Roland Mainz
2013-06-11 21:24:26 UTC
Hi!
----
We found another valgrind (patched as described in
http://lists.research.att.com/pipermail/ast-developers/2013q2/002574.html)
hit with multidimensional "bool" arrays (this time embedded in a
compound variable):
-- snip --
$ ~/vg/bin/valgrind --track-origins=yes --redzone-size=4096
--freelist-vol=5000000 ~/bin/ksh -c 'compound c=(bool -a bl) ; ((
c.bl[7000][8000][9000][10000][11000][12000][13000][14000][15000]=true
)) ; print -v c'
==15822== Memcheck, a memory error detector
==15822== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al.
==15822== Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright info
==15822== Command: /home/test001/bin/ksh -c compound\ c=(bool\ -a\
bl)\ ;\ ((\ c.bl[7000][8000][9000][10000][11000][12000][13000][14000][15000]=true\
))\ ;\ print\ -v\ c
==15822==
[snip]
==15822== Invalid read of size 8
==15822== at 0x455506: nv_create (name.c:1140)
==15822== by 0x456493: nv_open (name.c:1418)
==15822== by 0x41A738: scope (arith.c:84)
==15822== by 0x41B04E: arith (arith.c:237)
==15822== by 0x46F5CD: arith_exec (streval.c:305)
==15822== by 0x47F608: sh_exec (xec.c:2525)
==15822== by 0x47E2B7: sh_exec (xec.c:2218)
==15822== by 0x40F394: exfile (main.c:599)
==15822== by 0x40E53B: sh_main (main.c:371)
==15822== by 0x40D670: main (pmain.c:45)
==15822== Address 0x5de8680 is 64 bytes inside a block of size 400 free'd
==15822== at 0x4C29BF2: _ast_free (vg_replace_malloc.c:1001)
==15822== by 0x41EE8C: array_grow (array.c:878)
==15822== by 0x4201B3: nv_putsub_20120720 (array.c:1259)
==15822== by 0x42154D: nv_endsubscript (array.c:1609)
==15822== by 0x45504C: nv_create (name.c:1053)
==15822== by 0x456493: nv_open (name.c:1418)
==15822== by 0x41A738: scope (arith.c:84)
==15822== by 0x41B04E: arith (arith.c:237)
==15822== by 0x46F5CD: arith_exec (streval.c:305)
==15822== by 0x47F608: sh_exec (xec.c:2525)
==15822== by 0x47E2B7: sh_exec (xec.c:2218)
==15822== by 0x40F394: exfile (main.c:599)
==15822==
(
_Bool -a bl=(
typeset -a [7000]=(
typeset -a [8000]=(
typeset -a [9000]=(
typeset -a [10000]=(
typeset -a [11000]=(
typeset -a [12000]=(
typeset -a [13000]=(
typeset -a [14000]=(
[15000]=true
)
)
)
)
)
)
)
)
)
)
-- snip --
Under "VMALLOC_OPTIONS=abort" control the same issue triggers a SIGSEGV:
-- snip --
$ VMALLOC_OPTIONS=abort gdb --args ~/bin/ksh -c 'compound c=(bool -a
bl) ; (( c.bl[7000][8000][9000][10000][11000][12000][13000][14000][15000]=true
)) ; print -v c'
GNU gdb (GDB) SUSE (7.5.1-2.1.1)
Copyright (C) 2012 Free Software Foundation, Inc.
[snip]
(gdb) run
Starting program: /home/test001/bin/ksh -c compound\ c=\(bool\ -a\
bl\)\ \;\ \(\(\
c.bl\[7000\]\[8000\]\[9000\]\[10000\]\[11000\]\[12000\]\[13000\]\[14000\]\[15000\]=true\
\)\)\ \;\ print\ -v\ c
Program received signal SIGSEGV, Segmentation fault.
