>Number: 5351 >Category: c >Synopsis: function pass-by-value structure copy corrupts structure on stack >Confidential: no >Severity: serious >Priority: medium >Responsible: unassigned >State: open >Class: wrong-code >Submitter-Id: net >Arrival-Date: Thu Jan 10 10:56:00 PST 2002 >Closed-Date: >Last-Modified: >Originator: >Release: 3.1 20020110 (experimental) >Organization: >Environment: System: Linux mgmt3 2.4.2-2 #1 Sun Apr 8 20:41:30 EDT 2001 i686 unknown Architecture: i686 host: i686-pc-linux-gnu build: i686-pc-linux-gnu target: i686-pc-linux-gnu configured with: ../gcc/configure --prefix=/home/tools/linux/compilers/gcc-3.1-new-spinos --enable-shared --enable-threads=posix --enable-version-specific-runtime-libs --enable-languages=c,c++,java >Description: Passing a structure containing just an array of characters into a function as a value is corrupt within the function. Included is a gdb trace: [awk@mgmt3 ha_test]$ /home/awk/bin/gdb hat GNU gdb 2001-09-21-cvs (MI_OUT) Copyright 2001 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i686-pc-linux-gnu"... (gdb) main' 12 13 void testfunc(logicalIFName_t ifName) { 14 printf("ifName: %s\n", ifName.logicalIFName); 15 } 16 17 int main() { 18 19 logicalIFName_t ifname; 20 strcpy(ifname.logicalIFName, "this is a test string"); 21 testfunc(ifname); (gdb) b 'main' Breakpoint 1 at 0x8048226: file old.hatest.c, line 20. (gdb) b 'testfunc' Breakpoint 2 at 0x80481fa: file old.hatest.c, line 14. (gdb) l 22 } (gdb) run Starting program: /home/awk/src/ha_test/hat Breakpoint 1, main () at old.hatest.c:20 20 strcpy(ifname.logicalIFName, "this is a test string"); (gdb) n 21 testfunc(ifname); (gdb) p ifname $1 = {logicalIFName = "this is a test string", '\000' , "\224\201\004\b"} (gdb) s memcpy (dstpp=0xbffff680, srcpp=0xbffff700, len=128) at ../sysdeps/generic/memcpy.c:40 40 ../sysdeps/generic/memcpy.c: No such file or directory. in ../sysdeps/generic/memcpy.c (gdb) s 33 in ../sysdeps/generic/memcpy.c (gdb) s 34 in ../sysdeps/generic/memcpy.c (gdb) s 35 in ../sysdeps/generic/memcpy.c (gdb) s 40 in ../sysdeps/generic/memcpy.c (gdb) s 43 in ../sysdeps/generic/memcpy.c (gdb) s 44 in ../sysdeps/generic/memcpy.c (gdb) s 55 in ../sysdeps/generic/memcpy.c (gdb) s 61 in ../sysdeps/generic/memcpy.c (gdb) p dstpp $2 = (void *) 0xbffff680 (gdb) p (char*) dstpp $3 = 0xbffff680 "this is a test string" (gdb) s 63 in ../sysdeps/generic/memcpy.c (gdb) s 64 in ../sysdeps/generic/memcpy.c (gdb) p (char*) dstpp $4 = 0xbffff680 "this is a test string" (gdb) s Breakpoint 2, testfunc (ifName={logicalIFName = "\000÷ÿ¿\224ã\b\b EDTst string", '\000' , "\224\201\004\b"}) at old.hatest.c:14 14 printf("ifName: %s\n", ifName.logicalIFName); (gdb) p ifName $5 = {logicalIFName = "\000÷ÿ¿\224ã\b\b EDTst string", '\000' , "\224\201\004\b"} (gdb) p ifName (gdb) p ifName $6 = (logicalIFName_t *) 0xbffff680 (gdb) quit The program is running. Exit anyway? (y or n) y [awk@mgmt3 ha_test]$ exit Script done on Thu Jan 10 13:33:53 2002 >How-To-Repeat: compile and run the follow test example. #include #include #define NAMESIZE 128 struct logicalifname { char logicalIFName[NAMESIZE]; }; typedef struct logicalifname logicalifname; typedef logicalifname logicalIFName_t; void testfunc(logicalIFName_t ifName) { printf("ifName: %s\n", ifName.logicalIFName); } int main() { logicalIFName_t ifname; strcpy(ifname.logicalIFName, "this is a test string"); testfunc(ifname); } >Fix: You can work around the problem by adding a dummy variable to the contents of the structure logicalifname. >Release-Note: >Audit-Trail: >Unformatted: