* [Bug libstdc++/11352] crash while internal padding numeric 0
2003-06-27 13:48 [Bug libstdc++/11352] New: crash while internal padding numeric 0 david dot asher at cavium dot com
@ 2003-06-27 13:50 ` david dot asher at cavium dot com
2003-06-27 21:49 ` paolo at gcc dot gnu dot org
` (13 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: david dot asher at cavium dot com @ 2003-06-27 13:50 UTC (permalink / raw)
To: gcc-bugs
PLEASE REPLY TO gcc-bugzilla@gcc.gnu.org ONLY, *NOT* gcc-bugs@gcc.gnu.org.
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=11352
------- Additional Comments From david dot asher at cavium dot com 2003-06-27 13:50 -------
Created an attachment (id=4294)
--> (http://gcc.gnu.org/bugzilla/attachment.cgi?id=4294&action=view)
patch to locale_facets.tcc to fix bug 11352
I didn't know I could add patches later... So here it is
^ permalink raw reply [flat|nested] 16+ messages in thread
* [Bug libstdc++/11352] crash while internal padding numeric 0
2003-06-27 13:48 [Bug libstdc++/11352] New: crash while internal padding numeric 0 david dot asher at cavium dot com
2003-06-27 13:50 ` [Bug libstdc++/11352] " david dot asher at cavium dot com
@ 2003-06-27 21:49 ` paolo at gcc dot gnu dot org
2003-07-20 20:48 ` pinskia at physics dot uc dot edu
` (12 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: paolo at gcc dot gnu dot org @ 2003-06-27 21:49 UTC (permalink / raw)
To: gcc-bugs
PLEASE REPLY TO gcc-bugzilla@gcc.gnu.org ONLY, *NOT* gcc-bugs@gcc.gnu.org.
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=11352
paolo at gcc dot gnu dot org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |WAITING
------- Additional Comments From paolo at gcc dot gnu dot org 2003-06-27 21:49 -------
Could you possibly provide also a self-contained testcase?
If so, I will test and commit both ASAP (your only name in the Changelog ;)
Thanks, Paolo.
^ permalink raw reply [flat|nested] 16+ messages in thread
* [Bug libstdc++/11352] crash while internal padding numeric 0
2003-06-27 13:48 [Bug libstdc++/11352] New: crash while internal padding numeric 0 david dot asher at cavium dot com
2003-06-27 13:50 ` [Bug libstdc++/11352] " david dot asher at cavium dot com
2003-06-27 21:49 ` paolo at gcc dot gnu dot org
@ 2003-07-20 20:48 ` pinskia at physics dot uc dot edu
2003-08-03 19:00 ` neroden at gcc dot gnu dot org
` (11 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: pinskia at physics dot uc dot edu @ 2003-07-20 20:48 UTC (permalink / raw)
To: gcc-bugs
PLEASE REPLY TO gcc-bugzilla@gcc.gnu.org ONLY, *NOT* gcc-bugs@gcc.gnu.org.
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=11352
pinskia at physics dot uc dot edu changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|WAITING |NEW
Ever Confirmed| |1
Last reconfirmed|0000-00-00 00:00:00 |2003-07-20 20:48:02
date| |
------- Additional Comments From pinskia at physics dot uc dot edu 2003-07-20 20:48 -------
Test case recieved.
^ permalink raw reply [flat|nested] 16+ messages in thread
* [Bug libstdc++/11352] crash while internal padding numeric 0
2003-06-27 13:48 [Bug libstdc++/11352] New: crash while internal padding numeric 0 david dot asher at cavium dot com
` (2 preceding siblings ...)
2003-07-20 20:48 ` pinskia at physics dot uc dot edu
@ 2003-08-03 19:00 ` neroden at gcc dot gnu dot org
2003-12-19 9:57 ` pinskia at gcc dot gnu dot org
` (10 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: neroden at gcc dot gnu dot org @ 2003-08-03 19:00 UTC (permalink / raw)
To: gcc-bugs
PLEASE REPLY TO gcc-bugzilla@gcc.gnu.org ONLY, *NOT* gcc-bugs@gcc.gnu.org.
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=11352
neroden at gcc dot gnu dot org changed:
What |Removed |Added
----------------------------------------------------------------------------
AssignedTo|unassigned at gcc dot gnu |paolo at gcc dot gnu dot org
|dot org |
Status|NEW |ASSIGNED
------- Additional Comments From neroden at gcc dot gnu dot org 2003-08-03 19:00 -------
You claimed you'd take care of it. :-)
^ permalink raw reply [flat|nested] 16+ messages in thread
* [Bug libstdc++/11352] crash while internal padding numeric 0
2003-06-27 13:48 [Bug libstdc++/11352] New: crash while internal padding numeric 0 david dot asher at cavium dot com
` (3 preceding siblings ...)
2003-08-03 19:00 ` neroden at gcc dot gnu dot org
@ 2003-12-19 9:57 ` pinskia at gcc dot gnu dot org
2003-12-19 10:01 ` paolo at gcc dot gnu dot org
` (9 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: pinskia at gcc dot gnu dot org @ 2003-12-19 9:57 UTC (permalink / raw)
To: gcc-bugs
--
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|3.4.0 |---
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=11352
^ permalink raw reply [flat|nested] 16+ messages in thread
* [Bug libstdc++/11352] crash while internal padding numeric 0
2003-06-27 13:48 [Bug libstdc++/11352] New: crash while internal padding numeric 0 david dot asher at cavium dot com
` (4 preceding siblings ...)
2003-12-19 9:57 ` pinskia at gcc dot gnu dot org
@ 2003-12-19 10:01 ` paolo at gcc dot gnu dot org
2004-01-14 3:17 ` pinskia at gcc dot gnu dot org
` (8 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: paolo at gcc dot gnu dot org @ 2003-12-19 10:01 UTC (permalink / raw)
To: gcc-bugs
--
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|--- |3.4.0
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=11352
^ permalink raw reply [flat|nested] 16+ messages in thread
* [Bug libstdc++/11352] crash while internal padding numeric 0
2003-06-27 13:48 [Bug libstdc++/11352] New: crash while internal padding numeric 0 david dot asher at cavium dot com
` (5 preceding siblings ...)
2003-12-19 10:01 ` paolo at gcc dot gnu dot org
@ 2004-01-14 3:17 ` pinskia at gcc dot gnu dot org
2004-02-14 4:02 ` ian at wasabisystems dot com
` (7 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: pinskia at gcc dot gnu dot org @ 2004-01-14 3:17 UTC (permalink / raw)
To: gcc-bugs
------- Additional Comments From pinskia at gcc dot gnu dot org 2004-01-14 03:17 -------
Is this a regression, if not please move the target then.
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=11352
^ permalink raw reply [flat|nested] 16+ messages in thread
* [Bug libstdc++/11352] crash while internal padding numeric 0
2003-06-27 13:48 [Bug libstdc++/11352] New: crash while internal padding numeric 0 david dot asher at cavium dot com
` (6 preceding siblings ...)
2004-01-14 3:17 ` pinskia at gcc dot gnu dot org
@ 2004-02-14 4:02 ` ian at wasabisystems dot com
2004-02-14 8:03 ` pcarlini at suse dot de
` (6 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: ian at wasabisystems dot com @ 2004-02-14 4:02 UTC (permalink / raw)
To: gcc-bugs
------- Additional Comments From ian at wasabisystems dot com 2004-02-14 04:02 -------
I don't think it's possible to recreate this problem amy more, but I think that
it still exists. __pad<_CharT, _Traits>::_S_pad in locale_facets.tcc looks at
the contents of __olds without checking __oldlen. This is called from
num_put<_CharT, _OutIter>::_M_pad, which is called from, among other places,
num_put<_CharT, _OutIter>::_M_insert_int. _M_insert_int calls alloca(), and
formats an integer into the returned buffer. The integer is formatted
right-justified in the buffer. It is possible for this buffer to hold "0".
When _S_pad is called via this call path, if the first character in the argument
is "0", it will look at the second character without checking whether __oldlen
is greater than 1. That means that it will look at the character past the end
of the buffer, which is some random value on the stack. Everything will be fine
unless that random value happens to be 'x' or 'X'. This is a very difficult bug
to recreate, since there is no real way to control the contents of the stack at
that point. But it does appear to be a real bug.
It might be possible to recreate the bug on the tree-ssa branch by building
libstdc++-v3 with -fmudflap.
--
What |Removed |Added
----------------------------------------------------------------------------
CC| |ian at wasabisystems dot com
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=11352
^ permalink raw reply [flat|nested] 16+ messages in thread
* [Bug libstdc++/11352] crash while internal padding numeric 0
2003-06-27 13:48 [Bug libstdc++/11352] New: crash while internal padding numeric 0 david dot asher at cavium dot com
` (7 preceding siblings ...)
2004-02-14 4:02 ` ian at wasabisystems dot com
@ 2004-02-14 8:03 ` pcarlini at suse dot de
2004-02-15 17:19 ` cvs-commit at gcc dot gnu dot org
` (5 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: pcarlini at suse dot de @ 2004-02-14 8:03 UTC (permalink / raw)
To: gcc-bugs
------- Additional Comments From pcarlini at suse dot de 2004-02-14 08:03 -------
Ian, I agree completely with your analysis.
