From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-bugs-return-388269-listarch-gcc-bugs=gcc.gnu.org@gcc.gnu.org>
Received: (qmail 27574 invoked by alias); 9 Apr 2012 16:10:40 -0000
Received: (qmail 27560 invoked by uid 22791); 9 Apr 2012 16:10:37 -0000
X-SWARE-Spam-Status: No, hits=-3.5 required=5.0	tests=ALL_TRUSTED,AWL,BAYES_00
X-Spam-Check-By: sourceware.org
Received: from localhost (HELO gcc.gnu.org) (127.0.0.1)    by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Mon, 09 Apr 2012 16:10:16 +0000
From: "regehr at cs dot utah.edu" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug c/52913] New: segfault due to null ptr deref
Date: Mon, 09 Apr 2012 16:10:00 -0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gcc
X-Bugzilla-Component: c
X-Bugzilla-Keywords:
X-Bugzilla-Severity: normal
X-Bugzilla-Who: regehr at cs dot utah.edu
X-Bugzilla-Status: UNCONFIRMED
X-Bugzilla-Priority: P3
X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Changed-Fields:
Message-ID: <bug-52913-4@http.gcc.gnu.org/bugzilla/>
X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/
Auto-Submitted: auto-generated
Content-Type: text/plain; charset="UTF-8"
MIME-Version: 1.0
Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Id: <gcc-bugs.gcc.gnu.org>
List-Archive: <http://gcc.gnu.org/ml/gcc-bugs/>
List-Post: <mailto:gcc-bugs@gcc.gnu.org>
List-Help: <mailto:gcc-bugs-help@gcc.gnu.org>
Sender: gcc-bugs-owner@gcc.gnu.org
X-SW-Source: 2012-04/txt/msg00551.txt.bz2

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=52913

             Bug #: 52913
           Summary: segfault due to null ptr deref
    Classification: Unclassified
           Product: gcc
           Version: 4.8.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c
        AssignedTo: unassigned@gcc.gnu.org
        ReportedBy: regehr@cs.utah.edu
                CC: chenyang@cs.utah.edu


[regehr@dyson r12]$ current-gcc -c -O2 small.c
small.c: In function 'fn1':
small.c:16:1: internal compiler error: Segmentation fault
Please submit a full bug report,
with preprocessed source if appropriate.
See <http://gcc.gnu.org/bugs.html> for instructions.


