This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/12697] New: 2.13: uflow gets sigsegv in i686 libs on x86_64
- From: "jason.vas.dias at gmail dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sources dot redhat dot com
- Date: Sun, 24 Apr 2011 12:29:25 +0000
- Subject: [Bug libc/12697] New: 2.13: uflow gets sigsegv in i686 libs on x86_64
- Auto-submitted: auto-generated
http://sourceware.org/bugzilla/show_bug.cgi?id=12697
Summary: 2.13: uflow gets sigsegv in i686 libs on x86_64
Product: glibc
Version: 2.13
Status: NEW
Severity: normal
Priority: P2
Component: libc
AssignedTo: drepper.fsp@gmail.com
ReportedBy: jason.vas.dias@gmail.com
Hi - having built the glibc from GIT tagged with 'glibc-2.13' -
this should be 'latest stable build' ? with this toolchain:
$ ( ld --version; gcc --version; ) | grep '[(]G'
GNU ld (GNU Binutils) 2.21.51.20110407
gcc (GCC) 4.6.0
$ gcc -print-multi-os-directory
../lib64
$ gcc -m32 -print-multi-os-directory
../lib32
The installed native x86_64 libraries work flawlessly, and so, it seems,
do the libraries built from same source compiled with:
CC=/usr/bin/gcc' -m32'
LD=/usr/bin/ld' -melf_i386'
AS=/usr/bin/as' -32'
...
I built and install all X-Windows libraries and all GTK dependencies
successfully for 32-bit, running any 'make check' available successfully,
and a working 32-bit xterm, but then I get to trying to build GTK and I
get this error in uflow() on a run of 'gtk-update-icon-cache' , and I
don't think this program is doing anything wrong to cause this
SIGSEGV in glibc :
$ gdb ./gtk-update-icon-cache
GNU gdb (GDB) 7.3.50.20110407-cvs
...
Reading symbols from /tmp/gtk+/gtk/gtk-update-icon-cache...done.
(gdb) start --help
Temporary breakpoint 1 at 0x8049d1a: file /usr/src/gtk+/gtk/updateiconcache.c,
line 1678.
Starting program: /tmp/gtk+/gtk/gtk-update-icon-cache --help
[Thread debugging using libthread_db enabled]
Temporary breakpoint 1, main (argc=2, argv=0xffffdb84) at
/usr/src/gtk+/gtk/updateiconcache.c:1678
(gdb) c
Continuing.
Program received signal SIGSEGV, Segmentation fault.
0xf79c277d in __uflow (fp=0x8051480) at genops.c:394
394 return _IO_UFLOW (fp);
(gdb) where
#0 0xf79c277d in __uflow (fp=0x8051480) at genops.c:394
#1 0xf79bd1e2 in _IO_getc (fp=0x8051480) at getc.c:41
#2 0xf7c936f0 in _g_locale_get_charset_aliases () at
/usr/src/glib/glib/libcharset/localcharset.c:158
#3 0xf7c93926 in _g_locale_charset_unalias (codeset=0xf7a90283
"ANSI_X3.4-1968") at /usr/src/glib/glib/libcharset/localcharset.c:448
#4 0xf7c7af77 in g_utf8_get_charset_internal (a=<synthetic pointer>,
raw_data=0xf7a90283 "ANSI_X3.4-1968") at /usr/src/glib/glib/gutf8.c:495
#5 g_get_charset (charset=0xffffd89c) at /usr/src/glib/glib/gutf8.c:577
#6 0xf7c5375b in g_print (format=0xf7c97412 "%s") at
/usr/src/glib/glib/gmessages.c:1039
#7 0xf7c1b8b7 in print_help (context=<optimized out>, main_help=<optimized
out>, group=0x0) at /usr/src/glib/glib/goption.c:975
#8 0xf7c57ced in g_option_context_parse (context=0x804f478, argc=0xffffdaf0,
argv=0xffffdaf4, error=0x0) at /usr/src/glib/glib/goption.c:1859
#9 0x08049db6 in main (argc=2, argv=0xffffdb84) at
/usr/src/gtk+/gtk/updateiconcache.c:1695
(gdb) list
389 if (save_for_backup (fp, fp->_IO_read_end))
390 return EOF;
391 }
392 else if (_IO_have_backup (fp))
393 INTUSE(_IO_free_backup_area) (fp);
394 return _IO_UFLOW (fp);
395 }
396 libc_hidden_def (__uflow)
397
398 void
(gdb) print fp
$1 = (_IO_FILE *) 0x8051480
(gdb) print *fp
$2 = {_flags = -72539000, _IO_read_ptr = 0x0, _IO_read_end = 0x0, _IO_read_base
= 0x0, _IO_write_base = 0x0, _IO_write_ptr = 0x0, _IO_write_end = 0x0,
_IO_buf_base = 0x0, _IO_buf_end = 0x0, _IO_save_base = 0x0, _IO_backup_base =
0x0, _IO_save_end = 0x0, _markers = 0x0, _chain = 0xf7e653a0, _fileno = 7,
_flags2 =
0, _old_offset = 134549760, _cur_column = 0, _vtable_offset = -83 '\255',
_shortbuf = "\367", _lock = 0x8051518, _offset = -1, _codecvt = 0x0, _wide_data
=
0x8051524, _freeres_list = 0x0, _freeres_buf = 0x28, _freeres_size = 64,
_mode = -1, _unused2 = ", --quiet", ' ' <repeats 18 times>, "Turn off verb"}
(gdb) info macro _IO_UFLOW
The symbol `_IO_UFLOW' has no definition as a C/C++ preprocessor macro
at <user-defined>:-1
(gdb) info symbol _IO_UFLOW
No symbol "_IO_UFLOW" in current context.
