Closed GoogleCodeExporter closed 9 years ago
sigh ... seems we're thrashing memory quite happily. valgrinding gcc obscures
the
problem (i.e. gcc doesn't crash), but one of these reported errors (one of the
invalid writes to be precise) probably causes the crash:
Compiler executable checksum: 238504851d240ad16a5b51495855d9c8
==9422== Invalid read of size 1
==9422== at 0x52DBAB: emit_library_call_value_1 (calls.c:3676)
==9422== by 0x52EC07: emit_library_call_value (calls.c:4011)
==9422== by 0x515AAC: expand_builtin_powi (builtins.c:2630)
==9422== by 0x51AD91: expand_builtin (builtins.c:5769)
==9422== by 0x5BC493: expand_expr_real_1 (expr.c:7731)
==9422== by 0x5B947C: expand_expr_real (expr.c:6763)
==9422== by 0x5B3DB9: store_expr (expr.c:4384)
==9422== by 0x5B3869: expand_assignment (expr.c:4263)
==9422== by 0x5BF6AD: expand_expr_real_1 (expr.c:8667)
==9422== by 0x5B947C: expand_expr_real (expr.c:6763)
==9422== by 0x6AB8DA: expand_expr (expr.h:492)
==9422== by 0x6AC141: expand_expr_stmt (stmt.c:1363)
==9422== Address 0x5240808 is 0 bytes after a block of size 16 alloc'd
==9422== at 0x4C2291E: malloc (vg_replace_malloc.c:207)
==9422== by 0x817A9B: xmalloc (xmalloc.c:147)
==9422== by 0x52D911: emit_library_call_value_1 (calls.c:3586)
==9422== by 0x52EC07: emit_library_call_value (calls.c:4011)
==9422== by 0x515AAC: expand_builtin_powi (builtins.c:2630)
==9422== by 0x51AD91: expand_builtin (builtins.c:5769)
==9422== by 0x5BC493: expand_expr_real_1 (expr.c:7731)
==9422== by 0x5B947C: expand_expr_real (expr.c:6763)
==9422== by 0x5B3DB9: store_expr (expr.c:4384)
==9422== by 0x5B3869: expand_assignment (expr.c:4263)
==9422== by 0x5BF6AD: expand_expr_real_1 (expr.c:8667)
==9422== by 0x5B947C: expand_expr_real (expr.c:6763)
==9422==
==9422== Invalid write of size 1
==9422== at 0x52DFBE: emit_library_call_value_1 (calls.c:3722)
==9422== by 0x52EC07: emit_library_call_value (calls.c:4011)
==9422== by 0x515AAC: expand_builtin_powi (builtins.c:2630)
==9422== by 0x51AD91: expand_builtin (builtins.c:5769)
==9422== by 0x5BC493: expand_expr_real_1 (expr.c:7731)
==9422== by 0x5B947C: expand_expr_real (expr.c:6763)
==9422== by 0x5B3DB9: store_expr (expr.c:4384)
==9422== by 0x5B3869: expand_assignment (expr.c:4263)
==9422== by 0x5BF6AD: expand_expr_real_1 (expr.c:8667)
==9422== by 0x5B947C: expand_expr_real (expr.c:6763)
==9422== by 0x6AB8DA: expand_expr (expr.h:492)
==9422== by 0x6AC141: expand_expr_stmt (stmt.c:1363)
==9422== Address 0x5240808 is 0 bytes after a block of size 16 alloc'd
==9422== at 0x4C2291E: malloc (vg_replace_malloc.c:207)
==9422== by 0x817A9B: xmalloc (xmalloc.c:147)
==9422== by 0x52D911: emit_library_call_value_1 (calls.c:3586)
==9422== by 0x52EC07: emit_library_call_value (calls.c:4011)
==9422== by 0x515AAC: expand_builtin_powi (builtins.c:2630)
==9422== by 0x51AD91: expand_builtin (builtins.c:5769)
==9422== by 0x5BC493: expand_expr_real_1 (expr.c:7731)
==9422== by 0x5B947C: expand_expr_real (expr.c:6763)
==9422== by 0x5B3DB9: store_expr (expr.c:4384)
==9422== by 0x5B3869: expand_assignment (expr.c:4263)
==9422== by 0x5BF6AD: expand_expr_real_1 (expr.c:8667)
==9422== by 0x5B947C: expand_expr_real (expr.c:6763)
--9422-- REDIR: 0x4ea1110 (strnlen) redirected to 0x4c23040 (strnlen)
==9422==
==9422== ERROR SUMMARY: 48 errors from 2 contexts (suppressed: 8 from 1)
==9422==
==9422== 24 errors in context 1 of 2:
==9422== Invalid write of size 1
==9422== at 0x52DFBE: emit_library_call_value_1 (calls.c:3722)
==9422== by 0x52EC07: emit_library_call_value (calls.c:4011)
==9422== by 0x515AAC: expand_builtin_powi (builtins.c:2630)
==9422== by 0x51AD91: expand_builtin (builtins.c:5769)
==9422== by 0x5BC493: expand_expr_real_1 (expr.c:7731)
==9422== by 0x5B947C: expand_expr_real (expr.c:6763)
==9422== by 0x5B3DB9: store_expr (expr.c:4384)
==9422== by 0x5B3869: expand_assignment (expr.c:4263)
==9422== by 0x5BF6AD: expand_expr_real_1 (expr.c:8667)
==9422== by 0x5B947C: expand_expr_real (expr.c:6763)
==9422== by 0x6AB8DA: expand_expr (expr.h:492)
==9422== by 0x6AC141: expand_expr_stmt (stmt.c:1363)
==9422== Address 0x5240808 is 0 bytes after a block of size 16 alloc'd
==9422== at 0x4C2291E: malloc (vg_replace_malloc.c:207)
==9422== by 0x817A9B: xmalloc (xmalloc.c:147)
==9422== by 0x52D911: emit_library_call_value_1 (calls.c:3586)
==9422== by 0x52EC07: emit_library_call_value (calls.c:4011)
==9422== by 0x515AAC: expand_builtin_powi (builtins.c:2630)
==9422== by 0x51AD91: expand_builtin (builtins.c:5769)
==9422== by 0x5BC493: expand_expr_real_1 (expr.c:7731)
==9422== by 0x5B947C: expand_expr_real (expr.c:6763)
==9422== by 0x5B3DB9: store_expr (expr.c:4384)
==9422== by 0x5B3869: expand_assignment (expr.c:4263)
==9422== by 0x5BF6AD: expand_expr_real_1 (expr.c:8667)
==9422== by 0x5B947C: expand_expr_real (expr.c:6763)
==9422==
==9422== 24 errors in context 2 of 2:
==9422== Invalid read of size 1
==9422== at 0x52DBAB: emit_library_call_value_1 (calls.c:3676)
==9422== by 0x52EC07: emit_library_call_value (calls.c:4011)
==9422== by 0x515AAC: expand_builtin_powi (builtins.c:2630)
==9422== by 0x51AD91: expand_builtin (builtins.c:5769)
==9422== by 0x5BC493: expand_expr_real_1 (expr.c:7731)
==9422== by 0x5B947C: expand_expr_real (expr.c:6763)
==9422== by 0x5B3DB9: store_expr (expr.c:4384)
==9422== by 0x5B3869: expand_assignment (expr.c:4263)
==9422== by 0x5BF6AD: expand_expr_real_1 (expr.c:8667)
==9422== by 0x5B947C: expand_expr_real (expr.c:6763)
==9422== by 0x6AB8DA: expand_expr (expr.h:492)
==9422== by 0x6AC141: expand_expr_stmt (stmt.c:1363)
==9422== Address 0x5240808 is 0 bytes after a block of size 16 alloc'd
==9422== at 0x4C2291E: malloc (vg_replace_malloc.c:207)
==9422== by 0x817A9B: xmalloc (xmalloc.c:147)
==9422== by 0x52D911: emit_library_call_value_1 (calls.c:3586)
==9422== by 0x52EC07: emit_library_call_value (calls.c:4011)
==9422== by 0x515AAC: expand_builtin_powi (builtins.c:2630)
==9422== by 0x51AD91: expand_builtin (builtins.c:5769)
==9422== by 0x5BC493: expand_expr_real_1 (expr.c:7731)
==9422== by 0x5B947C: expand_expr_real (expr.c:6763)
==9422== by 0x5B3DB9: store_expr (expr.c:4384)
==9422== by 0x5B3869: expand_assignment (expr.c:4263)
==9422== by 0x5BF6AD: expand_expr_real_1 (expr.c:8667)
==9422== by 0x5B947C: expand_expr_real (expr.c:6763)
Original comment by jmoc...@gmail.com
on 10 Feb 2009 at 2:17
the problem appears only with long doubles ...
Original comment by jmoc...@gmail.com
on 10 Feb 2009 at 2:53
the problem does not appear only with long doubles and not only on 64-bit hosts.
it is due to a buffer overflow in calls.c:emit_library_call_value_1(). upper
bound
for indexing a buffer is calculated incorrectly due to using offset instead of
slot_offset of args.
writes past the end of the buffer occur regulary, but only manage to crash the
compiler in the case described above.
tentative fix (to calls.c) was sent to gcc mailing list and is included in r225.
Original comment by jmoc...@gmail.com
on 10 Feb 2009 at 5:13
Original comment by jmoc...@gmail.com
on 13 Feb 2009 at 9:22
Issue 43 has been merged into this issue.
Original comment by jmoc...@gmail.com
on 6 Mar 2009 at 12:22
Original issue reported on code.google.com by
jmoc...@gmail.com
on 10 Feb 2009 at 10:52