[regehr@dyson r12]$ valgrind -q --trace-children=yes current-gcc -c -O2 small.c
==10207== Invalid read of size 8
==10207==    at 0xDEB919: search_line_sse2(unsigned char const*, unsigned char
const*) (lex.c:393)
==10207==    by 0xDEBAE1: _cpp_clean_line (lex.c:739)
==10207==    by 0xDEC507: _cpp_get_fresh_line (lex.c:2000)
==10207==    by 0xDEDCC0: _cpp_lex_direct (lex.c:2065)
==10207==    by 0xDEEA4B: _cpp_lex_token (lex.c:1939)
==10207==    by 0xDF2C2F: cpp_get_token_1(cpp_reader*, unsigned int*)
(macro.c:2245)
==10207==    by 0x57FB72: c_lex_with_flags(tree_node**, unsigned int*, unsigned
char*, int) (c-lex.c:302)
==10207==    by 0x52D9B4: c_lex_one_token(c_parser*, c_token*) (c-parser.c:221)
==10207==    by 0x5342D3: c_parser_compound_statement_nostart(c_parser*)
(c-parser.c:401)
==10207==    by 0x54166B: c_parser_compound_statement(c_parser*)
(c-parser.c:4071)
==10207==    by 0x531D08: c_parser_declaration_or_fndef(c_parser*, bool, bool,
bool, bool, bool, tree_node**) (c-parser.c:1758)
==10207==    by 0x5418DE: c_parser_external_declaration(c_parser*)
(c-parser.c:1363)
==10207==  Address 0x56e8f50 is 224 bytes inside a block of size 228 alloc'd
==10207==    at 0x4C275A2: realloc (vg_replace_malloc.c:525)
==10207==    by 0xE17B1C: xrealloc (xmalloc.c:179)
==10207==    by 0xDE0603: _cpp_convert_input (charset.c:1734)
==10207==    by 0xDE901A: read_file(cpp_reader*, _cpp_file*) (files.c:652)
==10207==    by 0xDE9A1A: _cpp_stack_file (files.c:723)
==10207==    by 0xDEB377: cpp_read_main_file(cpp_reader*, char const*)
(init.c:593)
==10207==    by 0x5850EB: c_common_post_options(char const**) (c-opts.c:1056)
==10207==    by 0x8C687C: toplev_main(int, char**) (toplev.c:1281)
==10207==    by 0x52D2C4C: (below main) (libc-start.c:226)
==10207== 
==10207== Invalid read of size 8
==10207==    at 0xDEB903: search_line_sse2(unsigned char const*, unsigned char
const*) (lex.c:381)
==10207==    by 0xDEBAE1: _cpp_clean_line (lex.c:739)
==10207==    by 0xDEC507: _cpp_get_fresh_line (lex.c:2000)
==10207==    by 0xDEDCC0: _cpp_lex_direct (lex.c:2065)
==10207==    by 0xDEEA4B: _cpp_lex_token (lex.c:1939)
==10207==    by 0xDF2C2F: cpp_get_token_1(cpp_reader*, unsigned int*)
(macro.c:2245)
==10207==    by 0x57FB72: c_lex_with_flags(tree_node**, unsigned int*, unsigned
char*, int) (c-lex.c:302)
==10207==    by 0x52D9B4: c_lex_one_token(c_parser*, c_token*) (c-parser.c:221)
==10207==    by 0x5342D3: c_parser_compound_statement_nostart(c_parser*)
(c-parser.c:401)
==10207==    by 0x54166B: c_parser_compound_statement(c_parser*)
(c-parser.c:4071)
==10207==    by 0x531D08: c_parser_declaration_or_fndef(c_parser*, bool, bool,
bool, bool, bool, tree_node**) (c-parser.c:1758)
==10207==    by 0x5418DE: c_parser_external_declaration(c_parser*)
(c-parser.c:1363)
==10207==  Address 0x56e8f50 is 224 bytes inside a block of size 228 alloc'd
==10207==    at 0x4C275A2: realloc (vg_replace_malloc.c:525)
==10207==    by 0xE17B1C: xrealloc (xmalloc.c:179)
==10207==    by 0xDE0603: _cpp_convert_input (charset.c:1734)
==10207==    by 0xDE901A: read_file(cpp_reader*, _cpp_file*) (files.c:652)
==10207==    by 0xDE9A1A: _cpp_stack_file (files.c:723)
==10207==    by 0xDEB377: cpp_read_main_file(cpp_reader*, char const*)
(init.c:593)
==10207==    by 0x5850EB: c_common_post_options(char const**) (c-opts.c:1056)
==10207==    by 0x8C687C: toplev_main(int, char**) (toplev.c:1281)
==10207==    by 0x52D2C4C: (below main) (libc-start.c:226)
==10207== 
==10207== Invalid read of size 4
==10207==    at 0x5EAB84: dfs_enumerate_from(basic_block_def*, int, bool
(*)(basic_block_def const*, void const*), basic_block_def**, int, void const*)
(cfganal.c:1210)
==10207==    by 0x5FE013: get_loop_body(loop const*) (cfgloop.c:829)
==10207==    by 0x5FF98F: verify_loop_structure() (cfgloop.c:1351)
==10207==    by 0x7D5525: loop_optimizer_init(unsigned int) (loop-init.c:64)
==10207==    by 0x7D567E: rtl_loop_init() (loop-init.c:210)
==10207==    by 0x8219D4: execute_one_pass(opt_pass*) (passes.c:2079)
==10207==    by 0x821D94: execute_pass_list(opt_pass*) (passes.c:2134)
==10207==    by 0x821DA6: execute_pass_list(opt_pass*) (passes.c:2135)
==10207==    by 0x821DA6: execute_pass_list(opt_pass*) (passes.c:2135)
==10207==    by 0x93488D: tree_rest_of_compilation(tree_node*)
(tree-optimize.c:422)
==10207==    by 0x616239: cgraph_expand_function(cgraph_node*)
(cgraphunit.c:1784)
==10207==    by 0x6180FB: cgraph_optimize() (cgraphunit.c:1851)
==10207==  Address 0x50 is not stack'd, malloc'd or (recently) free'd
==10207== 
small.c: In function 'fn1':
small.c:16:1: internal compiler error: Segmentation fault
Please submit a full bug report,
with preprocessed source if appropriate.
See <http://gcc.gnu.org/bugs.html> for instructions.


[regehr@dyson r12]$ cat small.c
int a, b, c, d, e;
void
fn1 ()
{
lbl_101:
    e = 0;
lbl_274:
    for (c = 0; c < 1; c = a)
        if (d)
            if (b)
                goto lbl_101;
            else
                break;
    d = 1;
    goto lbl_274;
}


[regehr@dyson r12]$ current-gcc -v
Using built-in specs.
COLLECT_GCC=current-gcc
COLLECT_LTO_WRAPPER=/uusoc/exports/scratch/regehr/z/compiler-install/gcc-r186233-install/bin/../libexec/gcc/x86_64-unknown-linux-gnu/4.8.0/lto-wrapper
Target: x86_64-unknown-linux-gnu
Configured with: ../configure --with-libelf=/usr/local --enable-lto
--prefix=/home/regehr/z/compiler-install/gcc-r186233-install
--program-prefix=r186233- --enable-languages=c,c++
Thread model: posix
gcc version 4.8.0 20120409 (experimental) (GCC)