Return-Path: Delivered-To: apmail-stdcxx-issues-archive@locus.apache.org Received: (qmail 79690 invoked from network); 13 May 2008 02:19:17 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 13 May 2008 02:19:17 -0000 Received: (qmail 67082 invoked by uid 500); 13 May 2008 02:19:19 -0000 Delivered-To: apmail-stdcxx-issues-archive@stdcxx.apache.org Received: (qmail 66989 invoked by uid 500); 13 May 2008 02:19:19 -0000 Mailing-List: contact issues-help@stdcxx.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@stdcxx.apache.org Delivered-To: mailing list issues@stdcxx.apache.org Received: (qmail 66591 invoked by uid 99); 13 May 2008 02:19:19 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 12 May 2008 19:19:18 -0700 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.140] (HELO brutus.apache.org) (140.211.11.140) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 13 May 2008 02:18:40 +0000 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id 9D705234C111 for ; Mon, 12 May 2008 19:18:55 -0700 (PDT) Message-ID: <1192625169.1210645135643.JavaMail.jira@brutus> Date: Mon, 12 May 2008 19:18:55 -0700 (PDT) From: "Eric Lemings (JIRA)" To: issues@stdcxx.apache.org Subject: [jira] Updated: (STDCXX-931) [gcc/Darwin] 0.printf test aborts with bus error In-Reply-To: <125453184.1210644895577.JavaMail.jira@brutus> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/STDCXX-931?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Eric Lemings updated STDCXX-931: -------------------------------- Description: The {{test_string()}} function in the {{0.printf}} test calls {{bad_address()}} to generate an invalid address. This address is eventually passed to the \_\_rw::\_\_rw_memattr() function which uses the pointer value, specifically {{0x20}}, as the pointer value to the {{memchr()}} C library function which promptly aborts the program. The invalid pointer should be caught before calling such C library functions which usually expect valid pointers. Suspect the proliferous conditional code within the function or some other unaccounted platform dependency. The preprocessed Darwin source for {{__rw_memattr()}} is shown below. {{noformat}} # 97 "/stdcxx/branches/4.2.x/src/memattr.cpp" namespace __rw { long __rw_memattr (const void *addr, unsigned long nbytes, int attr) { ((void)&attr); const int errno_save = (*__error()); static const unsigned long pgsz = size_t (sysconf (29)); caddr_t const page = reinterpret_cast< caddr_t >(reinterpret_cast< unsigned long >(addr) & ~(pgsz - 1)) ; unsigned long npages = nbytes ? nbytes / pgsz + 1 : 0; for (size_t i = 0; i < npages; ++i) { const caddr_t next = reinterpret_cast< char* >(page) + i * pgsz; # 177 "/stdcxx/branches/4.2.x/src/memattr.cpp" const int advice = 3; if (-1 == madvise (next, 1, advice)) { const int err = (*__error()); (*__error()) = errno_save; bool bad_address; # 198 "/stdcxx/branches/4.2.x/src/memattr.cpp" bad_address = !(0 == err || 22 == err); if (bad_address) return next == page ? -1 : ( reinterpret_cast< const char* >(next) - reint erpret_cast< const char* >(addr)); } if (0xffffffffUL == nbytes) { # 219 "/stdcxx/branches/4.2.x/src/memattr.cpp" const unsigned long maxpage = next == page ? pgsz - ( reinterpret_cast< const char* >(addr) - reinterpre t_cast< const char* >(next)) : pgsz; const void* const pnul = memchr (next == page ? addr : next, '\0', maxpage); if (pnul) { nbytes = ( reinterpret_cast< const char* >(pnul) - reinterpret_cast< const char* >(addr)); npages = nbytes / pgsz + 1; break; } } } return static_cast< long >(nbytes); # 262 "/stdcxx/branches/4.2.x/src/memattr.cpp" {{noformat}} was: The {{test_string()}} function in the {{0.printf}} test calls {{bad_address()}} to generate an invalid address. This address is eventually passed to the __rw::__rw_memattr() function which uses the pointer value, specifically {{0x20}}, as the pointer value to the {{memchr()}} C library function which promptly aborts the program. The invalid pointer should be caught before calling such C library functions which usually expect valid pointers. Suspect the proliferous conditional code within the function or some other unaccounted platform dependency. The preprocessed Darwin source for {{__rw_memattr()}} is shown below. {{noformat}} # 97 "/stdcxx/branches/4.2.x/src/memattr.cpp" namespace __rw { long __rw_memattr (const void *addr, unsigned long nbytes, int attr) { ((void)&attr); const int errno_save = (*__error()); static const unsigned long pgsz = size_t (sysconf (29)); caddr_t const page = reinterpret_cast< caddr_t >(reinterpret_cast< unsigned long >(addr) & ~(pgsz - 1)) ; unsigned long npages = nbytes ? nbytes / pgsz + 1 : 0; for (size_t i = 0; i < npages; ++i) { const caddr_t next = reinterpret_cast< char* >(page) + i * pgsz; # 177 "/stdcxx/branches/4.2.x/src/memattr.cpp" const int advice = 3; if (-1 == madvise (next, 1, advice)) { const int err = (*__error()); (*__error()) = errno_save; bool bad_address; # 198 "/stdcxx/branches/4.2.x/src/memattr.cpp" bad_address = !(0 == err || 22 == err); if (bad_address) return next == page ? -1 : ( reinterpret_cast< const char* >(next) - reint erpret_cast< const char* >(addr)); } if (0xffffffffUL == nbytes) { # 219 "/stdcxx/branches/4.2.x/src/memattr.cpp" const unsigned long maxpage = next == page ? pgsz - ( reinterpret_cast< const char* >(addr) - reinterpre t_cast< const char* >(next)) : pgsz; const void* const pnul = memchr (next == page ? addr : next, '\0', maxpage); if (pnul) { nbytes = ( reinterpret_cast< const char* >(pnul) - reinterpret_cast< const char* >(addr)); npages = nbytes / pgsz + 1; break; } } } return static_cast< long >(nbytes); # 262 "/stdcxx/branches/4.2.x/src/memattr.cpp" {{noformat}} > [gcc/Darwin] 0.printf test aborts with bus error > ------------------------------------------------ > > Key: STDCXX-931 > URL: https://issues.apache.org/jira/browse/STDCXX-931 > Project: C++ Standard Library > Issue Type: Bug > Components: Test Driver > Affects Versions: 4.2.1 > Environment: Darwin host.local 9.2.2 Darwin Kernel Version 9.2.2: Tue Mar 4 21:17:34 PST 2008; root:xnu-1228.4.31~1/RELEASE_I386 i386 > Reporter: Eric Lemings > Fix For: 4.2.x > > Original Estimate: 4h > Remaining Estimate: 4h > > The {{test_string()}} function in the {{0.printf}} test calls {{bad_address()}} to generate an invalid address. This address is eventually passed to the \_\_rw::\_\_rw_memattr() function which uses the pointer value, specifically {{0x20}}, as the pointer value to the {{memchr()}} C library function which promptly aborts the program. The invalid pointer should be caught before calling such C library functions which usually expect valid pointers. Suspect the proliferous conditional code within the function or some other unaccounted platform dependency. The preprocessed Darwin source for {{__rw_memattr()}} is shown below. > {{noformat}} > # 97 "/stdcxx/branches/4.2.x/src/memattr.cpp" > namespace __rw { > long > __rw_memattr (const void *addr, unsigned long nbytes, int attr) > { > ((void)&attr); > const int errno_save = (*__error()); > static const unsigned long pgsz = size_t (sysconf (29)); > caddr_t const page = > reinterpret_cast< caddr_t >(reinterpret_cast< unsigned long >(addr) & ~(pgsz - 1)) > ; > unsigned long npages = nbytes ? nbytes / pgsz + 1 : 0; > for (size_t i = 0; i < npages; ++i) { > const caddr_t next = reinterpret_cast< char* >(page) + i * pgsz; > # 177 "/stdcxx/branches/4.2.x/src/memattr.cpp" > const int advice = 3; > if (-1 == madvise (next, 1, advice)) { > const int err = (*__error()); > (*__error()) = errno_save; > bool bad_address; > # 198 "/stdcxx/branches/4.2.x/src/memattr.cpp" > bad_address = !(0 == err || 22 == err); > if (bad_address) return next == page ? -1 : ( reinterpret_cast< const char* >(next) - reint > erpret_cast< const char* >(addr)); > } > if (0xffffffffUL == nbytes) { > # 219 "/stdcxx/branches/4.2.x/src/memattr.cpp" > const unsigned long maxpage = next == page ? pgsz - ( reinterpret_cast< const char* >(addr) - reinterpre > t_cast< const char* >(next)) : pgsz; > const void* const pnul = > memchr (next == page ? addr : next, '\0', maxpage); > if (pnul) { > nbytes = ( reinterpret_cast< const char* >(pnul) - reinterpret_cast< const char* >(addr)); > npages = nbytes / pgsz + 1; > break; > } > } > } > return static_cast< long >(nbytes); > # 262 "/stdcxx/branches/4.2.x/src/memattr.cpp" > {{noformat}} -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.