From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 5830 invoked by alias); 10 Jan 2002 18:56:01 -0000 Mailing-List: contact gcc-prs-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Archive: List-Post: List-Help: Sender: gcc-prs-owner@gcc.gnu.org Received: (qmail 5793 invoked by uid 71); 10 Jan 2002 18:56:00 -0000 Resent-Date: 10 Jan 2002 18:56:00 -0000 Resent-Message-ID: <20020110185600.5791.qmail@sources.redhat.com> Resent-From: gcc-gnats@gcc.gnu.org (GNATS Filer) Resent-To: nobody@gcc.gnu.org Resent-Cc: gcc-prs@gcc.gnu.org, gcc-bugs@gcc.gnu.org Resent-Reply-To: gcc-gnats@gcc.gnu.org, Tony Knaus Received:(qmail 5170 invoked from network); 10 Jan 2002 18:54:23 -0000 Received: from unknown (HELO localhost.localdomain) (141.151.129.90) by sources.redhat.com with SMTP; 10 Jan 2002 18:54:23 -0000 Received: (from awk@localhost) by localhost.localdomain (8.11.2/8.11.2) id g0AIsLt12929; Thu, 10 Jan 2002 13:54:21 -0500 Message-Id:<200201101854.g0AIsLt12929@localhost.localdomain> Date: Thu, 10 Jan 2002 10:56:00 -0000 From: Tony Knaus To: gcc-gnats@gcc.gnu.org X-Send-Pr-Version:3.113 Subject: c/5351: function pass-by-value structure copy corrupts structure on stack X-SW-Source: 2002-01/txt/msg00413.txt.bz2 List-Id: >Number: 5351 >Category: c >Synopsis: function pass-by-value structure copy corrupts structure on stack >Confidential: no >Severity: serious >Priority: medium >Responsible: unassigned >State: open >Class: wrong-code >Submitter-Id: net >Arrival-Date: Thu Jan 10 10:56:00 PST 2002 >Closed-Date: >Last-Modified: >Originator: >Release: 3.1 20020110 (experimental) >Organization: >Environment: System: Linux mgmt3 2.4.2-2 #1 Sun Apr 8 20:41:30 EDT 2001 i686 unknown Architecture: i686 host: i686-pc-linux-gnu build: i686-pc-linux-gnu target: i686-pc-linux-gnu configured with: ../gcc/configure --prefix=/home/tools/linux/compilers/gcc-3.1-new-spinos --enable-shared --enable-threads=posix --enable-version-specific-runtime-libs --enable-languages=c,c++,java >Description: Passing a structure containing just an array of characters into a function as a value is corrupt within the function. Included is a gdb trace: [awk@mgmt3 ha_test]$ /home/awk/bin/gdb hat GNU gdb 2001-09-21-cvs (MI_OUT) Copyright 2001 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i686-pc-linux-gnu"... (gdb) main' 12 13 void testfunc(logicalIFName_t ifName) { 14 printf("ifName: %s\n", ifName.logicalIFName); 15 } 16 17 int main() { 18 19 logicalIFName_t ifname; 20 strcpy(ifname.logicalIFName, "this is a test string"); 21 testfunc(ifname); (gdb) b 'main' Breakpoint 1 at 0x8048226: file old.hatest.c, line 20. (gdb) b 'testfunc' Breakpoint 2 at 0x80481fa: file old.hatest.c, line 14. (gdb) l 22 } (gdb) run Starting program: /home/awk/src/ha_test/hat Breakpoint 1, main () at old.hatest.c:20 20 strcpy(ifname.logicalIFName, "this is a test string"); (gdb) n 21 testfunc(ifname); (gdb) p ifname $1 = {logicalIFName = "this is a test string", '\000' , "\224\201\004\b"} (gdb) s memcpy (dstpp=0xbffff680, srcpp=0xbffff700, len=128) at ../sysdeps/generic/memcpy.c:40 40 ../sysdeps/generic/memcpy.c: No such file or directory. in ../sysdeps/generic/memcpy.c (gdb) s 33 in ../sysdeps/generic/memcpy.c (gdb) s 34 in ../sysdeps/generic/memcpy.c (gdb) s 35 in ../sysdeps/generic/memcpy.c (gdb) s 40 in ../sysdeps/generic/memcpy.c (gdb) s 43 in ../sysdeps/generic/memcpy.c (gdb) s 44 in ../sysdeps/generic/memcpy.c (gdb) s 55 in ../sysdeps/generic/memcpy.c (gdb) s 61 in ../sysdeps/generic/memcpy.c (gdb) p dstpp $2 = (void *) 0xbffff680 (gdb) p (char*) dstpp $3 = 0xbffff680 "this is a test string" (gdb) s 63 in ../sysdeps/generic/memcpy.c (gdb) s 64 in ../sysdeps/generic/memcpy.c (gdb) p (char*) dstpp $4 = 0xbffff680 "this is a test string" (gdb) s Breakpoint 2, testfunc (ifName={logicalIFName = "\000÷ÿ¿\224ã\b\b EDTst string", '\000' , "\224\201\004\b"}) at old.hatest.c:14 14 printf("ifName: %s\n", ifName.logicalIFName); (gdb) p ifName $5 = {logicalIFName = "\000÷ÿ¿\224ã\b\b EDTst string", '\000' , "\224\201\004\b"} (gdb) p ifName (gdb) p ifName $6 = (logicalIFName_t *) 0xbffff680 (gdb) quit The program is running. Exit anyway? (y or n) y [awk@mgmt3 ha_test]$ exit Script done on Thu Jan 10 13:33:53 2002 >How-To-Repeat: compile and run the follow test example. #include #include #define NAMESIZE 128 struct logicalifname { char logicalIFName[NAMESIZE]; }; typedef struct logicalifname logicalifname; typedef logicalifname logicalIFName_t; void testfunc(logicalIFName_t ifName) { printf("ifName: %s\n", ifName.logicalIFName); } int main() { logicalIFName_t ifname; strcpy(ifname.logicalIFName, "this is a test string"); testfunc(ifname); } >Fix: You can work around the problem by adding a dummy variable to the contents of the structure logicalifname. >Release-Note: >Audit-Trail: >Unformatted: