From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-bugs-return-207203-listarch-gcc-bugs=gcc.gnu.org@gcc.gnu.org>
Received: (qmail 17677 invoked by alias); 15 Jan 2007 17:53:23 -0000
Received: (qmail 17640 invoked by uid 48); 15 Jan 2007 17:53:08 -0000
Date: Mon, 15 Jan 2007 17:53:00 -0000
Subject: [Bug c/30473]  New: Internal Compiler Error with a sprintf with few arguments for format %s
X-Bugzilla-Reason: CC
Message-ID: <bug-30473-13892@http.gcc.gnu.org/bugzilla/>
Reply-To: gcc-bugzilla@gcc.gnu.org
To: gcc-bugs@gcc.gnu.org
From: "avg07 at tid dot es" <gcc-bugzilla@gcc.gnu.org>
Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Id: <gcc-bugs.gcc.gnu.org>
List-Archive: <http://gcc.gnu.org/ml/gcc-bugs/>
List-Post: <mailto:gcc-bugs@gcc.gnu.org>
List-Help: <mailto:gcc-bugs-help@gcc.gnu.org>
Sender: gcc-bugs-owner@gcc.gnu.org
X-SW-Source: 2007-01/txt/msg01223.txt.bz2

/* crash_builtin_sprintf.c */

#include <stdio.h>

int main(void){
  char buffer[10];
  sprintf(buffer, "%s");
  return 0;
}


$ gcc-4.1 -v -da -Q crash_builtin_sprintf.c
Using built-in specs.
Target: x86_64-unknown-linux-gnu
Configured with: /home/avega/morfeo/gcc_4_1_1_release/configure
--prefix=/home/avega/shared/gcc-4.1 --disable-multilib --verbose
--program-suffix=-4.1 --enable-checking --enable-languages=c,c++
Thread model: posix
gcc version 4.1.1
 /home/avega/shared/gcc-4.1/libexec/gcc/x86_64-unknown-linux-gnu/4.1.1/cc1 -v
crash_builtin_sprintf.c -dumpbase crash_builtin_sprintf.c -da -mtune=k8
-auxbase crash_builtin_sprintf -version -o /tmp/ccqb7Log.s
ignoring nonexistent directory
"/home/avega/shared/gcc-4.1/lib/gcc/x86_64-unknown-linux-gnu/4.1.1/../../../../x86_64-unknown-linux-gnu/include"
#include "..." search starts here:
#include <...> search starts here:
 /usr/local/include
 /home/avega/shared/gcc-4.1/include
 /home/avega/shared/gcc-4.1/lib/gcc/x86_64-unknown-linux-gnu/4.1.1/include
 /usr/include
End of search list.
GNU C version 4.1.1 (x86_64-unknown-linux-gnu)
        compiled by GNU C version 4.1.1.
GGC heuristics: --param ggc-min-expand=30 --param ggc-min-heapsize=4096
options passed:  -v -mtune=k8 -auxbase
options enabled:  -falign-loops -fargument-alias
 -fasynchronous-unwind-tables -fbranch-count-reg -fcommon -fearly-inlining
 -feliminate-unused-debug-types -ffunction-cse -fgcse-lm -fident
 -finline-functions-called-once -fivopts -fkeep-static-consts
 -fleading-underscore -floop-optimize2 -fmath-errno -fpeephole
 -freg-struct-return -fsched-interblock -fsched-spec
 -fsched-stalled-insns-dep -fshow-column -fsplit-ivs-in-unroller
 -ftrapping-math -ftree-loop-im -ftree-loop-ivcanon -ftree-loop-optimize
 -ftree-vect-loop-version -funwind-tables -fvar-tracking
 -fzero-initialized-in-bss -m128bit-long-double -m64 -m80387
 -maccumulate-outgoing-args -malign-stringops -mfancy-math-387
 -mfp-ret-in-387 -mieee-fp -mmmx -mpush-args -mred-zone -msse -msse2
 -mtls-direct-seg-refs
Compiler executable checksum: 8e360ce3bdb591fc08bf895e5092364f
 main
crash_builtin_sprintf.c: In function â&#128;&#152;mainâ&#128;&#153;:
crash_builtin_sprintf.c:8: internal compiler error: Segmentation fault
Please submit a full bug report,
with preprocessed source if appropriate.
See <URL:http://gcc.gnu.org/bugs.html> for instructions.


$ gdb ~/shared/gcc-4.1/libexec/gcc/x86_64-unknown-linux-gnu/4.1.1/cc1
GNU gdb Red Hat Linux (6.3.0.0-1.132.EL4rh)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu"...Using host libthread_db
library "/lib64/tls/libthread_db.so.1".

(gdb) set args crash_builtin_sprintf.c
(gdb) r
Starting program:
/home/avega/shared/gcc-4.1/libexec/gcc/x86_64-unknown-linux-gnu/4.1.1/cc1
crash_builtin_sprintf.c
 main
Program received signal SIGSEGV, Segmentation fault.
0x000000000050ef55 in fold_builtin_sprintf (arglist=0x2a985fe1e0, ignored=0)
    at /home/avega/morfeo/gcc_4_1_1_release/gcc/builtins.c:9883
9883          orig = TREE_VALUE (TREE_CHAIN (TREE_CHAIN (arglist)));
(gdb) where
#0  0x000000000050ef55 in fold_builtin_sprintf (arglist=0x2a985fe1e0,
    ignored=0) at /home/avega/morfeo/gcc_4_1_1_release/gcc/builtins.c:9883
#1  0x0000000000511adc in fold_builtin (fndecl=Variable "fndecl" is not
available.
)
    at /home/avega/morfeo/gcc_4_1_1_release/gcc/builtins.c:9099
#2  0x00000000005c0b5a in fold_ternary (code=Variable "code" is not available.
)
    at /home/avega/morfeo/gcc_4_1_1_release/gcc/fold-const.c:10159
#3  0x00000000005c1a31 in fold_build3_stat (code=CALL_EXPR, type=0x2a983f24d0,
    op0=0x2a983ed1c0, op1=0x2a985fe1e0, op2=0x0)
    at /home/avega/morfeo/gcc_4_1_1_release/gcc/fold-const.c:10587
#4  0x00000000004292c1 in build_function_call (function=0x2a983ed1c0,
params=Variable "params" is not available.
)
    at /home/avega/morfeo/gcc_4_1_1_release/gcc/c-typeck.c:2228
#5  0x0000000000459ea3 in c_parser_postfix_expression_after_primary (
    parser=0x2a983e9410, expr=
      {value = 0x2a9846a900, original_code = ERROR_MARK})
    at /home/avega/morfeo/gcc_4_1_1_release/gcc/c-parser.c:5250
#6  0x0000000000457571 in c_parser_postfix_expression (parser=0x2a983e9410)
    at /home/avega/morfeo/gcc_4_1_1_release/gcc/c-parser.c:5184
#7  0x0000000000458159 in c_parser_unary_expression (parser=0x2a983e9410)
    at /home/avega/morfeo/gcc_4_1_1_release/gcc/c-parser.c:4622
#8  0x0000000000458ae9 in c_parser_cast_expression (parser=0x2a983e9410,
after=Variable "after" is not available.

