This is the mail archive of the
gcc-bugs@gcc.gnu.org
mailing list for the GCC project.
[Bug c/61236] New: GCC 4.9 generates incorrect object code
- From: "muks at banu dot com" <gcc-bugzilla at gcc dot gnu dot org>
- To: gcc-bugs at gcc dot gnu dot org
- Date: Mon, 19 May 2014 17:39:36 +0000
- Subject: [Bug c/61236] New: GCC 4.9 generates incorrect object code
- Auto-submitted: auto-generated
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61236
Bug ID: 61236
Summary: GCC 4.9 generates incorrect object code
Product: gcc
Version: 4.9.1
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
Assignee: unassigned at gcc dot gnu.org
Reporter: muks at banu dot com
Hi all
This is a bug report from the BIND DNS project team at ISC.org. We have
a report to make of buggy code generated with GCC 4.9.0, and we request
a C compiler developer to take a look.
For the purpose of this ticket, you will have to look at source
code. All code mentioned here is under the ISC license (free software
license equivalent to MIT license). I have not been successful in making
an isolated testcase, but I'll instead describe our analysis.
The bug first was reported a few days ago on the Arch Linux bug tracker
against BIND 9.10.0: https://bugs.archlinux.org/task/40304
They had recently switched the system gcc compiler to:
gcc version 4.9.1 20140507 (prerelease) (GCC)
and built the BIND package with this compiler.
We had not seen such a crash on any of our builders or even our
development environments. When we looked at it, it was an assertion
being triggered in code that is similar to this:
----
void
crashing_function(void) {
/* some code */
if (some_condition) {
goto free_and_exit;
}
/* some more code */
free_and_exit:
if (ptr != NULL) {
internal_mem_free(ptr, sizeof_ptr);
}
}
void
internal_mem_free(void *ptr, size_t size) {
assert(ptr != NULL);
UNUSED(size);
free(ptr);
}
----
>From the above, it is obvious that the assertion inside
internal_mem_free() cannot fail. Yet this is what is happening and is
the bug.
You can find the code in question here:
ftp://ftp.isc.org/isc/bind9/9.10.0-P1/bind-9.10.0-P1.tar.gz
Open dns_rdataslab_fromrdataset()'s definition in lib/dns/rdataslab.c.
It has the following code at the end of the function:
----
free_rdatas:
if (x != NULL)
isc_mem_put(mctx, x, nalloc * sizeof(struct xrdata));
return (result);
}
----
The isc__mem_put() function [called by isc_mem_put() macro] asserts that
x is not NULL as a prerequisite, and this assertion fails.
The bug has also been reported on other operating systems such as LFS
and also Fedora 20 with a locally built GCC 4.9. If you need any help
in compiling the BIND tree, please ask us via email, or in #bind on
irc.freenode.net, but it should be as simple as ./configure && make.
Running the 'dnssec' system test will reproduce the assertion
failure. If you want help on running the test too, please ask.
To run the system test after successful configure and make, you'll have
to run (as root):
# sh bin/tests/system/ifconfig.sh up
to setup local interface addresses that the tests use.
Then (as a user):
$ cd bin/tests/system/
$ #ulimit -c unlimited # if necessary, to dump core
$ sh ./run.sh dnssec
Core files should be inside bin/tests/system/dnssec/ tree after the
assertion fails.
I'll follow up with an analysis of the generated x86_64 object code for
dns_rdataslab_fromrdataset() from our internal bug tracker that points
out the bug in generated object code.