0x00000000004fabc0 in dtuserdata (dt=0x0, data=0x0, set=0) at
/home/test001/work/ast_ksh_20130524/build_i386_64bit_debug_patched/src/lib/libast/cdt/dtuser.c:45
45 return asogetptr(&dt->data->user.data);
(gdb) where
#0 0x00000000004fabc0 in dtuserdata (dt=0x0, data=0x0, set=0) at
/home/test001/work/ast_ksh_20130524/build_i386_64bit_debug_patched/src/lib/libast/cdt/dtuser.c:45
#1 0x0000000000412725 in nv_search (name=0x7fa167 <numbuff.7264+7>
"7000", root=0x0, mode=0)
at /home/test001/work/ast_ksh_20130524/build_i386_64bit_debug_patched/src/cmd/ksh93/sh/nvdisc.c:1057
#2 0x000000000045551e in nv_create (name=0x2bfffbf25590
"c.bl[7000][8000][9000][10000][11000][12000][13000][14000][15000]",
root=0x2bfffbf28950, flags=1442304,
dp=0x7fffffffcdf0) at
/home/test001/work/ast_ksh_20130524/build_i386_64bit_debug_patched/src/cmd/ksh93/sh/name.c:1140
#3 0x0000000000456494 in nv_open (name=0x2bfffbf253b2
"c.bl[7000][8000][9000][10000][11000][12000][13000][14000][15000]",
root=0x2bfffbf28950, flags=1442304)
at /home/test001/work/ast_ksh_20130524/build_i386_64bit_debug_patched/src/cmd/ksh93/sh/name.c:1418
#4 0x000000000041a739 in scope (np=0x2bfffbf253b2,
lvalue=0x7fffffffd120, assign=512)
at /home/test001/work/ast_ksh_20130524/build_i386_64bit_debug_patched/src/cmd/ksh93/sh/arith.c:84
#5 0x000000000041b04f in arith (ptr=0x7fffffffd168,
lvalue=0x7fffffffd120, type=1, n=0)
at /home/test001/work/ast_ksh_20130524/build_i386_64bit_debug_patched/src/cmd/ksh93/sh/arith.c:237
#6 0x000000000046f5ce in arith_exec (ep=0x2bfffbf25420) at
/home/test001/work/ast_ksh_20130524/build_i386_64bit_debug_patched/src/cmd/ksh93/sh/streval.c:305
#7 0x000000000047f609 in sh_exec (shp=0x7fa180 <sh>,
t=0x2bfffbf25400, flags=4) at
/home/test001/work/ast_ksh_20130524/build_i386_64bit_debug_patched/src/cmd/ksh93/sh/xec.c:2525
#8 0x000000000047e2b8 in sh_exec (shp=0x7fa180 <sh>,
t=0x2bfffbf25550, flags=5) at
/home/test001/work/ast_ksh_20130524/build_i386_64bit_debug_patched/src/cmd/ksh93/sh/xec.c:2218
#9 0x000000000040f395 in exfile (shp=0x7fa180 <sh>,
iop=0x2bfffbf35090, fno=-1) at
/home/test001/work/ast_ksh_20130524/build_i386_64bit_debug_patched/src/cmd/ksh93/sh/main.c:599
#10 0x000000000040e53c in sh_main (ac=3, av=0x7fffffffe1e8,
userinit=0x0) at
/home/test001/work/ast_ksh_20130524/build_i386_64bit_debug_patched/src/cmd/ksh93/sh/main.c:371
#11 0x000000000040d671 in main (argc=3, argv=0x7fffffffe1e8) at
/home/test001/work/ast_ksh_20130524/build_i386_64bit_debug_patched/src/cmd/ksh93/sh/pmain.c:45
(gdb) print dt
$1 = (Dt_t *) 0x0
-- snip --
----
Bye,
Roland
----
We found another valgrind (patched as described in
http://lists.research.att.com/pipermail/ast-developers/2013q2/002574.html)
hit with multidimensional "bool" arrays (this time embedded in a
compound variable):
-- snip --
$ ~/vg/bin/valgrind --track-origins=yes --redzone-size=4096
--freelist-vol=5000000 ~/bin/ksh -c 'compound c=(bool -a bl) ; ((
c.bl[7000][8000][9000][10000][11000][12000][13000][14000][15000]=true
)) ; print -v c'
==15822== Memcheck, a memory error detector
==15822== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al.