) at /home/avega/morfeo/gcc_4_1_1_release/gcc/c-parser.c:4498
#9  0x0000000000458c40 in c_parser_conditional_expression (
    parser=0x2a983e9410, after=Variable "after" is not available.
)
    at /home/avega/morfeo/gcc_4_1_1_release/gcc/c-parser.c:5339
#13 0x000000000045e598 in c_parser_statement_after_labels (parser=0x2a983e9410)
    at /home/avega/morfeo/gcc_4_1_1_release/gcc/c-parser.c:3565
#14 0x00000000004571c8 in c_parser_compound_statement_nostart (
    parser=0x2a983e9410)
    at /home/avega/morfeo/gcc_4_1_1_release/gcc/c-parser.c:3315
#15 0x000000000045d7e5 in c_parser_compound_statement (parser=0x2a983e9410)
    at /home/avega/morfeo/gcc_4_1_1_release/gcc/c-parser.c:3190
#16 0x000000000045df01 in c_parser_declaration_or_fndef (parser=0x2a983e9410,
    fndef_ok=1 '\001', empty_ok=Variable "empty_ok" is not available.
)
    at /home/avega/morfeo/gcc_4_1_1_release/gcc/c-parser.c:1295
#17 0x00000000004604e7 in c_parse_file ()
    at /home/avega/morfeo/gcc_4_1_1_release/gcc/c-parser.c:977
#18 0x000000000044bd25 in c_common_parse_file (set_yydebug=Variable
"set_yydebug" is not available.
)
    at /home/avega/morfeo/gcc_4_1_1_release/gcc/c-opts.c:1143
#19 0x000000000075b4b8 in toplev_main (argc=Variable "argc" is not available.
)
    at /home/avega/morfeo/gcc_4_1_1_release/gcc/toplev.c:991
#20 0x00000034f1d1c3fb in __libc_start_main () from /lib64/tls/libc.so.6
#21 0x00000000004027da in _start ()
#22 0x0000007fbfffef58 in ?? ()
#23 0x000000000000001c in ?? ()
#24 0x0000000000000002 in ?? ()
#25 0x0000007fbffff23d in ?? ()
#26 0x0000007fbffff287 in ?? ()
#27 0x0000000000000000 in ?? ()
(gdb) down
#0  0x000000000050ef55 in fold_builtin_sprintf (arglist=0x2a985fe1e0,
    ignored=0) at /home/avega/morfeo/gcc_4_1_1_release/gcc/builtins.c:9883
9883          orig = TREE_VALUE (TREE_CHAIN (TREE_CHAIN (arglist)));
(gdb) l
9878
9879          if (!fn)
9880            return NULL_TREE;
9881
9882          /* Convert sprintf (str1, "%s", str2) into strcpy (str1, str2). 
*/
9883          orig = TREE_VALUE (TREE_CHAIN (TREE_CHAIN (arglist)));
9884          arglist = build_tree_list (NULL_TREE, orig);
9885          arglist = tree_cons (NULL_TREE, dest, arglist);
9886          if (!ignored)
9887            {
(gdb) source ~/morfeo/gcc_4_1_1_release/gcc/gdbinit.in
Breakpoint 1 at 0x55c4d0: file
/home/avega/morfeo/gcc_4_1_1_release/gcc/diagnostic.c, line 601.
Breakpoint 2 at 0x55c3f0: file
/home/avega/morfeo/gcc_4_1_1_release/gcc/diagnostic.c, line 542.
Breakpoint 3 at 0x34f1d30be0
Breakpoint 4 at 0x34f1d2f920


Index: gcc/builtins.c
===================================================================
--- gcc/builtins.c      (revision 120440)
+++ gcc/builtins.c      (working copy)
@@ -10439,6 +10439,10 @@
       if (!fn)
        return NULL_TREE;

+      /* Verify call is not 'sprintf (dest, "%s")' */
+      if (!validate_arglist (arglist, POINTER_TYPE, POINTER_TYPE,
+                             POINTER_TYPE, VOID_TYPE))
+        return NULL_TREE;
+
       /* Convert sprintf (str1, "%s", str2) into strcpy (str1, str2).  */
       orig = TREE_VALUE (TREE_CHAIN (TREE_CHAIN (arglist)));
       arglist = build_tree_list (NULL_TREE, orig);


-- 
           Summary: Internal Compiler Error with a sprintf with few
                    arguments for format %s
           Product: gcc
           Version: 4.1.1
            Status: UNCONFIRMED
          Severity: minor
          Priority: P3
         Component: c
        AssignedTo: unassigned at gcc dot gnu dot org
        ReportedBy: avg07 at tid dot es
 GCC build triplet:  x86_64-unknown-linux-gnu
  GCC host triplet:  x86_64-unknown-linux-gnu
GCC target triplet:  x86_64-unknown-linux-gnu


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=30473