(gdb) disass 0xf79c277d
Dump of assembler code for function __uflow:
0xf79c26f0 <+0>: push %esi
0xf79c26f1 <+1>: push %ebx
0xf79c26f2 <+2>: sub $0x8,%esp
0xf79c26f5 <+5>: mov 0x14(%esp),%esi
0xf79c26f9 <+9>: call 0xf7a67a63 <__i686.get_pc_thunk.bx>
0xf79c26fe <+14>: add $0x10d8f6,%ebx
0xf79c2704 <+20>: cmpb $0x0,0x46(%esi)
0xf79c2708 <+24>: jne 0xf79c272a <__uflow+58>
0xf79c270a <+26>: mov -0x120(%ebx),%eax
0xf79c2710 <+32>: test %eax,%eax
0xf79c2712 <+34>: je 0xf79c27b8 <__uflow+200>
0xf79c2718 <+40>: mov 0x68(%esi),%edx
0xf79c271b <+43>: test %edx,%edx
0xf79c271d <+45>: jne 0xf79c27d0 <__uflow+224>
0xf79c2723 <+51>: movl $0xffffffff,0x68(%esi)
0xf79c272a <+58>: mov 0x68(%esi),%ecx
0xf79c272d <+61>: test %ecx,%ecx
0xf79c272f <+63>: je 0xf79c2788 <__uflow+152>
0xf79c2731 <+65>: mov (%esi),%eax
0xf79c2733 <+67>: test $0x8,%ah
0xf79c2736 <+70>: jne 0xf79c27a4 <__uflow+180>
0xf79c2738 <+72>: mov 0x4(%esi),%edx
0xf79c273b <+75>: cmp 0x8(%esi),%edx
0xf79c273e <+78>: jb 0xf79c2800 <__uflow+272>
0xf79c2744 <+84>: mov (%esi),%eax
0xf79c2746 <+86>: test $0x1,%ah
0xf79c2749 <+89>: jne 0xf79c27e8 <__uflow+248>
0xf79c274f <+95>: mov 0x30(%esi),%eax
0xf79c2752 <+98>: test %eax,%eax
0xf79c2754 <+100>: je 0xf79c2810 <__uflow+288>
0xf79c275a <+106>: mov 0x8(%esi),%edx
0xf79c275d <+109>: mov %esi,%eax
0xf79c275f <+111>: call 0xf79c2220 <save_for_backup>
0xf79c2764 <+116>: mov %eax,%edx
0xf79c2766 <+118>: mov $0xffffffff,%eax
0xf79c276b <+123>: test %edx,%edx
0xf79c276d <+125>: jne 0xf79c2780 <__uflow+144>
0xf79c276f <+127>: movsbl 0x46(%esi),%eax
0xf79c2773 <+131>: mov 0x94(%esi,%eax,1),%eax
0xf79c277a <+138>: mov %esi,(%esp)
=> 0xf79c277d <+141>: call *0x14(%eax)
0xf79c2780 <+144>: add $0x8,%esp
0xf79c2783 <+147>: pop %ebx
0xf79c2784 <+148>: pop %esi
0xf79c2785 <+149>: ret
---Type <return> to continue, or q <return> to quit---
0xf79c2786 <+150>: xchg %ax,%ax
0xf79c2788 <+152>: mov -0x120(%ebx),%edx
0xf79c278e <+158>: test %edx,%edx
0xf79c2790 <+160>: je 0xf79c2828 <__uflow+312>
0xf79c2796 <+166>: mov (%esi),%eax
0xf79c2798 <+168>: movl $0xffffffff,0x68(%esi)
0xf79c279f <+175>: test $0x8,%ah
0xf79c27a2 <+178>: je 0xf79c2738 <__uflow+72>
...
(gdb) info reg
eax 0x80511 525585
ecx 0x0 0
edx 0x0 0
ebx 0xf7acfff4 -139657228
esp 0xffffd718 0xffffd718
ebp 0x0 0x0
esi 0x8051480 134550656
edi 0xf7939740 -141322432
eip 0xf79c277d 0xf79c277d <__uflow+141>
eflags 0x10246 [ PF ZF IF RF ]
cs 0x23 35
ss 0x2b 43
ds 0x2b 43
es 0x2b 43
fs 0x0 0
gs 0x63 99
(gdb) p *((void**)0x80511)
Cannot access memory at address 0x80511
(gdb)
So uflow() is calling some function pointer that is set to an invalid or
uninitialized value at genops.c:394 .
Continuing to investigate - I'll post a patch if I find a fix.
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.