* [Bug preprocessor/29966] crash in cc1 with backtrace from free()
2006-11-23 23:57 [Bug preprocessor/29966] New: crash in cc1 with backtrace from free() acahalan at gmail dot com
@ 2006-11-23 23:59 ` acahalan at gmail dot com
2006-11-24 0:00 ` acahalan at gmail dot com
` (10 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: acahalan at gmail dot com @ 2006-11-23 23:59 UTC (permalink / raw)
To: gcc-bugs
------- Comment #1 from acahalan at gmail dot com 2006-11-23 23:59 -------
Created an attachment (id=12676)
--> (http://gcc.gnu.org/bugzilla/attachment.cgi?id=12676&action=view)
crash1.c
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=29966
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug preprocessor/29966] crash in cc1 with backtrace from free()
2006-11-23 23:57 [Bug preprocessor/29966] New: crash in cc1 with backtrace from free() acahalan at gmail dot com
2006-11-23 23:59 ` [Bug preprocessor/29966] " acahalan at gmail dot com
@ 2006-11-24 0:00 ` acahalan at gmail dot com
2006-11-24 0:01 ` acahalan at gmail dot com
` (9 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: acahalan at gmail dot com @ 2006-11-24 0:00 UTC (permalink / raw)
To: gcc-bugs
------- Comment #2 from acahalan at gmail dot com 2006-11-24 00:00 -------
Created an attachment (id=12677)
--> (http://gcc.gnu.org/bugzilla/attachment.cgi?id=12677&action=view)
crash2.c
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=29966
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug preprocessor/29966] crash in cc1 with backtrace from free()
2006-11-23 23:57 [Bug preprocessor/29966] New: crash in cc1 with backtrace from free() acahalan at gmail dot com
2006-11-23 23:59 ` [Bug preprocessor/29966] " acahalan at gmail dot com
2006-11-24 0:00 ` acahalan at gmail dot com
@ 2006-11-24 0:01 ` acahalan at gmail dot com
2006-11-24 0:01 ` acahalan at gmail dot com
` (8 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: acahalan at gmail dot com @ 2006-11-24 0:01 UTC (permalink / raw)
To: gcc-bugs
------- Comment #3 from acahalan at gmail dot com 2006-11-24 00:01 -------
Created an attachment (id=12678)
--> (http://gcc.gnu.org/bugzilla/attachment.cgi?id=12678&action=view)
crash3.c
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=29966
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug preprocessor/29966] crash in cc1 with backtrace from free()
2006-11-23 23:57 [Bug preprocessor/29966] New: crash in cc1 with backtrace from free() acahalan at gmail dot com
` (2 preceding siblings ...)
2006-11-24 0:01 ` acahalan at gmail dot com
@ 2006-11-24 0:01 ` acahalan at gmail dot com
2006-11-24 0:02 ` acahalan at gmail dot com
` (7 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: acahalan at gmail dot com @ 2006-11-24 0:01 UTC (permalink / raw)
To: gcc-bugs
------- Comment #4 from acahalan at gmail dot com 2006-11-24 00:01 -------
Created an attachment (id=12679)
--> (http://gcc.gnu.org/bugzilla/attachment.cgi?id=12679&action=view)
crash4.c
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=29966
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug preprocessor/29966] crash in cc1 with backtrace from free()
2006-11-23 23:57 [Bug preprocessor/29966] New: crash in cc1 with backtrace from free() acahalan at gmail dot com
` (3 preceding siblings ...)
2006-11-24 0:01 ` acahalan at gmail dot com
@ 2006-11-24 0:02 ` acahalan at gmail dot com
2006-11-24 0:17 ` pinskia at gcc dot gnu dot org
` (6 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: acahalan at gmail dot com @ 2006-11-24 0:02 UTC (permalink / raw)
To: gcc-bugs
------- Comment #5 from acahalan at gmail dot com 2006-11-24 00:02 -------
Created an attachment (id=12680)
--> (http://gcc.gnu.org/bugzilla/attachment.cgi?id=12680&action=view)
crash5.c
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=29966
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug preprocessor/29966] crash in cc1 with backtrace from free()
2006-11-23 23:57 [Bug preprocessor/29966] New: crash in cc1 with backtrace from free() acahalan at gmail dot com
` (4 preceding siblings ...)
