Bug#757835: nfs-kernel-server: after update 1.2.8-6->1.2.8-8 rpc.mountd starts crashing
amd64. I think it affects all architectures. In case you want to
follow-up, attached is minimum testcase I could come up with. It
crashes with gcc-4.9 and -O2. No crash with gcc-4.8, or at -O1.
$gcc-4.9 -W -Wall -O2 client.c && ./a.out
Segmentation fault
$gcc-4.8 -W -Wall -O2 client.c && ./a.out
$gcc-4.9 -W -Wall -O1 client.c && ./a.out
$
Petr
On Mon, Aug 11, 2014 at 12:15 PM, Steve Langasek <vorlon@debian.org> wrote:
> On Mon, Aug 11, 2014 at 11:49:16AM -0700, Petr Vandrovec wrote:
>> Hi,
>> it seems to be gcc bug. For inexplicable reason compiler optimized
>> 'if (cp && *cp)' to just 'if (*cp)' :-(
>
>> Changing 'char *cp' to 'char * volatile cp' at line 468 in
>> support/export/client.c is enough to explain to gcc that it has no
>> idea what it is doing, and fixes the crash.
>
>> I think that after code does 'strncpy(new, old, cp-old)' or
>> 'new[cp-old] = 0' or 'if (cp != old && *cp)' compiler believes 'cp'
>> cannot be NULL, forgetting that both 'cp' and 'old' could have been
>> NULL, making these expressions valid for NULL cp.
>
> Are you seeing this problem on i386 (like the original submitter), or do you
> see this problem on a different architecture?
>
> (If it's a compiler problem, this will be relevant to getting it fixed
> properly.)
>
> --
> Steve Langasek Give me a lever long enough and a Free OS
> Debian Developer to set it on, and I can move the world.
> Ubuntu Developer http://www.debian.org/
> slangasek@ubuntu.com vorlon@debian.org
char buf[100];
void
add_name(char *old)
{
char *cp = old;
while (cp && *cp) {
cp++;
}
__builtin_strncpy(buf, old, cp-old);
if (cp != old) {
buf[0] = 'Q';
}
if (cp && *cp) {
buf[0] = 'Q';
}
}
int main(void) {
add_name(0);
return 0;
}
Reply to: