibuclaw@gdcproject.org> 

This is the output of the execution of my program before patching the 
library:

rocco@nuc.carbo.net 1221> ./bug-remove 
Hello world! 

  This program creates a hash table with htab_create(). 
    Then: 
      * inserts 2 objects with htab_find_slot(INSERT). 
      * delete 1 existent with htab_remove_elt(). 
      * attempt to delete 1 non existent with htab_remove_elt(). 
        Boom !!! 

Inserting [Hello - 1] ... Ok 
Inserting [World! - 2] ... Ok 
Searching for [Hello] ... Ok 
Searching for [World!] ... Ok 
Deleting [Hello] ... Ok 
Segmentation fault 

And this was the patch I applied in libiberty/libiberty: 
rocco@nuc.carbo.net 1222> diff hashtab.c hashtab.c.ORG  
729c729 
<   if (!slot || *slot == HTAB_EMPTY_ENTRY) 
--- 
>   if (*slot == HTAB_EMPTY_ENTRY)

the same error could be also in other different points for 
different API functions but I did not check. 

/rocco

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]