Next week will apply the fix to both 3_4 and mainline (and perhaps 3_3 too, as
soon as the branch reopens).
Too bad that it's really difficult to create a testcase :(
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=11352
^ permalink raw reply [flat|nested] 16+ messages in thread
* [Bug libstdc++/11352] crash while internal padding numeric 0
2003-06-27 13:48 [Bug libstdc++/11352] New: crash while internal padding numeric 0 david dot asher at cavium dot com
` (8 preceding siblings ...)
2004-02-14 8:03 ` pcarlini at suse dot de
@ 2004-02-15 17:19 ` cvs-commit at gcc dot gnu dot org
2004-02-15 17:33 ` cvs-commit at gcc dot gnu dot org
` (4 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: cvs-commit at gcc dot gnu dot org @ 2004-02-15 17:19 UTC (permalink / raw)
To: gcc-bugs
------- Additional Comments From cvs-commit at gcc dot gnu dot org 2004-02-15 17:19 -------
Subject: Bug 11352
CVSROOT: /cvs/gcc
Module name: gcc
Changes by: paolo@gcc.gnu.org 2004-02-15 17:19:03
Modified files:
libstdc++-v3 : ChangeLog
libstdc++-v3/include/bits: locale_facets.tcc
Log message:
2004-02-15 David Asher <david.asher@cavium.com>
PR libstdc++/11352
* include/bits/locale_facets.tcc (__pad<>::_S_pad): Don't
access __olds beyond __oldlen.
Patches:
http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/libstdc++-v3/ChangeLog.diff?cvsroot=gcc&r1=1.2331&r2=1.2332
http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/libstdc++-v3/include/bits/locale_facets.tcc.diff?cvsroot=gcc&r1=1.169&r2=1.170
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=11352
^ permalink raw reply [flat|nested] 16+ messages in thread
* [Bug libstdc++/11352] crash while internal padding numeric 0
2003-06-27 13:48 [Bug libstdc++/11352] New: crash while internal padding numeric 0 david dot asher at cavium dot com
` (9 preceding siblings ...)
2004-02-15 17:19 ` cvs-commit at gcc dot gnu dot org
@ 2004-02-15 17:33 ` cvs-commit at gcc dot gnu dot org
2004-02-15 17:34 ` pcarlini at suse dot de
` (3 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: cvs-commit at gcc dot gnu dot org @ 2004-02-15 17:33 UTC (permalink / raw)
To: gcc-bugs
------- Additional Comments From cvs-commit at gcc dot gnu dot org 2004-02-15 17:33 -------
Subject: Bug 11352
CVSROOT: /cvs/gcc
Module name: gcc
Branch: gcc-3_4-branch
Changes by: paolo@gcc.gnu.org 2004-02-15 17:33:20
Modified files:
libstdc++-v3 : ChangeLog
libstdc++-v3/include/bits: locale_facets.tcc
Log message:
2004-02-15 David Asher <david.asher@cavium.com>
PR libstdc++/11352
* include/bits/locale_facets.tcc (__pad<>::_S_pad): Don't
access __olds beyond __oldlen.
Patches:
http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/libstdc++-v3/ChangeLog.diff?cvsroot=gcc&only_with_tag=gcc-3_4-branch&r1=1.2224.2.36&r2=1.2224.2.37
http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/libstdc++-v3/include/bits/locale_facets.tcc.diff?cvsroot=gcc&only_with_tag=gcc-3_4-branch&r1=1.166.2.3&r2=1.166.2.4
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=11352
^ permalink raw reply [flat|nested] 16+ messages in thread
* [Bug libstdc++/11352] crash while internal padding numeric 0
2003-06-27 13:48 [Bug libstdc++/11352] New: crash while internal padding numeric 0 david dot asher at cavium dot com
` (10 preceding siblings ...)
2004-02-15 17:33 ` cvs-commit at gcc dot gnu dot org
@ 2004-02-15 17:34 ` pcarlini at suse dot de
2004-05-26 13:58 ` cvs-commit at gcc dot gnu dot org
` (2 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: pcarlini at suse dot de @ 2004-02-15 17:34 UTC (permalink / raw)
To: gcc-bugs
------- Additional Comments From pcarlini at suse dot de 2004-02-15 17:34 -------
Fixed for 3.4.0.
--
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution| |FIXED
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=11352
^ permalink raw reply [flat|nested] 16+ messages in thread
* [Bug libstdc++/11352] crash while internal padding numeric 0
2003-06-27 13:48 [Bug libstdc++/11352] New: crash while internal padding numeric 0 david dot asher at cavium dot com
` (11 preceding siblings ...)