2006-11-24 0:02 ` acahalan at gmail dot com
@ 2006-11-24 0:17 ` pinskia at gcc dot gnu dot org
2006-11-24 10:46 ` rguenth at gcc dot gnu dot org
` (5 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: pinskia at gcc dot gnu dot org @ 2006-11-24 0:17 UTC (permalink / raw)
To: gcc-bugs
------- Comment #6 from pinskia at gcc dot gnu dot org 2006-11-24 00:17 -------
valgrind on the mainline shows begining with:
==11886== Invalid write of size 1
==11886== at 0x8592FE0: _cpp_lex_direct (lex.c:881)
==11886== Address 0x48DD485 is 5 bytes after a block of size 4,000 alloc'd
==11886== at 0x40051F9: malloc (vg_replace_malloc.c:149)
==11886== by 0x85AD1F5: xmalloc (xmalloc.c:147)
4.0.4 and 4.1.2 all have the same issue. I have not looked at 3.4.6 yet to see
if this is a regression.
--
pinskia at gcc dot gnu dot org changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |ice-on-invalid-code
Known to fail| |4.0.4 4.1.2 4.2.0 4.3.0
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=29966
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug preprocessor/29966] crash in cc1 with backtrace from free()
2006-11-23 23:57 [Bug preprocessor/29966] New: crash in cc1 with backtrace from free() acahalan at gmail dot com
` (5 preceding siblings ...)
2006-11-24 0:17 ` pinskia at gcc dot gnu dot org
@ 2006-11-24 10:46 ` rguenth at gcc dot gnu dot org
2006-12-27 21:44 ` tromey at gcc dot gnu dot org
` (4 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: rguenth at gcc dot gnu dot org @ 2006-11-24 10:46 UTC (permalink / raw)
To: gcc-bugs
------- Comment #7 from rguenth at gcc dot gnu dot org 2006-11-24 10:46 -------
3.4.6 and 3.3.6 have the same issue
--
rguenth at gcc dot gnu dot org changed:
What |Removed |Added
----------------------------------------------------------------------------
Known to fail|4.0.4 4.1.2 4.2.0 4.3.0 |3.3.6 3.4.6 4.0.4 4.1.2
| |4.2.0 4.3.0
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=29966
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug preprocessor/29966] crash in cc1 with backtrace from free()
2006-11-23 23:57 [Bug preprocessor/29966] New: crash in cc1 with backtrace from free() acahalan at gmail dot com
` (6 preceding siblings ...)
2006-11-24 10:46 ` rguenth at gcc dot gnu dot org
@ 2006-12-27 21:44 ` tromey at gcc dot gnu dot org
2007-01-01 21:53 ` patchapp at dberlin dot org
` (3 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: tromey at gcc dot gnu dot org @ 2006-12-27 21:44 UTC (permalink / raw)
To: gcc-bugs
------- Comment #8 from tromey at gcc dot gnu dot org 2006-12-27 21:43 -------
I looked at this a bit.
The basic problem resembles bug #14438 in a way.
The source code here has an unterminated "call" to a function-like
macro. cpp thinks all the subsequent #define directives are
in the expansion (try -pedantic to see the errors).
I believe what happens is that during a call to create_iso_definition,
we call _cpp_lex_token at a point where it must allocate a new token
run. But then upon returning we restore the old cur_token pointer
(see _cpp_create_definition), leading to the bug.
I'm testing a fix which works by saving and restoring cur_token in
lex_expansion_token. I'm not positive this is correct, though.
Another possible fix might be to change create_iso_definition to call
_cpp_lex_direct rather than _cpp_lex_token.
BTW, my reading of _cpp_lex_token is that it assumes that cur_token
is in the current token run. One easy way to make gdb stop when
the first bug is hit is to make a breakpoint conditional on this not
being true. For debugging I added an assert() for this, but cpp
doesn't seem to use assertions anywhere, so I won't be submitting this.
--
tromey at gcc dot gnu dot org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |NEW
Ever Confirmed|0 |1
Last reconfirmed|0000-00-00 00:00:00 |2006-12-27 21:43:58
date| |
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=29966
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug preprocessor/29966] crash in cc1 with backtrace from free()
2006-11-23 23:57 [Bug preprocessor/29966] New: crash in cc1 with backtrace from free() acahalan at gmail dot com
` (7 preceding siblings ...)
