Bug 51755 - gcc-2.96-95 compiled binary segfaults in vfprintf()
gcc-2.96-95 compiled binary segfaults in vfprintf()
Status: CLOSED NOTABUG
Product: Red Hat Linux
Classification: Retired
Component: gcc (Show other bugs)
7.1
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Jakub Jelinek
David Lawrence
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-08-14 15:50 EDT by Need Real Name
Modified: 2007-04-18 12:35 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-08-15 09:16:29 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Backtrace generated by gbd on core file. (3.24 KB, text/plain)
2001-08-14 15:52 EDT, Need Real Name
no flags Details

  None (edit)
Description Need Real Name 2001-08-14 15:50:41 EDT
From Bugzilla Helper:
User-Agent: Mozilla/4.76 [en] (Windows NT 5.0; U)

Description of problem:
Xwindow application compiled with gcc-2.95-85
and gcc-2.95-95 segfaults on a call to vfprintf()
after a call that mallocs space for a structure and
a new pixel buffer.  I've stepped through the function
right before the LOG() that includes the vfprintf() that
segfaults and can insert LOG() calls anywhere in that
function that work just fine.
Same Xwindow application compiled with kgcc
runs without errors.
Here's the gdb backtrace for the core file
generated:
GNU gdb 5.0rh-5 Red Hat Linux 7.1
Copyright 2001 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux"...
Core was generated by `wxv -type GIF -v -log /u/opscntl/Logs/wxv_gif.log us10.gif'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /opt/bxpro-5.0/lib/libEPak.so.4...done.
Loaded symbols for /opt/bxpro-5.0/lib/libEPak.so.4
Reading symbols from /usr/X11R6/lib/libXm.so.2...done.
Loaded symbols for /usr/X11R6/lib/libXm.so.2
Reading symbols from /usr/X11R6/lib/libXt.so.6...done.
Loaded symbols for /usr/X11R6/lib/libXt.so.6
Reading symbols from /usr/X11R6/lib/libSM.so.6...done.
Loaded symbols for /usr/X11R6/lib/libSM.so.6
Reading symbols from /usr/X11R6/lib/libICE.so.6...done.
Loaded symbols for /usr/X11R6/lib/libICE.so.6
Reading symbols from /usr/X11R6/lib/libXp.so.6...done.
Loaded symbols for /usr/X11R6/lib/libXp.so.6
Reading symbols from /usr/X11R6/lib/libXext.so.6...done.
Loaded symbols for /usr/X11R6/lib/libXext.so.6
Reading symbols from /usr/X11R6/lib/libX11.so.6...done.
Loaded symbols for /usr/X11R6/lib/libX11.so.6
Reading symbols from /lib/i686/libm.so.6...done.
Loaded symbols for /lib/i686/libm.so.6
Reading symbols from /lib/i686/libc.so.6...done.
Loaded symbols for /lib/i686/libc.so.6
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
Reading symbols from /lib/libnss_files.so.2...done.
Loaded symbols for /lib/libnss_files.so.2
#0  __wcslen (s=0x2) at wcslen.c:30
30      wcslen.c: No such file or directory.
---Type <return> to continue, or q <return> to quit---
        in wcslen.c
(gdb) bt
#0  __wcslen (s=0x2) at wcslen.c:30
#1  0x404b5c74 in __wcsrtombs (dst=0x0, src=0xbfffd17c, len=0, ps=0xbfffd180)
    at wcsrtombs.c:67
#2  0x4047ff98 in _IO_vfprintf (s=0x834d550, 
    format=0x80e5900 "wxv_LoadXImage:  ZOOM_IN Expand thePIC 200% SUCCESS\n", 
    ap=0xbfffd7f8) at vfprintf.c:1524
#3  0x080c8361 in LOG ()
#4  0x080600ee in wxv_LoadXImage (pimage=0x8355dd0) at wxv_display.c:1336
#5  0x0805e2f4 in wxv_Zoom_in () at wxv_display.c:540
#6  0x08057231 in zoom_in (w=0x83855f8, client_data=0x0, call_data=0xbfffda20)
    at callbacks-c.c:466
#7  0x402d3611 in XtCallCallbackList () from /usr/X11R6/lib/libXt.so.6
#8  0x401d9287 in Select () from /usr/X11R6/lib/libXm.so.2
#9  0x40307127 in HandleSimpleState () from /usr/X11R6/lib/libXt.so.6
#10 0x40307984 in _XtTranslateEvent () from /usr/X11R6/lib/libXt.so.6
#11 0x402dfac7 in XtDispatchEventToWidget () from /usr/X11R6/lib/libXt.so.6
#12 0x402e02a0 in _XtDefaultDispatcher () from /usr/X11R6/lib/libXt.so.6
#13 0x402e0529 in XtDispatchEvent () from /usr/X11R6/lib/libXt.so.6
#14 0x402e12f5 in XtAppMainLoop () from /usr/X11R6/lib/libXt.so.6
#15 0x08064905 in main (argc=7, argv=0xbfffe58c) at main-c.c:301
#16 0x40445177 in __libc_start_main (main=0x8063f8c <main>, argc=7, 
    ubp_av=0xbfffe58c, init=0x804b6bc <_init>, fini=0x80e0290 <_fini>, 
    rtld_fini=0x4000e184 <_dl_fini>, stack_end=0xbfffe57c)

Here's the LOG() that the vfprintf() occurs in:
#include <varargs.h>

static  time_t  reopen_log_time = (time_t)-1;
char    WxvLogFilename[MAX_TEXT_LINE+1] = { NUL };
FILE    *WxvLogFp = NULL;

void
LOG(va_alist)
va_dcl
  {
  va_list    args;
  char       *tplate;
  char       log_time[MAX_TEXT_LINE+1];
  time_t     t_time;
  struct tm  *tm_time;
  struct stat  status;

  if (WxvLogFp != NULL)
    {
    time(&t_time);
    tm_time = gmtime(&t_time);
    sprintf(log_time, "%4.4d%2.2d%2.2d %2.2d:%2.2d:%2.2d",
                      tm_time->tm_year + 1900,
                      tm_time->tm_mon + 1,
                      tm_time->tm_mday,
                      tm_time->tm_hour,
                      tm_time->tm_min,
                      tm_time->tm_sec);
    
    va_start(args);
    fprintf(WxvLogFp, "%s ", log_time);
    tplate = va_arg(args, char *);
    vfprintf(WxvLogFp, tplate, args);
    va_end(args);
    fflush(WxvLogFp);
    }
  }   /* LOG */


Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1.call contrast_shrink(const byte*, int )
   Calls to LOG() anywhere in this function work fine.
2. Call "if (Verbose) LOG()"
3. 
	

Actual Results:  Program segfaults in vfprintf().

Expected Results:  Program should not segfault

Additional info:
Comment 1 Need Real Name 2001-08-14 15:52:21 EDT
Created attachment 27813 [details]
Backtrace generated by gbd on core file.
Comment 2 Jakub Jelinek 2001-08-15 05:40:24 EDT
If the backtrace is correct, then I don't wonder why it segfaults.
Calling vfprintf with format string "... 200% SUCCESS" looks like something
that was not intended (I strongly doubt you want to insert space padded
wide character string between 200 and UCCESS).
It is well possible that when you compile the thing with other compiler
other value will be on the stack after last given argument, so wcslen will e.g.
return 0 and not segfault.
Comment 3 Need Real Name 2001-08-15 09:16:25 EDT
Jakub,

Thanks!  I was completely over looking the
'%' symbol in the format string.  

Kathy Bieltz


Note You need to log in before you can comment on or make changes to this bug.