2004-02-15 17:34 ` pcarlini at suse dot de
@ 2004-05-26 13:58 ` cvs-commit at gcc dot gnu dot org
2004-06-28 20:21 ` cvs-commit at gcc dot gnu dot org
2004-06-28 20:23 ` pinskia at gcc dot gnu dot org
14 siblings, 0 replies; 16+ messages in thread
From: cvs-commit at gcc dot gnu dot org @ 2004-05-26 13:58 UTC (permalink / raw)
To: gcc-bugs
------- Additional Comments From cvs-commit at gcc dot gnu dot org 2004-05-25 17:04 -------
Subject: Bug 11352
CVSROOT: /cvs/gcc
Module name: gcc
Branch: hammer-3_3-branch
Changes by: paolo@gcc.gnu.org 2004-05-25 17:03:58
Modified files:
libstdc++-v3 : ChangeLog.hammer
libstdc++-v3/include/bits: locale_facets.tcc
libstdc++-v3/src: misc-inst.cc
Log message:
2004-05-25 David Asher <david.asher@cavium.com>
PR libstdc++/11352
* include/bits/locale_facets.tcc (__pad<>::_S_pad): Don't
access __olds beyond __oldlen.
2004-05-25 Michael Matz <matz@suse.de>
Paolo Carlini <pcarlini@suse.de>
* src/misc-inst.cc: Instantiate istreambuf_iterator<>::_M_get.
Patches:
http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/libstdc++-v3/ChangeLog.hammer.diff?cvsroot=gcc&only_with_tag=hammer-3_3-branch&r1=1.1.2.14&r2=1.1.2.15
http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/libstdc++-v3/include/bits/locale_facets.tcc.diff?cvsroot=gcc&only_with_tag=hammer-3_3-branch&r1=1.82.2.16&r2=1.82.2.17
http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/libstdc++-v3/src/misc-inst.cc.diff?cvsroot=gcc&only_with_tag=hammer-3_3-branch&r1=1.20.2.1&r2=1.20.2.2
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=11352
^ permalink raw reply [flat|nested] 16+ messages in thread
* [Bug libstdc++/11352] crash while internal padding numeric 0
2003-06-27 13:48 [Bug libstdc++/11352] New: crash while internal padding numeric 0 david dot asher at cavium dot com
` (12 preceding siblings ...)
2004-05-26 13:58 ` cvs-commit at gcc dot gnu dot org
@ 2004-06-28 20:21 ` cvs-commit at gcc dot gnu dot org
2004-06-28 20:23 ` pinskia at gcc dot gnu dot org
14 siblings, 0 replies; 16+ messages in thread
From: cvs-commit at gcc dot gnu dot org @ 2004-06-28 20:21 UTC (permalink / raw)
To: gcc-bugs
------- Additional Comments From cvs-commit at gcc dot gnu dot org 2004-06-28 20:16 -------
Subject: Bug 11352
CVSROOT: /cvs/gcc
Module name: gcc
Branch: gcc-3_3-branch
Changes by: paolo@gcc.gnu.org 2004-06-28 20:16:22
Modified files:
libstdc++-v3 : ChangeLog
libstdc++-v3/include/bits: locale_facets.tcc
Log message:
2004-06-28 David Asher <david.asher@cavium.com>
PR libstdc++/11352
* include/bits/locale_facets.tcc (__pad<>::_S_pad): Don't
access __olds beyond __oldlen.
Patches:
http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/libstdc++-v3/ChangeLog.diff?cvsroot=gcc&only_with_tag=gcc-3_3-branch&r1=1.1464.2.186&r2=1.1464.2.187
http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/libstdc++-v3/include/bits/locale_facets.tcc.diff?cvsroot=gcc&only_with_tag=gcc-3_3-branch&r1=1.82.4.19&r2=1.82.4.20
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=11352
^ permalink raw reply [flat|nested] 16+ messages in thread
* [Bug libstdc++/11352] crash while internal padding numeric 0
2003-06-27 13:48 [Bug libstdc++/11352] New: crash while internal padding numeric 0 david dot asher at cavium dot com
` (13 preceding siblings ...)
2004-06-28 20:21 ` cvs-commit at gcc dot gnu dot org
@ 2004-06-28 20:23 ` pinskia at gcc dot gnu dot org
14 siblings, 0 replies; 16+ messages in thread
From: pinskia at gcc dot gnu dot org @ 2004-06-28 20:23 UTC (permalink / raw)
To: gcc-bugs
------- Additional Comments From pinskia at gcc dot gnu dot org 2004-06-28 20:21 -------
Fixed also in 3.3.5.
--
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|3.4.0 |3.3.5
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=11352
^ permalink raw reply [flat|nested] 16+ messages in thread