==15822== Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright info
==15822== Command: /home/test001/bin/ksh -c compound\ c=(bool\ -a\
bl)\ ;\ ((\ c.bl[7000][8000][9000][10000][11000][12000][13000][14000][15000]=true\
))\ ;\ print\ -v\ c
==15822==
[snip]
==15822== Invalid read of size 8
==15822== at 0x455506: nv_create (name.c:1140)
==15822== by 0x456493: nv_open (name.c:1418)
==15822== by 0x41A738: scope (arith.c:84)
==15822== by 0x41B04E: arith (arith.c:237)
==15822== by 0x46F5CD: arith_exec (streval.c:305)
==15822== by 0x47F608: sh_exec (xec.c:2525)
==15822== by 0x47E2B7: sh_exec (xec.c:2218)
==15822== by 0x40F394: exfile (main.c:599)
==15822== by 0x40E53B: sh_main (main.c:371)
==15822== by 0x40D670: main (pmain.c:45)
==15822== Address 0x5de8680 is 64 bytes inside a block of size 400 free'd
==15822== at 0x4C29BF2: _ast_free (vg_replace_malloc.c:1001)
==15822== by 0x41EE8C: array_grow (array.c:878)
==15822== by 0x4201B3: nv_putsub_20120720 (array.c:1259)
==15822== by 0x42154D: nv_endsubscript (array.c:1609)
==15822== by 0x45504C: nv_create (name.c:1053)
==15822== by 0x456493: nv_open (name.c:1418)
==15822== by 0x41A738: scope (arith.c:84)
==15822== by 0x41B04E: arith (arith.c:237)
==15822== by 0x46F5CD: arith_exec (streval.c:305)
==15822== by 0x47F608: sh_exec (xec.c:2525)
==15822== by 0x47E2B7: sh_exec (xec.c:2218)
==15822== by 0x40F394: exfile (main.c:599)
==15822==
(
_Bool -a bl=(
typeset -a [7000]=(
typeset -a [8000]=(
typeset -a [9000]=(
typeset -a [10000]=(
typeset -a [11000]=(
typeset -a [12000]=(
typeset -a [13000]=(
typeset -a [14000]=(
[15000]=true
)
)
)
)
)
)
)
)
)
)
-- snip --
Under "VMALLOC_OPTIONS=abort" control the same issue triggers a SIGSEGV:
-- snip --
$ VMALLOC_OPTIONS=abort gdb --args ~/bin/ksh -c 'compound c=(bool -a
bl) ; (( c.bl[7000][8000][9000][10000][11000][12000][13000][14000][15000]=true
)) ; print -v c'
GNU gdb (GDB) SUSE (7.5.1-2.1.1)
Copyright (C) 2012 Free Software Foundation, Inc.
[snip]
(gdb) run
Starting program: /home/test001/bin/ksh -c compound\ c=\(bool\ -a\
bl\)\ \;\ \(\(\
c.bl\[7000\]\[8000\]\[9000\]\[10000\]\[11000\]\[12000\]\[13000\]\[14000\]\[15000\]=true\
\)\)\ \;\ print\ -v\ c
Program received signal SIGSEGV, Segmentation fault.
