From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-bugzilla@gcc.gnu.org>
Received: by sourceware.org (Postfix, from userid 48)
	id 63A493858D39; Mon,  5 Jun 2023 20:52:33 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 63A493858D39
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org;
	s=default; t=1685998353;
	bh=CyssI1SkEEaIFK1nQROLqRDLroMzJDcCxNBoglqXKdg=;
	h=From:To:Subject:Date:In-Reply-To:References:From;
	b=xu6TMBBNZn8URaVOe29yacVifpgjggrF7jg4oawqMnEACBv4BcbqkeBRuIf4C5bKh
	 NTv3sM/PNoN5mt/LsBYwbuxf+sckLRCZCI9sk6u8wLMlriJfiY05QSLvMkFDungmgX
	 rQuNzHL9ENpm/dsJs21ucH4gpSPN7adAF3noUETQ=
From: "carlosgalvezp at gmail dot com" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug libgcc/109712] Segmentation fault in linear_search_fdes
Date: Mon, 05 Jun 2023 20:52:32 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gcc
X-Bugzilla-Component: libgcc
X-Bugzilla-Version: 13.1.0
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: normal
X-Bugzilla-Who: carlosgalvezp at gmail dot com
X-Bugzilla-Status: REOPENED
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: P3
X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-109712-4-s2rtdbSjc8@http.gcc.gnu.org/bugzilla/>
In-Reply-To: <bug-109712-4@http.gcc.gnu.org/bugzilla/>
References: <bug-109712-4@http.gcc.gnu.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
List-Id: <gcc-bugs.sourceware.org>

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D109712

--- Comment #25 from Carlos Galvez <carlosgalvezp at gmail dot com> ---
Perhaps this is a stupid comment, but isn't "ob.s.b.encoding" uninitialized?

  /* inside find_fde_tail */
  struct object ob;

  ...

  ob.pc_begin =3D NULL;
  ob.tbase =3D NULL;
  ob.dbase =3D (void *) dbase;
  ob.u.single =3D (fde *) eh_frame;
  ob.s.i =3D 0;
  ob.s.b.mixed_encoding =3D 1;  /* Need to assume worst case.  */
  const fde *entry =3D linear_search_fdes (&ob, (fde *) eh_frame, (void *) =
pc);

Above, only "ob.s.b.mixed_encoding" is set, not "ob.s.b.encoding".

After that, "linear_search_fdes" expects that it's set:

static const fde *
linear_search_fdes (struct object *ob, const fde *this_fde, void *pc)
{
  const struct dwarf_cie *last_cie =3D 0;
  int encoding =3D ob->s.b.encoding;
  _Unwind_Ptr base =3D base_from_object (ob->s.b.encoding, ob);=