Bug 159448 - strcpy segmentation fault when compiled with -O1 or higher
Summary: strcpy segmentation fault when compiled with -O1 or higher
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: gcc3
Version: 4.0
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
: ---
Assignee: Jakub Jelinek
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-06-02 18:51 UTC by Daniel Tweedt
Modified: 2007-11-30 22:07 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-06-02 19:30:53 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)
Small demo program to reproduce bug (667 bytes, text/plain)
2005-06-02 18:55 UTC, Daniel Tweedt
no flags Details

Description Daniel Tweedt 2005-06-02 18:51:46 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050512 Red Hat/1.0.4-1.4.1 Firefox/1.0.4

Description of problem:
When I compile a particular program with optimization (-O1 or higher), execution gives a segmentation fault. Running gdb and doing a back trace indicates the segfault occurs in the library function "strcpy". This function is (apparently) invoked by function "strtok". I will attach a small, simple demo C-program which should reproduce the problem for you. The segfault occurs when the program is compiled with either gcc or g++.

When running the demo program, an arbitrary character string can be entered at the "Enter:" prompt. If an empty string is entered (just hit <Enter> at the prompt), the program segfaults.

Version-Release number of selected component (if applicable):
gcc-3.4.3-9.EL4

How reproducible:
Always

Steps to Reproduce:
1.compile program: gcc -O1 main.c
2.run program: ./a.out
3.press the <Enter> key at the "Enter" prompt.
  

Actual Results:  The program exit with the message "Segmentation fault".

Expected Results:  The "Enter:" prompt should have appeared on the next line.

Additional info:

Running gdb and doing a backtrace indicates the segfault is occuring in the "strcpy" library function, which is (apparently) invoked by "strtok" in the demo program.

Comment 1 Daniel Tweedt 2005-06-02 18:55:49 UTC
Created attachment 115102 [details]
Small demo program to reproduce bug

Comment 2 Jakub Jelinek 2005-06-02 19:30:53 UTC
The demo program is buggy.
See ISO C99, 7.19.6.1.  The argument corresponding to %s must not be a NULL
pointer:
"the argument shall be a pointer to the initial element of an array of character
type." ... "If the precision is not specified or is greater than the size of the
array, the array shall contain a null character."
Elsewhere the standard mandates that NULL pointer is different from pointer to
any object or function, so certainly NULL must not be passed to %s.

But your demo program does that, strtok returns NULL if you press <Enter>
at the prompt.


Note You need to log in before you can comment on or make changes to this bug.