Package: dwarves Version: 1.3-1 Severity: important
pahole crashes when it encounters a function pointer in a struct. It is possible to skip the struct with -x but then pahole crashes on the next function pointer. The binary has been compiled with llvm 2.4 and gcc (Debian 4.3.2-1.1) 4.3.2 with the option -g. The output of gdb and valgrind is attached. The line that should have been displayed where the segfault occured would have shown a function pointer. It looks as if pahole dereferences a NULL-pointer. The bug is always reproduceable. Best regards, Thomas -- System Information: Debian Release: 5.0 APT prefers gutsy APT policy: (500, 'gutsy'), (500, 'testing'), (200, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.26-1-686 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages dwarves depends on: ii libc6 2.7-18 GNU C Library: Shared libraries dwarves recommends no packages. dwarves suggests no packages. -- no debconf information
t...@sedell05:~/source/stm/cpp/taglibc/tdz/tests$ valgrind -v pahole ./test ==3879== Memcheck, a memory error detector. ==3879== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al. ==3879== Using LibVEX rev 1854, a library for dynamic binary translation. ==3879== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP. ==3879== Using valgrind-3.3.1-Debian, a dynamic binary instrumentation framework. ==3879== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al. ==3879== --3879-- Command line --3879-- pahole --3879-- ./test --3879-- Startup, with flags: --3879-- -v --3879-- Contents of /proc/version: --3879-- Linux version 2.6.26-1-686 (Debian 2.6.26-13) ([email protected]) (gcc version 4.1.3 20080704 (prerelease) (Debian 4.1.2-24)) #1 SMP Sat Jan 10 18:29:31 UTC 2009 --3879-- Arch and hwcaps: X86, x86-sse1-sse2 --3879-- Page sizes: currently 4096, max supported 4096 --3879-- Valgrind library directory: /usr/lib/valgrind --3879-- Reading syms from /lib/ld-2.7.so (0x4000000) --3879-- Reading debug info from /lib/ld-2.7.so... --3879-- ... CRC mismatch (computed 58c6dbf6 wanted 58db3c41) --3879-- object doesn't have a symbol table --3879-- Reading syms from /usr/bin/pahole (0x8048000) --3879-- object doesn't have a symbol table --3879-- Reading syms from /usr/lib/valgrind/x86-linux/memcheck (0x38000000) --3879-- object doesn't have a dynamic symbol table --3879-- Reading suppressions file: /usr/lib/valgrind/default.supp --3879-- Reading syms from /usr/lib/valgrind/x86-linux/vgpreload_core.so (0x401E000) --3879-- Reading syms from /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so (0x4020000) --3879-- Reading syms from /lib/i686/cmov/libc-2.7.so (0x4043000) --3879-- Reading debug info from /lib/i686/cmov/libc-2.7.so... --3879-- ... CRC mismatch (computed a0883b5e wanted 29618316) --3879-- object doesn't have a symbol table --3879-- REDIR: 0x40b9800 (rindex) redirected to 0x40240c0 (rindex) --3879-- REDIR: 0x40b55c0 (malloc) redirected to 0x4023cb0 (malloc) --3879-- REDIR: 0x40bac00 (memcpy) redirected to 0x40248e0 (memcpy) --3879-- REDIR: 0x40ba6f0 (memset) redirected to 0x4025380 (memset) --3879-- REDIR: 0x40b8e10 (strcmp) redirected