public inbox for gcc-prs@sourceware.org
help / color / mirror / Atom feed
From: georg.wild@gmx.de
To: gcc-gnats@gcc.gnu.org
Subject: c/4391: memcpy(buf, base, len); defunction compiling bind with -O2
Date: Tue, 25 Sep 2001 03:36:00 -0000 [thread overview]
Message-ID: <20010925102614.28515.qmail@sourceware.cygnus.com> (raw)
>Number: 4391
>Category: c
>Synopsis: memcpy(buf, base, len); defunction compiling bind with -O2
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: unassigned
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Tue Sep 25 03:36:01 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator: georg.wild@gmx.de
>Release: latest cvs snapshot
>Organization:
>Environment:
i686-pc-linux-gnu linux 2.2.19 glibc 2.2.4 and mostly newest libraries
>Description:
Sorry, but it was not possible for me producing a compilable example because this bug is somehow connected with libraries and .....! Therefore I'll describe what happens!
It occurs compiling ftp://ftp.isc.org/isc/bind9/9.2.0rc4/bind-9.2.0rc4.tar.gz and specially libisc.
The position where it is first seen in the main program is in:
isc_result_t
isc_file_progname(const char *filename, char *buf, size_t buflen) {
const char *base;
size_t len;
REQUIRE(filename != NULL);
REQUIRE(buf != NULL);
base = isc_file_basename(filename);
len = strlen(base) + 1;
if (len > buflen)
return (ISC_R_NOSPACE);
memcpy(buf, base, len);
return (ISC_R_SUCCESS);
}
When reaching the memcpy line, I see in ddd the program returning to the main program without setting ISC_R_SUCCESS. In the asm tab there is a jmp-Funktion. Pressing next in machine code returns directly to the main program!
But I think the real problem is in file.c, because it works when file.c is compiled -O0. -O2 doesn't work.
Because I don't see any other related function, I think the miscompiled funktion is
const char *
isc_file_basename(const char *filename) {
char *s;
REQUIRE(filename != NULL);
s = strrchr(filename, '/');
if (s == NULL)
return (filename);
return (s + 1);
}
Debugging this piece of code results:
Starting with filename="/root/bind-9.2.0rc4/bin/named/named" s=strrchr(..) results s="/named". Executing this if statement changes the value of s; it got "/root/bind-..../named". After executing the return function the value of s is "named"; executing the whole procedure returns the right value: "named". But I think there seems to be a somehow wrong memory allocation.
>How-To-Repeat:
Compiliung this bind release in the usual manor.
>Fix:
Compile file.c using -O0.
>Release-Note:
>Audit-Trail:
>Unformatted:
next reply other threads:[~2001-09-25 3:36 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-09-25 3:36 georg.wild [this message]
2001-09-25 4:16 Graham Stott
2002-04-24 15:22 rth
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20010925102614.28515.qmail@sourceware.cygnus.com \
--to=georg.wild@gmx.de \
--cc=gcc-gnats@gcc.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).