On Tue, Sep 22, 2009 at 1:41 PM, Jeff Trawick <trawick@gmail.com> wrote:
On Tue, Sep 22, 2009 at 11:33 AM, Jeff Trawick <trawick@gmail.com> wrote:
On Tue, Sep 22, 2009 at 11:10 AM, Jeff Trawick <trawick@gmail.com> wrote:
On Mon, Sep 21, 2009 at 6:25 PM, Graham Leggett <minfrin@sharp.fm> wrote:
Hi all,

I have rolled a candidate of apr v1.3.9 and propose it for release,
available here:

http://people.apache.org/~minfrin/apr/


+1
(Mac OS X 10.5.8 on x86, 32-bit testing only, OpenSolaris 2009.06 + SunStudio on x86, 32-bit and 64-bit testing)

I get a crash in testhash with the 64-bit OpenSolaris build, but that happens with 1.3.8 as well :(


In case somebody wonders:

t@1 (l@1) program terminated by signal SEGV (no mapping at the fault address)
Current function is apr_vformatter
  954                   s = va_arg(ap, char *);

To this very naive observer, it looks like a compiler bug (Sun Studio 12 Update 1).  Some overflow area processing has been triggered since we've gone beyond 0x30 bytes of arguments.  The address into the overflow area gets whacked at the 32-bit mark and va_arg() dies trying to use it.

In case anybody sees this post and wonders if they should be worried:

As far as I can tell, it occurs only with "-O0", as in "cc -m64 -O0 -g foo.c" so other people aren't likely to encounter it.  I've only tested on x86.

A simple non-APR testcase is

#include <stdarg.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>

static void local_vformatter(char *buf, size_t len,
                             const char *format, va_list ap)
{
    char *str;
    ssize_t bigval;

    str = va_arg(ap, char *);
    printf("arg %s\n", str);

    str = va_arg(ap, char *);
    printf("arg %s\n", str);

    bigval = va_arg(ap, /* ssize_t */  unsigned long);
    printf("arg %lld\n", bigval);

    str = va_arg(ap, char *);
    printf("arg %s\n", str);
}

static void local_snprintf(char *buf, size_t len,
                           const char *format, ...)
{
    va_list ap;

    va_start(ap, format);
    local_vformatter(buf, len, format, ap);
    va_end(ap);
}

int main(void)
{
    char buf[800];
    char *key, *val;
    ssize_t len;


    key = "KEY1";
    val = "VAL1";
    len = strlen(key);
    local_snprintf(buf, sizeof buf, "%sKey %s (%ld) Value %s\n",
                   "->",
                   key,
                   len,
                   val);

    /* printf(buf); */
}

No crash with Sun Studio 12 (no update) on Solaris 10 U5.