[Bug libstdc++/59392] New: crash on throw from "unexpected exception" handler with ARM EABI unwinder
roland at gnu dot org
gcc-bugzilla@gcc.gnu.org
Thu Dec 5 00:10:00 GMT 2013
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=59392
Bug ID: 59392
Summary: crash on throw from "unexpected exception" handler
with ARM EABI unwinder
Product: gcc
Version: 4.9.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: libstdc++
Assignee: unassigned at gcc dot gnu.org
Reporter: roland at gnu dot org
Target: arm-linux-gnueabihf
Created attachment 31382
--> http://gcc.gnu.org/bugzilla/attachment.cgi?id=31382&action=edit
test case
I've observed this on trunk and on 4.6.3, but I think the bug has been there
since the introduction of ARM EABI unwinding in 4.2.
The attached test case crashes with a null pointer dereference (producing no
output) on ARM/EABI targets. On other targets (I only tested
x86_64-linux-gnu), it correctly crashes via abort after emitting a message
(i.e. std::terminate runs). The original case was more complex and used
std::set_terminate to set a handler that used longjmp, avoiding the abort. For
the test suite, it's probably most convenient to do that (or just exit with an
expected code in the terminate handler) rather than to detect that the default
std::terminate crash happened correctly vs a different crash.
The bug comes about in an obvious and straightforward way. But I don't know
the libsupc++ internals well enough to suggest an appropriate fix off hand.
What happens is that libstdc++-v3/libsupc++/eh_call.cc:__cxa_call_unexpected
does:
if (catch_type->__do_catch(&bad_exc, 0, 1))
i.e., passes a null pointer as the second argument to the __do_catch method.
libstdc++-v3/libsupc++/class_type_info.cc:__do_catch passes this argument on as
the second argument to __do_upcast.
In libstdc++-v3/libsupc++/class_type_info.cc:__do_upcast there is:
__do_upcast (dst_type, *obj_ptr, result);
i.e., unconditionally dereferencing OBJ_PTR (the second argument).
I'd like to see this get fixed on the trunk and 4.8 at least.
I'd be glad to pursue the fix myself if I had any idea what it should be.
More information about the Gcc-bugs
mailing list