Bug#757835: nfs-kernel-server: after update 1.2.8-6-1.2.8-8 rpc.mountd starts crashing
Package: nfs-kernel-server Version: 1:1.2.8-6 Followup-For: Bug #757835 Dear Maintainer, I got segfaults too, below are the last working versions, anything newer segfaults, whether I upgrade libtirpc1 or nfs-kernel-server. For those who need quick fix/workaround: deb http://snapshot.debian.org/archive/debian/20140808/ unstable main contrib non-free ... and downgrade to libtirpc1 0.2.4-1 and nfs-kernel-server 1:1.2.8-6. Have a nice day! -- Package-specific info: -- rpcinfo -- program vers proto port service 104 tcp111 portmapper 103 tcp111 portmapper 102 tcp111 portmapper 104 udp111 portmapper 103 udp111 portmapper 102 udp111 portmapper 1000241 udp 8 status 1000241 tcp 56008 status 132 tcp 2049 nfs 133 tcp 2049 nfs 134 tcp 2049 nfs 1002272 tcp 2049 1002273 tcp 2049 132 udp 2049 nfs 133 udp 2049 nfs 134 udp 2049 nfs 1002272 udp 2049 1002273 udp 2049 1000211 udp 34725 nlockmgr 1000213 udp 34725 nlockmgr 1000214 udp 34725 nlockmgr 1000211 tcp 34779 nlockmgr 1000213 tcp 34779 nlockmgr 1000214 tcp 34779 nlockmgr 151 udp 47250 mountd 151 tcp 48360 mountd 152 udp 54973 mountd 152 tcp 60512 mountd 153 udp 39291 mountd 153 tcp 34776 mountd -- /etc/default/nfs-kernel-server -- RPCNFSDCOUNT=8 RPCNFSDPRIORITY=0 RPCMOUNTDOPTS=--manage-gids NEED_SVCGSSD= RPCSVCGSSDOPTS= -- System Information: Debian Release: 7.6 APT prefers stable APT policy: (750, 'stable'), (600, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 3.4-trunk-686-pae (SMP w/4 CPU cores) Locale: LANG=cs_CZ.utf8, LC_CTYPE=cs_CZ.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages nfs-kernel-server depends on: ii libblkid1 2.20.1-5.3 ii libc6 2.19-7 ii libcap2 1:2.22-1.2 ii libgssglue1 0.4-2 ii libsqlite3-0 3.8.5-2 ii libtirpc1 0.2.4-1 ii libwrap0 7.6.q-25 ii lsb-base 4.1+Debian13 ii nfs-common1:1.2.8-6 ii ucf 3.0030 nfs-kernel-server recommends no packages. nfs-kernel-server suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140812120528.8051.88385.reportbug@localhost
Bug#757835: nfs-kernel-server: after update 1.2.8-6-1.2.8-8 rpc.mountd starts crashing
Control: reassign -1 gcc-4.9,nfs-kernel-server Control: found -1 nfs-kernel-server/1.2.8-8 Control: found -1 gcc-4.9/4.9.1 On Mon, Aug 11, 2014 at 12:54:00PM -0700, Petr Vandrovec wrote: amd64. I think it affects all architectures. In case you want to follow-up, attached is minimum testcase I could come up with. It crashes with gcc-4.9 and -O2. No crash with gcc-4.8, or at -O1. $gcc-4.9 -W -Wall -O2 client.c ./a.out Segmentation fault $gcc-4.8 -W -Wall -O2 client.c ./a.out $gcc-4.9 -W -Wall -O1 client.c ./a.out $ Thanks. Matthias, could you please have a look at the below test case? We have a regression in the latest nfs-kernel-server build, which appears to be caused by a gcc-4.9 bug. Should I work around this in nfs-utils, or is a quick fix possible in gcc-4.9? char buf[100]; void add_name(char *old) { char *cp = old; while (cp *cp) { cp++; } __builtin_strncpy(buf, old, cp-old); if (cp != old) { buf[0] = 'Q'; } if (cp *cp) { buf[0] = 'Q'; } } int main(void) { add_name(0); return 0; } -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developerhttp://www.debian.org/ slanga...@ubuntu.com vor...@debian.org signature.asc Description: Digital signature
Processed: Re: Bug#757835: nfs-kernel-server: after update 1.2.8-6-1.2.8-8 rpc.mountd starts crashing
Processing control commands: reassign -1 gcc-4.9,nfs-kernel-server Bug #757835 [nfs-kernel-server] nfs-kernel-server: after update 1.2.8-6-1.2.8-8 rpc.mountd starts crashing Bug reassigned from package 'nfs-kernel-server' to 'gcc-4.9,nfs-kernel-server'. No longer marked as found in versions nfs-utils/1:1.2.8-8 and nfs-utils/1:1.2.8-6. Ignoring request to alter fixed versions of bug #757835 to the same values previously set found -1 nfs-kernel-server/1.2.8-8 Bug #757835 [gcc-4.9,nfs-kernel-server] nfs-kernel-server: after update 1.2.8-6-1.2.8-8 rpc.mountd starts crashing The source nfs-kernel-server and version 1.2.8-8 do not appear to match any binary packages Marked as found in versions nfs-kernel-server/1.2.8-8. found -1 gcc-4.9/4.9.1 Bug #757835 [gcc-4.9,nfs-kernel-server] nfs-kernel-server: after update 1.2.8-6-1.2.8-8 rpc.mountd starts crashing The source gcc-4.9 and version 4.9.1 do not appear to match any binary packages Marked as found in versions gcc-4.9/4.9.1. -- 757835: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=757835 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/handler.s.b757835.1407859548495.transcr...@bugs.debian.org
