Bug 78409 - Segfault in classify_object_over_fdes when throwing an exception
Summary: Segfault in classify_object_over_fdes when throwing an exception
Status: NEW
Alias: None
Product: gcc
Classification: Unclassified
Component: libstdc++ (show other bugs)
Version: 6.2.1
: P3 normal
Target Milestone: ---
Assignee: Not yet assigned to anyone
URL:
Keywords: wrong-code
Depends on:
Blocks:
 
Reported: 2016-11-17 18:59 UTC by Orion Poplawski
Modified: 2021-07-18 23:19 UTC (History)
1 user (show)

See Also:
Host:
Target:
Build:
Known to work:
Known to fail:
Last reconfirmed: 2016-11-18 00:00:00


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Orion Poplawski 2016-11-17 18:59:40 UTC
Running on Fedora rawhide with gcc-6.2.1-2.fc26

Core was generated by `/home/orion/fedora/octave/octave-4.2.0/src/.libs/lt-octave-gui --no-init-path -'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  classify_object_over_fdes (ob=ob@entry=0x7f3a4d3d4910, this_fde=0x7f3a6f220018)
    at ../../../libgcc/unwind-dw2-fde.c:613
613       for (; ! last_fde (ob, this_fde); this_fde = next_fde (this_fde))
(gdb) print ob
$1 = (struct object *) 0x7f3a4d3d4910
(gdb) print this_fde
$2 = (const fde *) 0x7f3a6f220018
(gdb) print *this_fde
Cannot access memory at address 0x7f3a6f220018
(gdb) print *ob
$3 = {pc_begin = 0xffffffffffffffff, tbase = 0x0, dbase = 0x0, u = {single = 0x7f3a6f220018,
    array = 0x7f3a6f220018, sort = 0x7f3a6f220018}, s = {b = {sorted = 0, from_array = 0,
      mixed_encoding = 0, encoding = 255, count = 0}, i = 2040}, next = 0x7f3a4d3c3580}
(gdb) print *(fde *)0x7f3a6f220018
Cannot access memory at address 0x7f3a6f220018

