Curious segmentation fault...

Curious segmentation fault...

[Shriramana Sharma]

[-- Attachment #1: Type: text/plain, Size: 1287 bytes --]

Dear list,

Namaste (hello). This is my first post. I wonder if I have found a bug or at 
least an anomalous behaviour in GCC. Please download the file segfault.tar.gz 
from:

http://www.yousendit.com/transfer.php?action=download&ufid=0D3E9B791AE99BEA

(available for seven days from now). Do make and test both monthpan and 
monthpan-bug with any date range that contains a Sunday (which is where the 
bug lies). You should find that monthpan creates an output file called 
monthpan.txt whereas monthpan-bug creates a segmentation fault at 
grahanaama[0] (grahanaama means "weekday name").

The only difference between the two source files monthpan.c and monthpan-bug.c 
is that the latter contains the line:

char spicanaama[] = "Spica";

*before* the start of the declarations of the two-dimensional arrays, which 
for some reason seems to cause the zero element of the first two-dimensional 
array to be out-of-bounds.

This problem confirmed on gcc-4.1/glibc-2.4 and gcc-3.35/glibc-2.34.

Please can anyone enlighten me as to what exactly causes this bug? Is it a bug 
with GCC? If yes, where do I report it?

Thanks.

-- 

Tux #395953 resides at http://samvit.org
playing with KDE 3.51 on SUSE Linux 10.1
$ date [] CCE +2006-05-22 W21-1 UTC+0530

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: Curious segmentation fault...

[Shriramana Sharma]

[-- Attachment #1: Type: text/plain, Size: 997 bytes --]

Monday 22 May 2006 23:05 samaye, Shriramana Sharma alekhiit:

> The only difference between the two source files monthpan.c and
> monthpan-bug.c is that the latter contains the line:
> char spicanaama[] = "Spica";
> *before* the start of the declarations of the two-dimensional arrays, which
> for some reason seems to cause the zero element of the first
> two-dimensional array to be out-of-bounds.

I further investigated this and it becomes more and more curious. 

If I place spica-name before graha-name then it faults, but not if I place it 
before tithi-name. If I push it to before nakshatra-name it faults again, but 
does not fault before yoga-name, and again faults before karana-name but does 
not fault *after* karana-name. 

In all the cases, it is memory location 0x726956 which faults with <Address 
0x726956 out of bounds> ...

-- 

Tux #395953 resides at http://samvit.org
playing with KDE 3.51 on SUSE Linux 10.1
$ date [] CCE +2006-05-22 W21-1 UTC+0530

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: Curious segmentation fault...

[Andrew Haley]

Shriramana Sharma writes:
 > Dear list,
 > 
 > Namaste (hello). This is my first post. I wonder if I have found a bug or at 
 > least an anomalous behaviour in GCC. Please download the file segfault.tar.gz 
 > from:
 > 
 > http://www.yousendit.com/transfer.php?action=download&ufid=0D3E9B791AE99BEA
 > 
 > (available for seven days from now). Do make and test both monthpan and 
 > monthpan-bug with any date range that contains a Sunday (which is where the 
 > bug lies). You should find that monthpan creates an output file called 
 > monthpan.txt whereas monthpan-bug creates a segmentation fault at 
 > grahanaama[0] (grahanaama means "weekday name").

You call swe_fixstar with the argument 0 (star) = spicanaama.

swe_fixstar does

  sprintf(star, "%s,%s", cpos[0], cpos[1])

so, it overwrites its input argument (spicanaama).  But spicanaama
isn't big enough to contain the resulting string, so it overwites the
next variable, which is grahanaama[0].

 > The only difference between the two source files monthpan.c and monthpan-bug.c 
 > is that the latter contains the line:
 > 
 > char spicanaama[] = "Spica";
 > 
 > *before* the start of the declarations of the two-dimensional arrays, which 
 > for some reason seems to cause the zero element of the first two-dimensional 
 > array to be out-of-bounds.
 > 
 > This problem confirmed on gcc-4.1/glibc-2.4 and gcc-3.35/glibc-2.34.
 > 
 > Please can anyone enlighten me as to what exactly causes this bug? Is it a bug 
 > with GCC? If yes, where do I report it?

Don't!

Andrew.

Re: Curious segmentation fault... SOLVED

[Shriramana Sharma]

[-- Attachment #1: Type: text/plain, Size: 745 bytes --]

Tuesday 23 May 2006 19:10 samaye, Andrew Haley alekhiit:

> You call swe_fixstar with the argument 0 (star) = spicanaama.
> swe_fixstar does
>   sprintf(star, "%s,%s", cpos[0], cpos[1])
> so, it overwrites its input argument (spicanaama).  But spicanaama
> isn't big enough to contain the resulting string, so it overwites the
> next variable, which is grahanaama[0].

Thanks. Changing the size of spicanaama to 41 solved the problem. The library 
developer informed me that though the documentation said 40 bytes, it was a 
bug and it should be 41. So I allocated 41 bytes to it and that was all.

-- 

Tux #395953 resides at http://samvit.org
playing with KDE 3.51 on SUSE Linux 10.1
$ date [] CCE +2006-05-24 W21-3 UTC+0530

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: Curious segmentation fault... SOLVED

[Andrew Haley]

Shriramana Sharma writes:
 > Tuesday 23 May 2006 19:10 samaye, Andrew Haley alekhiit:
 > 
 > > You call swe_fixstar with the argument 0 (star) = spicanaama.
 > > swe_fixstar does
 > >   sprintf(star, "%s,%s", cpos[0], cpos[1])
 > > so, it overwrites its input argument (spicanaama).  But spicanaama
 > > isn't big enough to contain the resulting string, so it overwites the
 > > next variable, which is grahanaama[0].
 > 
 > Thanks. Changing the size of spicanaama to 41 solved the problem.

In the version you posted it was 

  char spicanaama[] = "Spica";

which is 6 bytes long.

It is unfortunate that the string that is the first argument of
swe_fixstar is used as an input and then it is overwritten.  That
isn't your fault, of course, but it is bad style and leads to bugs
such as this one.

Andrew.

Re: Curious segmentation fault... SOLVED

[Shriramana Sharma]

Wednesday 24 May 2006 18:42 samaye, Andrew Haley alekhiit:

> In the version you posted it was
>   char spicanaama[] = "Spica";
> which is 6 bytes long.

Right, now I made it 
char spicanaama[41] = "Spica";

BTW why does my PGP signature keep going bad on this list? KMail warns me in 
red regarding my own mails:

Message was signed by samjnaa@gmail.com (Key ID: 0x2CE145422E33AB2D).
Warning: The signature is bad.

I have never had this problem with other lists. I always see mails signed by 
me in green with the message:

Message was signed by samjnaa@gmail.com (Key ID: 0x2CE145422E33AB2D).
The signature is valid and the key is ultimately trusted.

Thanks for any help...

Shriramana.

P.S: Sorry for the OT branch-off. Please tell me if this query regarding usage 
of this list is inappropriate here.

-- 

Tux #395953 resides at http://samvit.org
playing with KDE 3.52 on SUSE Linux 10.1
$ date [] CCE +2006-05-25 W21-4 UTC+0530