This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

libiberty - Segmentation fault when attempting to delete a non-existent element in a hash table

From: <rocco at tecsiel dot it>
To: gcc-bugs at gcc dot gnu dot org, gcc-patches at gcc dot gnu dot org
Date: Sun, 3 Jul 2016 17:58:03 +0200
Subject: libiberty - Segmentation fault when attempting to delete a non-existent element in a hash table
Authentication-results: sourceware.org; auth=none

Hello people,
the attached C-program can be used to reproduce a segmentation fault
found in libliberty/hashtab.c

I am using a libiberty tar-gzipped source version found in a recent Debian
Archive File (libiberty_20160215.tar.xz) where the first entry in ChangeLog is:
 * 2016-01-27  Iain Buclaw  <ibuclaw@gdcproject.org>

This is the output of the execution of my program before patching the
library:

rocco@nuc.carbo.net 1221> ./bug-remove
Hello world!

  This program creates a hash table with htab_create().
    Then:
      * inserts 2 objects with htab_find_slot(INSERT).
      * delete 1 existent with htab_remove_elt().
      * attempt to delete 1 non existent with htab_remove_elt().
        Boom !!!

Inserting [Hello - 1] ... Ok
Inserting [World! - 2] ... Ok
Searching for [Hello] ... Ok
Searching for [World!] ... Ok
Deleting [Hello] ... Ok
Segmentation fault


And this was the patch I applied in libiberty/libiberty:
rocco@nuc.carbo.net 1222> diff hashtab.c hashtab.c.ORG 
729c729
<   if (!slot || *slot == HTAB_EMPTY_ENTRY)
---
>   if (*slot == HTAB_EMPTY_ENTRY)


Maybe the same error could be also in other different points for
different API functions but I did not check.


/rocco

Attachment: bug-remove.c
Description: Binary data

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]