This is the mail archive of the
gcc-bugs@gcc.gnu.org
mailing list for the GCC project.
[Bug other/71760] New: libiberty - Segmentation fault when attempting to delete a non-existent element in a hash table
- From: "rocco at tecsiel dot it" <gcc-bugzilla at gcc dot gnu dot org>
- To: gcc-bugs at gcc dot gnu dot org
- Date: Mon, 04 Jul 2016 17:50:50 +0000
- Subject: [Bug other/71760] New: libiberty - Segmentation fault when attempting to delete a non-existent element in a hash table
- Auto-submitted: auto-generated
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=71760
Bug ID: 71760
Summary: libiberty - Segmentation fault when attempting to
delete a non-existent element in a hash table
Product: gcc
Version: unknown
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: other
Assignee: unassigned at gcc dot gnu.org
Reporter: rocco at tecsiel dot it
Target Milestone: ---
Created attachment 38831
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=38831&action=edit
C source file to reproduce the bug
Hello people,
the attached C-program can be used to reproduce a segmentation fault
found in libliberty/hashtab.c
I am using a libiberty tar-gzipped source version found in a recent Debian
Archive File (libiberty_20160215.tar.xz) where the first entry in ChangeLog is:
* 2016-01-27 Iain Buclaw <ibuclaw@gdcproject.org>
This is the output of the execution of my program before patching the
library:
rocco@nuc.carbo.net 1221> ./bug-remove
Hello world!
This program creates a hash table with htab_create().
Then:
* inserts 2 objects with htab_find_slot(INSERT).
* delete 1 existent with htab_remove_elt().
* attempt to delete 1 non existent with htab_remove_elt().
Boom !!!
Inserting [Hello - 1] ... Ok
Inserting [World! - 2] ... Ok
Searching for [Hello] ... Ok
Searching for [World!] ... Ok
Deleting [Hello] ... Ok
Segmentation fault
And this was the patch I applied in libiberty/libiberty:
rocco@nuc.carbo.net 1222> diff hashtab.c hashtab.c.ORG
729c729
< if (!slot || *slot == HTAB_EMPTY_ENTRY)
---
> if (*slot == HTAB_EMPTY_ENTRY)
the same error could be also in other different points for
different API functions but I did not check.
/rocco