0x00000000004fabc0 in dtuserdata (dt=0x0, data=0x0, set=0) at
/home/test001/work/ast_ksh_20130524/build_i386_64bit_debug_patched/src/lib/libast/cdt/dtuser.c:45
45 return asogetptr(&dt->data->user.data);
(gdb) where
#0 0x00000000004fabc0 in dtuserdata (dt=0x0, data=0x0, set=0) at
/home/test001/work/ast_ksh_20130524/build_i386_64bit_debug_patched/src/lib/libast/cdt/dtuser.c:45
#1 0x0000000000412725 in nv_search (name=0x7fa167 <numbuff.7264+7>
"7000", root=0x0, mode=0)
at /home/test001/work/ast_ksh_20130524/build_i386_64bit_debug_patched/src/cmd/ksh93/sh/nvdisc.c:1057
#2 0x000000000045551e in nv_create (name=0x2bfffbf25590
"c.bl[7000][8000][9000][10000][11000][12000][13000][14000][15000]",
root=0x2bfffbf28950, flags=1442304,
dp=0x7fffffffcdf0) at
/home/test001/work/ast_ksh_20130524/build_i386_64bit_debug_patched/src/cmd/ksh93/sh/name.c:1140
#3 0x0000000000456494 in nv_open (name=0x2bfffbf253b2
"c.bl[7000][8000][9000][10000][11000][12000][13000][14000][15000]",
root=0x2bfffbf28950, flags=1442304)
at /home/test001/work/ast_ksh_20130524/build_i386_64bit_debug_patched/src/cmd/ksh93/sh/name.c:1418
#4 0x000000000041a739 in scope (np=0x2bfffbf253b2,
lvalue=0x7fffffffd120, assign=512)
at /home/test001/work/ast_ksh_20130524/build_i386_64bit_debug_patched/src/cmd/ksh93/sh/arith.c:84
#5 0x000000000041b04f in arith (ptr=0x7fffffffd168,
lvalue=0x7fffffffd120, type=1, n=0)
at /home/test001/work/ast_ksh_20130524/build_i386_64bit_debug_patched/src/cmd/ksh93/sh/arith.c:237
#6 0x000000000046f5ce in arith_exec (ep=0x2bfffbf25420) at
/home/test001/work/ast_ksh_20130524/build_i386_64bit_debug_patched/src/cmd/ksh93/sh/streval.c:305
#7 0x000000000047f609 in sh_exec (shp=0x7fa180 <sh>,
t=0x2bfffbf25400, flags=4) at
/home/test001/work/ast_ksh_20130524/build_i386_64bit_debug_patched/src/cmd/ksh93/sh/xec.c:2525
#8 0x000000000047e2b8 in sh_exec (shp=0x7fa180 <sh>,
t=0x2bfffbf25550, flags=5) at
/home/test001/work/ast_ksh_20130524/build_i386_64bit_debug_patched/src/cmd/ksh93/sh/xec.c:2218
#9 0x000000000040f395 in exfile (shp=0x7fa180 <sh>,
iop=0x2bfffbf35090, fno=-1) at
/home/test001/work/ast_ksh_20130524/build_i386_64bit_debug_patched/src/cmd/ksh93/sh/main.c:599
#10 0x000000000040e53c in sh_main (ac=3, av=0x7fffffffe1e8,
userinit=0x0) at
/home/test001/work/ast_ksh_20130524/build_i386_64bit_debug_patched/src/cmd/ksh93/sh/main.c:371
#11 0x000000000040d671 in main (argc=3, argv=0x7fffffffe1e8) at
/home/test001/work/ast_ksh_20130524/build_i386_64bit_debug_patched/src/cmd/ksh93/sh/pmain.c:45
(gdb) print dt
$1 = (Dt_t *) 0x0
-- snip --
----
Bye,
Roland
--
__ . . __
(o.\ \/ /.o) roland.mainz at nrubsig.org
\__\/\/__/ MPEG specialist, C&&JAVA&&Sun&&Unix programmer
/O /==\ O\ TEL +49 641 3992797
(;O/ \/ \O;)
__ . . __
(o.\ \/ /.o) roland.mainz at nrubsig.org
\__\/\/__/ MPEG specialist, C&&JAVA&&Sun&&Unix programmer
/O /==\ O\ TEL +49 641 3992797
(;O/ \/ \O;)