Bug 154504 - Segmentation fault in initstate_r () from /lib/tls/libc.so.6
Summary: Segmentation fault in initstate_r () from /lib/tls/libc.so.6
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: glibc
Version: 3
Hardware: i386
OS: Linux
medium
high
Target Milestone: ---
Assignee: Jakub Jelinek
QA Contact: Brian Brock
URL:
Whiteboard:
: 154505 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-04-12 10:12 UTC by Mateusz Ploskon
Modified: 2007-11-30 22:11 UTC (History)
1 user (show)

Fixed In Version: 2.3.5-1
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-04-28 12:39:45 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Mateusz Ploskon 2005-04-12 10:12:40 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (compatible; Konqueror/3.3; Linux) (KHTML, like Gecko)

Description of problem:
// following code compiled with 
// gcc -g -O3 -ansi -pedantic -save-temps test.c 
// causes: 
// Program received signal SIGSEGV, Segmentation fault. 
// 0x0040d130 in initstate_r () from /lib/tls/libc.so.6 
 
#include<stdio.h> 
#include<string.h> 
 
int main() 
{ 
  char s[255]; 
  sprintf(s, "%s", "ala ma kota"); 
 
  strfry(s); 
  return 0; 
} 
 

Version-Release number of selected component (if applicable):
libc-2.3.5.so

How reproducible:
Always

Steps to Reproduce:
1.compile the description 
2.run a.out 
3. 
   

Additional info:

> gcc -v 
Reading specs from /usr/lib/gcc/i386-redhat-linux/3.4.2/specs 
Configured with: ../configure --prefix=/usr --mandir=/usr/share/man 
--infodir=/usr/share/info --enable-shared --enable-threads=posix 
--disable-checking --with-system-zlib --enable-__cxa_atexit 
--disable-libunwind-exceptions --enable-java-awt=gtk --host=i386-redhat-linux 
Thread model: posix 
gcc version 3.4.2 20041017 (Red Hat 3.4.2-6.fc3)

Comment 1 Mateusz Ploskon 2005-04-12 10:51:50 UTC
*** Bug 154505 has been marked as a duplicate of this bug. ***

Comment 2 Jakub Jelinek 2005-04-12 14:43:36 UTC
This ought to be fixed by
http://sources.redhat.com/bugzilla/show_bug.cgi?id=710#c5


Comment 3 Marcus Sharpe 2005-04-14 12:55:56 UTC
(In reply to comment #2)
> This ought to be fixed by
> http://sources.redhat.com/bugzilla/show_bug.cgi?id=710#c5

The last patch added to that bug report (glibc-2.3.4-fix-initstate_r.patch) has
an extra check to ensure buf->state is non-NULL before saving the state. This
extra check doesn't seem to have made it into glibc 2.3.5, and so I get the
following backtrace with the above test app:

Program received signal SIGSEGV, Segmentation fault.
__initstate_r (seed=3898788, arg_state=0x3b7dc0 "", n=32, buf=0x3b7da4)
    at random_r.c:252
252         old_state[-1] = TYPE_0;
(gdb) bt
#0  __initstate_r (seed=3898788, arg_state=0x3b7dc0 "", n=32, buf=0x3b7da4)
    at random_r.c:252
#1  0x002fab5c in strfry (string=0xbffff570 "ala ma kota") at strfry.c:35
#2  0x080483a1 in main () at test.c:9
(gdb) p old_state
$1 = (int32_t *) 0x0
(gdb) p buf->state
$2 = (int32_t *) 0x0

This is with glibc-2.3.5-0.fc3.1

Comment 4 Jakub Jelinek 2005-04-15 18:32:25 UTC
The fix was committed to glibc CVS on Apr, 12th, so it is not in any glibc
rpm yet.

Comment 5 Jakub Jelinek 2005-04-28 12:39:45 UTC
Should be fixed in glibc-2.3.5-1 in rawhide.


Note You need to log in before you can comment on or make changes to this bug.