to 0x4024770 (strcmp) --3879-- REDIR: 0x40b9380 (strlen) redirected to 0x4024470 (strlen) --3879-- REDIR: 0x40b8ca0 (index) redirected to 0x40241b0 (index) --3879-- REDIR: 0x40b52b0 (calloc) redirected to 0x4021d60 (calloc) --3879-- REDIR: 0x40b3790 (free) redirected to 0x4022ad0 (free) --3879-- REDIR: 0x40ba1f0 (memchr) redirected to 0x4024890 (memchr) --3879-- REDIR: 0x40ba8e0 (stpcpy) redirected to 0x4025110 (stpcpy) --3879-- REDIR: 0x40b8e80 (strcpy) redirected to 0x40244d0 (strcpy) --3879-- memcheck GC: 1024 nodes, 1024 survivors (100.0%) --3879-- memcheck GC: increase table size to 2048 --3879-- memcheck GC: 2048 nodes, 2048 survivors (100.0%) --3879-- memcheck GC: increase table size to 4096 --3879-- memcheck GC: 4096 nodes, 4096 survivors (100.0%) --3879-- memcheck GC: increase table size to 8192 --3879-- REDIR: 0x40bb6f0 (rawmemchr) redirected to 0x4025490 (rawmemchr) --3879-- memcheck GC: 8192 nodes, 8192 survivors (100.0%) --3879-- memcheck GC: increase table size to 16384 --3879-- memcheck GC: 16384 nodes, 12319 survivors ( 75.1%) --3879-- memcheck GC: increase table size to 32768 --3879-- REDIR: 0x40bb7c0 (strchrnul) redirected to 0x4025450 (strchrnul) --3879-- REDIR: 0x40b9430 (strnlen) redirected to 0x4024430 (strnlen) struct sys_fdio_event_data { --3879-- REDIR: 0x40b96b0 (strncpy) redirected to 0x40245a0 (strncpy) int fildes; /* 0 4 */ long unsigned int cookie; /* 4 4 */ /* size: 8, cachelines: 1 */ /* last cacheline: 8 bytes */ }; /* definitions: 6 */ struct stream_write { --3879-- REDIR: 0x40ba750 (mempcpy) redirected to 0x40254b0 (mempcpy) struct stream_cookie * cookie; /* 0 4 */ char * buf; /* 4 4 */ unsigned int siz; /* 8 4 */ /* size: 12, cachelines: 1 */ /* last cacheline: 12 bytes */ }; /* definitions: 2 */ struct timeval { long int tv_sec; /* 0 4 */ long int tv_usec; /* 4 4 */ /* size: 8, cachelines: 1 */ /* last cacheline: 8 bytes */ }; /* definitions: 1 */ struct stat { long long unsigned int st_dev; /* 0 8 */ short unsigned int __pad1; /* 8 2 */ /* XXX 2 bytes hole, try to pack */ long unsigned int st_ino; /* 12 4 */ unsigned int st_mode; /* 16 4 */ unsigned int st_nlink; /* 20 4 */ unsigned int st_uid; /* 24 4 */ unsigned int st_gid; /* 28 4 */ long long unsigned int st_rdev; /* 32 8 */ short unsigned int __pad2; /* 40 2 */ /* XXX 2 bytes hole, try to pack */ long int st_size; /* 44 4 */ long int st_blksize; /* 48 4 */ long int st_blocks; /* 52 4 */ struct timespec st_atim; /* 56 8 */ /* --- cacheline 1 boundary (64 bytes) --- */ struct timespec st_mtim; /* 64 8 */ struct timespec st_ctim; /* 72 8 */ long unsigned int __unused4; /* 80 4 */ long unsigned int __unused5; /* 84 4 */ /* size: 88, cachelines: 2 */ /* sum members: 84, holes: 2, sum holes: 4 */ /* last cacheline: 24 bytes */ }; /* definitions: 3 */ struct timespec { long int tv_sec; /* 0 4 */ long int tv_nsec; /* 4 4 */ /* size: 8, cachelines: 1 */ /* last cacheline: 8 bytes */ }; /* definitions: 4 */ struct test_func { char * name; /* 0 4 */ ==3879== Invalid read of size 1 ==3879== at 0x40245C2: strncpy (mc_replace_strmem.c:291) ==3879== by 0x8052589: tag__name (in /usr/bin/pahole) ==3879== by 0x80529E8: ftype__fprintf (in /usr/bin/pahole) ==3879== by 0x8054DBA: (within /usr/bin/pahole) ==3879== by 0x8053E0E: class__fprintf (in /usr/bin/pahole) ==3879== by 0x80538A9: tag__fprintf (in /usr/bin/pahole) ==3879== by 0x804EC74: (within /usr/bin/pahole) ==3879== by 0x804E6C5: main (in /usr/bin/pahole) ==3879== Address 0x0 is not stack'd, malloc'd or (recently) free'd ==3879== ==3879== Process terminating with default action of signal 11 (SIGSEGV) ==3879== Access not within mapped region at address 0x0 ==3879== at 0x40245C2: strncpy (mc_replace_strmem.c:291) ==3879== by 0x8052589: tag__name (in /usr/bin/pahole) ==3879== by 0x80529E8: ftype__fprintf (in /usr/bin/pahole) ==3879== by 0x8054DBA: (within /usr/bin/pahole) ==3879== by 0x8053E0E: class__fprintf (in /usr/bin/pahole) ==3879== by 0x80538A9: tag__fprintf (in /usr/bin/pahole) ==3879== by 0x804EC74: (within /usr/bin/pahole) ==3879== by 0x804E6C5: main (in /usr/bin/pahole) ==3879== ==3879== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 13 from 1) ==3879== ==3879== 1 errors in context 1 of 1: ==3879== Invalid read of size 1 ==3879== at 0x40245C2: strncpy (mc_replace_strmem.c:291) ==3879== by 0x8052589: tag__name (in /usr/bin/pahole) ==3879== by 0x80529E8: ftype__fprintf (in /usr/bin/pahole) ==3879== by 0x8054DBA: (within /usr/bin/pahole) ==3879== by 0x8053E0E: class__fprintf (in /usr/bin/pahole) ==3879== by 0x80538A9: tag__fprintf (in /usr/bin/pahole) ==3879== by 0x804EC74: (within /usr/bin/pahole) ==3879== by 0x804E6C5: main (in /usr/bin/pahole) ==3879== Address 0x0 is not stack'd, malloc'd or (recently) free'd --3879-- --3879-- supp: 13 dl-hack3-cond-1 ==3879== ==3879== IN SUMMARY: 1 errors from 1 contexts (suppressed: 13 from 1) ==3879== ==3879== malloc/free: in use at exit: 461,951 bytes in 8,203 blocks. ==3879== malloc/free: 9,042 allocs, 839 frees, 846,074 bytes allocated. ==3879== ==3879== searching for pointers to 8,203 not-freed blocks. ==3879== checked 502,664 bytes. ==3879== ==3879== LEAK SUMMARY: ==3879== definitely lost: 0 bytes in 0 blocks. ==3879== possibly lost: 0 bytes in 0 blocks. ==3879== still reachable: 461,951 bytes in 8,203 blocks. ==3879== suppressed: 0 bytes in 0 blocks. ==3879== Rerun with --leak-check=full to see details of leaked memory. --3879-- memcheck: sanity checks: 108 cheap, 6 expensive --3879-- memcheck: auxmaps: 0 auxmap entries (0k, 0M) in use --3879-- memcheck: auxmaps_L1: 0 searches, 0 cmps, ratio 0:10 --3879-- memcheck: auxmaps_L2: 0 searches, 0 nodes --3879-- memcheck: SMs: n_issued = 34 (544k, 0M) --3879-- memcheck: SMs: n_deissued = 7 (112k, 0M) --3879-- memcheck: SMs: max_noaccess = 65535 (1048560k, 1023M) --3879-- memcheck: SMs: max_undefined = 4 (64k, 0M) --3879-- memcheck: SMs: max_defined = 32 (512k, 0M) --3879-- memcheck: SMs: max_non_DSM = 30 (480k, 0M) --3879-- memcheck: max sec V bit nodes: 16384 (832k, 0M) --3879-- memcheck: set_sec_vbits8 calls: 36402 (new: 16639, updates: 19763) --3879-- memcheck: max shadow mem size: 1616k, 1M --3879-- translate: fast SP updates identified: 4,397 ( 85.9%) --3879-- translate: generic_known SP updates