2006-12-27 21:44 ` tromey at gcc dot gnu dot org
@ 2007-01-01 21:53 ` patchapp at dberlin dot org
2007-01-08 1:31 ` tromey at gcc dot gnu dot org
` (2 subsequent siblings)
11 siblings, 0 replies; 13+ messages in thread
From: patchapp at dberlin dot org @ 2007-01-01 21:53 UTC (permalink / raw)
To: gcc-bugs
------- Comment #9 from patchapp at dberlin dot org 2007-01-01 21:53 -------
Subject: Bug number PR preprocessor/29966
A patch for this bug has been added to the patch tracker.
The mailing list url for the patch is
http://gcc.gnu.org/ml/gcc-patches/2006-12/msg01848.html
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=29966
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug preprocessor/29966] crash in cc1 with backtrace from free()
2006-11-23 23:57 [Bug preprocessor/29966] New: crash in cc1 with backtrace from free() acahalan at gmail dot com
` (8 preceding siblings ...)
2007-01-01 21:53 ` patchapp at dberlin dot org
@ 2007-01-08 1:31 ` tromey at gcc dot gnu dot org
2007-01-30 15:46 ` tromey at gcc dot gnu dot org
2007-01-30 16:29 ` tromey at gcc dot gnu dot org
11 siblings, 0 replies; 13+ messages in thread
From: tromey at gcc dot gnu dot org @ 2007-01-08 1:31 UTC (permalink / raw)
To: gcc-bugs
--
tromey at gcc dot gnu dot org changed:
What |Removed |Added
----------------------------------------------------------------------------
AssignedTo|unassigned at gcc dot gnu |tromey at gcc dot gnu dot
|dot org |org
Status|NEW |ASSIGNED
Last reconfirmed|2006-12-27 21:43:58 |2007-01-08 01:30:57
date| |
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=29966
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug preprocessor/29966] crash in cc1 with backtrace from free()
2006-11-23 23:57 [Bug preprocessor/29966] New: crash in cc1 with backtrace from free() acahalan at gmail dot com
` (9 preceding siblings ...)
2007-01-08 1:31 ` tromey at gcc dot gnu dot org
@ 2007-01-30 15:46 ` tromey at gcc dot gnu dot org
2007-01-30 16:29 ` tromey at gcc dot gnu dot org
11 siblings, 0 replies; 13+ messages in thread
From: tromey at gcc dot gnu dot org @ 2007-01-30 15:46 UTC (permalink / raw)
To: gcc-bugs
------- Comment #10 from tromey at gcc dot gnu dot org 2007-01-30 15:46 -------
Subject: Bug 29966
Author: tromey
Date: Tue Jan 30 15:46:01 2007
New Revision: 121340
URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=121340
Log:
PR preprocessor/29966:
* macro.c (lex_expansion_token): Save and restore cpp_reader's
cur_token.
(_cpp_create_definition): Don't restore cur_token here.
* lex.c (_cpp_lex_token): Added assertion.
Modified:
trunk/libcpp/ChangeLog
trunk/libcpp/lex.c
trunk/libcpp/macro.c
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=29966
^ permalink raw reply [flat|nested] 13+ messages in thread
* [Bug preprocessor/29966] crash in cc1 with backtrace from free()
2006-11-23 23:57 [Bug preprocessor/29966] New: crash in cc1 with backtrace from free() acahalan at gmail dot com
` (10 preceding siblings ...)
2007-01-30 15:46 ` tromey at gcc dot gnu dot org
@ 2007-01-30 16:29 ` tromey at gcc dot gnu dot org
11 siblings, 0 replies; 13+ messages in thread
From: tromey at gcc dot gnu dot org @ 2007-01-30 16:29 UTC (permalink / raw)
To: gcc-bugs
------- Comment #11 from tromey at gcc dot gnu dot org 2007-01-30 16:29 -------
Fix checked in.
--
tromey at gcc dot gnu dot org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution| |FIXED
Target Milestone|--- |4.3.0
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=29966
^ permalink raw reply [flat|nested] 13+ messages in thread