c/4391: memcpy(buf, base, len); defunction compiling bind with -O2

georg.wild@gmx.de georg.wild@gmx.de
Tue Sep 25 03:36:00 GMT 2001 

>Number:         4391
>Category:       c
>Synopsis:       memcpy(buf, base, len); defunction compiling bind with -O2
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    unassigned
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Sep 25 03:36:01 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator:     georg.wild@gmx.de
>Release:        latest cvs snapshot
>Organization:
>Environment:
i686-pc-linux-gnu linux 2.2.19 glibc 2.2.4 and mostly newest libraries
>Description:
Sorry, but it was not possible for me producing a compilable example because this bug is somehow connected with libraries and .....! Therefore I'll describe what happens! 
It occurs compiling ftp://ftp.isc.org/isc/bind9/9.2.0rc4/bind-9.2.0rc4.tar.gz and specially libisc.
The position where it is first seen in the main program is in:
isc_result_t
isc_file_progname(const char *filename, char *buf, size_t buflen) {
	const char *base;
	size_t len;

	REQUIRE(filename != NULL);
	REQUIRE(buf != NULL);

	base = isc_file_basename(filename);
	len = strlen(base) + 1;

	if (len > buflen)
		return (ISC_R_NOSPACE);
	memcpy(buf, base, len);

	return (ISC_R_SUCCESS);
}
When reaching the memcpy line, I see in ddd the program returning to the main program without setting ISC_R_SUCCESS. In the asm tab there is a jmp-Funktion. Pressing next in machine code returns directly to the main program!

But I think the real problem is in file.c, because it works when file.c is compiled -O0. -O2 doesn't work. 
Because I don't see any other related function, I think the miscompiled funktion is
const char *
isc_file_basename(const char *filename) {
	char *s;

	REQUIRE(filename != NULL);

	s = strrchr(filename, '/');
	if (s == NULL)
		return (filename);

	return (s + 1);
}
Debugging this piece of code results:
Starting with filename="/root/bind-9.2.0rc4/bin/named/named" s=strrchr(..) results s="/named".  Executing this if statement changes the value of s; it got "/root/bind-..../named". After executing the return function the value of s is "named"; executing the whole procedure returns the right value: "named". But I think there seems to be a somehow wrong memory allocation.
>How-To-Repeat:
Compiliung this bind release in the usual manor.
>Fix:
Compile file.c using -O0.
>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the Gcc-bugs mailing list