identified: 473 ( 9.2%) --3879-- translate: generic_unknown SP updates identified: 244 ( 4.7%) --3879-- tt/tc: 11,889 tt lookups requiring 12,995 probes --3879-- tt/tc: 11,889 fast-cache updates, 2 flushes --3879-- transtab: new 4,219 (92,224 -> 1,340,091; ratio 145:10) [0 scs] --3879-- transtab: dumped 0 (0 -> ??) --3879-- transtab: discarded 0 (0 -> ??) --3879-- scheduler: 10,848,860 jumps (bb entries). --3879-- scheduler: 108/17,809 major/minor sched events. --3879-- sanity: 109 cheap, 6 expensive checks. --3879-- exectx: 1,543 lists, 921 contexts (avg 0 per list) --3879-- exectx: 9,895 searches, 9,528 full compares (962 per 1000) --3879-- exectx: 0 cmp2, 39 cmp4, 0 cmpAll --3879-- errormgr: 9 supplist searches, 179 comparisons during search --3879-- errormgr: 14 errlist searches, 47 comparisons during search Segmentation fault
t...@sedell05:~/source/stm/cpp/taglibc/tdz/tests$ gdb --args /usr/bin/pahole ./test GNU gdb 6.8-debian Copyright (C) 2008 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "i486-linux-gnu"... (no debugging symbols found) (gdb) r Starting program: /usr/bin/pahole ./test (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) struct sys_fdio_event_data { int fildes; /* 0 4 */ long unsigned int cookie; /* 4 4 */ /* size: 8, cachelines: 1 */ /* last cacheline: 8 bytes */ }; /* definitions: 6 */ struct stream_write { struct stream_cookie * cookie; /* 0 4 */ char * buf; /* 4 4 */ unsigned int siz; /* 8 4 */ /* size: 12, cachelines: 1 */ /* last cacheline: 12 bytes */ }; /* definitions: 2 */ struct timeval { long int tv_sec; /* 0 4 */ long int tv_usec; /* 4 4 */ /* size: 8, cachelines: 1 */ /* last cacheline: 8 bytes */ }; /* definitions: 1 */ struct stat { long long unsigned int st_dev; /* 0 8 */ short unsigned int __pad1; /* 8 2 */ /* XXX 2 bytes hole, try to pack */ long unsigned int st_ino; /* 12 4 */ unsigned int st_mode; /* 16 4 */ unsigned int st_nlink; /* 20 4 */ unsigned int st_uid; /* 24 4 */ unsigned int st_gid; /* 28 4 */ long long unsigned int st_rdev; /* 32 8 */ short unsigned int __pad2; /* 40 2 */ /* XXX 2 bytes hole, try to pack */ long int st_size; /* 44 4 */ long int st_blksize; /* 48 4 */ long int st_blocks; /* 52 4 */ struct timespec st_atim; /* 56 8 */ /* --- cacheline 1 boundary (64 bytes) --- */ struct timespec st_mtim; /* 64 8 */ struct timespec st_ctim; /* 72 8 */ long unsigned int __unused4; /* 80 4 */ long unsigned int __unused5; /* 84 4 */ /* size: 88, cachelines: 2 */ /* sum members: 84, holes: 2, sum holes: 4 */ /* last cacheline: 24 bytes */ }; /* definitions: 3 */ struct timespec { long int tv_sec; /* 0 4 */ long int tv_nsec; /* 4 4 */ /* size: 8, cachelines: 1 */ /* last cacheline: 8 bytes */ }; /* definitions: 4 */ struct test_func { char * name; /* 0 4 */ Program received signal SIGSEGV, Segmentation fault. 0xb7e7e6d9 in strncpy () from /lib/i686/cmov/libc.so.6 (gdb) bt #0 0xb7e7e6d9 in strncpy () from /lib/i686/cmov/libc.so.6 #1 0x0805258a in tag__name () #2 0x080529e9 in ftype__fprintf () #3 0x08054dbb in ?? () #4 0x09bdfc30 in ?? () #5 0x09b65e38 in ?? () #6 0x09b7a738 in ?? () #7 0x00000000 in ?? () (gdb)