(gdb) bt
#0  0x00007f3a6ba7235e in classify_object_over_fdes (ob=ob@entry=0x7f3a4d3d4910, this_fde=0x7f3a6f220018) at ../../../libgcc/unwind-dw2-fde.c:613
#1  0x00007f3a6ba72859 in init_object (ob=0x7f3a4d3d4910)
    at ../../../libgcc/unwind-dw2-fde.c:749
#2  0x00007f3a6ba72859 in search_object (ob=ob@entry=0x7f3a4d3d4910, pc=pc@entry=0x7f3a6ba7125d <_Unwind_RaiseException+61>) at ../../../libgcc/unwind-dw2-fde.c:961
#3  0x00007f3a6ba730f6 in _Unwind_Find_registered_FDE (bases=0x7f3a516fd2c8, pc=0x7f3a6ba7125d <_Unwind_RaiseException+61>) at ../../../libgcc/unwind-dw2-fde.c:1025
#4  0x00007f3a6ba730f6 in _Unwind_Find_FDE (pc=0x7f3a6ba7125d <_Unwind_RaiseException+61>, bases=bases@entry=0x7f3a516fd2c8) at ../../../libgcc/unwind-dw2-fde-dip.c:454
#5  0x00007f3a6ba6fb93 in uw_frame_state_for (context=context@entry=0x7f3a516fd220, fs=fs@entry=0x7f3a516fd070) at ../../../libgcc/unwind-dw2.c:1241
#6  0x00007f3a6ba70db0 in uw_init_context_1 (context=context@entry=0x7f3a516fd220, outer_cfa=outer_cfa@entry=0x7f3a516fd5d0, outer_ra=0x7f3a6c2464cc <__cxxabiv1::__cxa_throw(void*, std::type_info*, void (*)(void*))+92>) at ../../../libgcc/unwind-dw2.c:1562
#7  0x00007f3a6ba7125e in _Unwind_RaiseException (exc=exc@entry=0x7f3a4c5e7470)
    at ../../../libgcc/unwind.inc:88
#8  0x00007f3a6c2464cc in __cxxabiv1::__cxa_throw(void*, std::type_info*, void (*)(void*)) (obj=obj@entry=0x7f3a4c5e7490, tinfo=0x7f3a6f10f320 <typeinfo for octave::execution_exception>,
    tinfo@entry=0x7f3a6ebd4a98 <typeinfo for octave::execution_exception>, dest=dest@entry=0x7f3a6e1849e0 <octave::execution_exception::~execution_exception()>)
    at ../../../../libstdc++-v3/libsupc++/eh_throw.cc:82
#9  0x00007f3a6e39a5ce in error_1(octave::execution_exception &, std::ostream &, const char *, const char *, const char *, typedef __va_list_tag __va_list_tag *, bool) (e=..., os=..., name=name@entry=0x7f3a6e7a1625 "error", id=id@entry=0x7f3a6e796b04 "", fmt=<optimized out>,
    fmt@entry=0x7f3a6e79b3f7 "%s: unknown %s property %s", args=args@entry=0x7f3a516fd710, with_cfn=false) at libinterp/corefcn/error.cc:512
#10 0x00007f3a6e39a73e in error_1(std::ostream &, const char *, const char *, const char *, typedef __va_list_tag __va_list_tag *, bool) (os=..., name=name@entry=0x7f3a6e7a1625 "error", id=id@entry=0x7f3a6e796b04 "", fmt=0x7f3a6e79b3f7 "%s: unknown %s property %s", args=args@entry=0x7f3a516fd710, with_cfn=with_cfn@entry=false) at libinterp/corefcn/error.cc:522
#11 0x00007f3a6e39a797 in verror(char const*, __va_list_tag*) (fmt=<optimized out>, args=args@entry=0x7f3a516fd710) at libinterp/corefcn/error.cc:528
#12 0x00007f3a6e39a839 in error(char const*, ...) (fmt=fmt@entry=0x7f3a6e79b3f7 "%s: unknown %s property %s") at libinterp/corefcn/error.cc:536
#13 0x00007f3a6e41f28d in validate_property_name(std::__cxx11::string const&, std::__cxx11::string const&, std::set<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::less<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&, caseless_str const&) (who="get", what="axes", pnames=std::set with 142 elements = {...}, pname=...) at libinterp/corefcn/graphics.cc:101
....

(gdb) up
#1  0x00007f3a6ba72859 in init_object (ob=0x7f3a4d3d4910)
    at ../../../libgcc/unwind-dw2-fde.c:749
749               count = classify_object_over_fdes (ob, ob->u.single);
(gdb) print *ob
$5 = {pc_begin = 0xffffffffffffffff, tbase = 0x0, dbase = 0x0, u = {single = 0x7f3a6f220018,
    array = 0x7f3a6f220018, sort = 0x7f3a6f220018}, s = {b = {sorted = 0, from_array = 0,
      mixed_encoding = 0, encoding = 255, count = 0}, i = 2040}, next = 0x7f3a4d3c3580}
Comment 1 Andrew Pinski 2016-11-18 04:17:40 UTC
We need a testcase.
Comment 2 Orion Poplawski 2016-11-22 17:44:55 UTC
So, what exactly can I get you?

I'm building https://www.cora.nwra.com/~orion/fedora/octave-4.2.0-1.fc26.src.rpm on Fedora rawhide.  It fails during the tests:

  libinterp/dldfcn/__osmesa_print__.cc-tst ....................panic: Segmentation fault -- stopping myself...

You can run the test in gdb with:

cd octave-4.2.0
./run-octave -g
gdb> run
octave:1> test __osmesa_print__
Comment 3 Andrew Pinski 2021-07-18 21:55:24 UTC
My bet is the same problem as what is reported here:

https://github.com/void-linux/void-packages/issues/25535

And is fixed with:
https://github.com/void-linux/void-packages/pull/25605/commits/22e78dc1b001bf26908e1d91ab81d706fe035b60

It looks like the order is still broken too.