Red Hat Bugzilla – Bug 490253
gcc optimizes away critical frees with -O2 flag set; does not occur with vanilla
Last modified: 2012-06-20 12:58:03 EDT
When compiling clamav v0.94.2, and statically linking it to an application, memory is not freed by the cl_free function. It appears to be a bug with the RHEL version of gcc 3.4, as the bug does not occur with gcc 3.4 in debian. See this clamav bug report for a test case:
I finally managed to get my hands on a RHEL 4 box to test against, and the issue is still present.
Yeah, reproduceable also with vanilla gcc 3.4.x. Doesn't reproduce with -mtune=i486, -mtune=i586 or -mtune=i686, so as a workaround just use -mtune=i686, you aren't running on i386 anyway, are you? Or use unsigned int or unsigned long counter instead of unsigned short.
The bug is in the loop optimizer, where it incorrectly determines in check_dbra_loop that the induction variable is always non-negative, when HImode 0xf808 obivously is negative and so when the loop is reversed and after
HImode subtraction of 1 from 0xf808 (decw) the jns obviously doesn't loop back when it should.
I think this got broken by
patch, for LTU we should check that the comparison value isn't when considered as signed less than 0.
Created attachment 335362 [details]
Untested patch that cures this bug.
Thank you for submitting this issue for consideration in Red Hat Enterprise Linux. The release for which you requested us to review is now End of Life.
Please See https://access.redhat.com/support/policy/updates/errata/
If you would like Red Hat to re-consider your feature request for an active release, please re-open the request via appropriate support channels and provide additional supporting details about the importance of this issue.