This is the mail archive of the mailing list for the GCC project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

libiberty - Segmentation fault when attempting to delete a non-existent element in a hash table

Hello people,
the attached C-program can be used to reproduce a segmentation fault
found in libliberty/hashtab.c

I am using a libiberty tar-gzipped source version found in a recent Debian
Archive File (libiberty_20160215.tar.xz) where the first entry in ChangeLog is:
 * 2016-01-27  Iain Buclaw  <>

This is the output of the execution of my program before patching the
library: 1221> ./bug-remove
Hello world!

  This program creates a hash table with htab_create().
      * inserts 2 objects with htab_find_slot(INSERT).
      * delete 1 existent with htab_remove_elt().
      * attempt to delete 1 non existent with htab_remove_elt().
        Boom !!!

Inserting [Hello - 1] ... Ok
Inserting [World! - 2] ... Ok
Searching for [Hello] ... Ok
Searching for [World!] ... Ok
Deleting [Hello] ... Ok
Segmentation fault

And this was the patch I applied in libiberty/libiberty: 1222> diff hashtab.c hashtab.c.ORG 
<   if (!slot || *slot == HTAB_EMPTY_ENTRY)
>   if (*slot == HTAB_EMPTY_ENTRY)

Maybe the same error could be also in other different points for
different API functions but I did not check.


Attachment: bug-remove.c
Description: Binary data

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]