Bug 40024

Summary: trunk/gcc-4.3/gcc: * emutls.c (emutls_destroy): Don' t fall out of the array bound.
Product: gcc Reporter: Antoine Rozenknop <antoine.rozenknop>
Component: otherAssignee: Not yet assigned to anyone <unassigned>
Status: RESOLVED FIXED    
Severity: critical CC: dje, gcc-bugs, ktietz, rth
Priority: P2    
Version: 4.3.4   
Target Milestone: 4.3.4   
Host: Target: i586-pc-mingw32,powerpc-ibm-aix
Build: Known to work: 4.3.4 4.4.1 4.5.0
Known to fail: 4.3.3 4.4.0 Last reconfirmed:

Description Antoine Rozenknop 2009-05-05 08:14:12 UTC
gcj-compiled multithreaded programs trigger Segmentation Faults in emutls.c:76
This clearly comes from the deletion of an uninitialized pointer.
I found this patch on toolchain-commit, and it works, but it does not seem to be committed to gcc subversion tree.

ref: http://www.mail-archive.com/toolchain-commits@blackfin.uclinux.org/msg01652.html#trunkgcc43gccemutlsc


Modified: trunk/gcc-4.3/gcc/emutls.c (3180 => 3181)


--- trunk/gcc-4.3/gcc/emutls.c	2009-02-12 18:30:30 UTC (rev 3180)
+++ trunk/gcc-4.3/gcc/emutls.c	2009-02-13 09:45:04 UTC (rev 3181)
@@ -70,7 +70,7 @@
   pointer size = arr->size;
   pointer i;
 
-  for (i = 0; i < size; ++i)
+  for (i = 0; i < size - 1; ++i)
     {
       if (arr->data[i])
 	free (arr->data[i][-1]);
Comment 1 David Edelsohn 2009-05-21 12:40:34 UTC
Confirmed
Comment 2 Jakub Jelinek 2009-05-21 12:53:36 UTC
See http://gcc.gnu.org/ml/gcc-patches/2009-05/msg00248.html
Comment 3 Jakub Jelinek 2009-06-01 18:03:41 UTC
Subject: Bug 40024

Author: jakub
Date: Mon Jun  1 18:03:26 2009
New Revision: 148061

URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=148061
Log:
	PR other/40024
	* emutls.c (__emutls_get_address): Change arr->size to mean number
	of allocated arr->data entries instead of # of slots + 1.

Modified:
    trunk/gcc/ChangeLog
    trunk/gcc/emutls.c

Comment 4 Kai Tietz 2009-06-27 16:05:52 UTC
I noticed for version 4.4 (x86_64-*-mingw* and i686-*-mingw*) this issue still exist. On 4.5 branch it is fixed. I would like that it the patch is getting applied on the 4.4.1 branch, too. It fixed a crash in emutls_destroy, we get for 4.4 branch.

Any chance?

Kai
Comment 5 Kai Tietz 2009-06-27 17:50:34 UTC
Subject: Bug 40024

Author: ktietz
Date: Sat Jun 27 17:50:20 2009
New Revision: 149015

URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=149015
Log:
2009-06-27  Kai Tietz  <kai.tietz@onevision.com>

	Merged from trunk rev/148061
	2009-06-01  Jakub Jelinek  <jakub@redhat.com>
	PR other/40024
	* emutls.c (__emutls_get_address): Change arr->size to mean number
	of allocated arr->data entries instead of # of slots + 1.


Modified:
    branches/gcc-4_3-branch/gcc/ChangeLog
    branches/gcc-4_3-branch/gcc/emutls.c

Comment 6 Kai Tietz 2009-06-27 17:52:39 UTC
Subject: Bug 40024

Author: ktietz
Date: Sat Jun 27 17:52:29 2009
New Revision: 149016

URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=149016
Log:
2009-06-27  Kai Tietz  <kai.tietz@onevision.com>

	Merged from trunk rev/148061
	2009-06-01  Jakub Jelinek  <jakub@redhat.com>
	PR other/40024
	* emutls.c (__emutls_get_address): Change arr->size to mean number
	of allocated arr->data entries instead of # of slots + 1.


Modified:
    branches/gcc-4_4-branch/gcc/ChangeLog
    branches/gcc-4_4-branch/gcc/emutls.c

Comment 7 Kai Tietz 2009-06-27 17:56:08 UTC
I did regression test for 4.3 and 4.4 branches and it was successful.
I committed the patch for PR other/40024 to both branches.
Committed revision 149015 for 4.3 branch and committed revision 149016 for 4.4 branch.
Comment 8 Richard Biener 2009-06-27 17:56:28 UTC
Fixed.