Bug#757835: nfs-kernel-server: after update 1.2.8-6-1.2.8-8 rpc.mountd starts crashing
Am 12.08.2014 um 18:05 schrieb Steve Langasek: Control: reassign -1 gcc-4.9,nfs-kernel-server Control: found -1 nfs-kernel-server/1.2.8-8 Control: found -1 gcc-4.9/4.9.1 On Mon, Aug 11, 2014 at 12:54:00PM -0700, Petr Vandrovec wrote: amd64. I think it affects all architectures. In case you want to follow-up, attached is minimum testcase I could come up with. It crashes with gcc-4.9 and -O2. No crash with gcc-4.8, or at -O1. $gcc-4.9 -W -Wall -O2 client.c ./a.out Segmentation fault $gcc-4.8 -W -Wall -O2 client.c ./a.out $gcc-4.9 -W -Wall -O1 client.c ./a.out $ Thanks. Matthias, could you please have a look at the below test case? We have a regression in the latest nfs-kernel-server build, which appears to be caused by a gcc-4.9 bug. Should I work around this in nfs-utils, or is a quick fix possible in gcc-4.9? char buf[100]; void add_name(char *old) { char *cp = old; while (cp *cp) { cp++; } if (old) __builtin_strncpy(buf, old, cp-old); if (cp != old) { buf[0] = 'Q'; } if (cp *cp) { buf[0] = 'Q'; } } int main(void) { add_name(0); return 0; } guard the strncpy. I did see a similar issue like this (can't find it anymore), and the recommendation was to guard the strncpy. -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/53ea45ae.3030...@debian.org
Bug#757835: nfs-kernel-server: after update 1.2.8-6-1.2.8-8 rpc.mountd starts crashing
On Tue, 2014-08-12 at 19:23 +0100, Ben Hutchings wrote: On Tue, 2014-08-12 at 09:05 -0700, Steve Langasek wrote: [...] Matthias, could you please have a look at the below test case? We have a regression in the latest nfs-kernel-server build, which appears to be caused by a gcc-4.9 bug. Should I work around this in nfs-utils, or is a quick fix possible in gcc-4.9? char buf[100]; void add_name(char *old) { char *cp = old; while (cp *cp) { cp++; } __builtin_strncpy(buf, old, cp-old); [...] So far as I know (haven't checked the latest standard), pointer subtraction has undefined behaviour unless both operands point into (or one beyond) the same array. As this is not true of null pointers, the compiler may infer that old can't be null, so cp can't be null, so there is no need to check whether it is. I.e. this is a bug in nfs-utils, not the compiler. By the way, in case there are similar bugs elsewhere in nfs-utils, it may be sensible to work around this with the compiler option -fno-delete-null-pointer-checks. Ben. -- Ben Hutchings Humans are not rational beings; they are rationalising beings. signature.asc Description: This is a digitally signed message part
Bug#757835: nfs-kernel-server: after update 1.2.8-6-1.2.8-8 rpc.mountd starts crashing
On Tue, 2014-08-12 at 09:05 -0700, Steve Langasek wrote: [...] Matthias, could you please have a look at the below test case? We have a regression in the latest nfs-kernel-server build, which appears to be caused by a gcc-4.9 bug. Should I work around this in nfs-utils, or is a quick fix possible in gcc-4.9? char buf[100]; void add_name(char *old) { char *cp = old; while (cp *cp) { cp++; } __builtin_strncpy(buf, old, cp-old); [...] So far as I know (haven't checked the latest standard), pointer subtraction has undefined behaviour unless both operands point into (or one beyond) the same array. As this is not true of null pointers, the compiler may infer that old can't be null, so cp can't be null, so there is no need to check whether it is. I.e. this is a bug in nfs-utils, not the compiler. Ben. -- Ben Hutchings Humans are not rational beings; they are rationalising beings. signature.asc Description: This is a digitally signed message part
Bug#757835: nfs-kernel-server: after update 1.2.8-6-1.2.8-8 rpc.mountd starts crashing
On 2014-08-12 20:23 +0200, Ben Hutchings wrote: On Tue, 2014-08-12 at 09:05 -0700, Steve Langasek wrote: [...] Matthias, could you please have a look at the below test case? We have a regression in the latest nfs-kernel-server build, which appears to be caused by a gcc-4.9 bug. Should I work around this in nfs-utils, or is a quick fix possible in gcc-4.9? char buf[100]; void add_name(char *old) { char *cp = old; while (cp *cp) { cp++; } __builtin_strncpy(buf, old, cp-old); [...] So far as I know (haven't checked the latest standard), pointer subtraction has undefined behaviour unless both operands point into (or one beyond) the same array. As this is not true of null pointers, the compiler may infer that old can't be null, so cp can't be null, so there is no need to check whether it is. This is true in C, unfortunately. However… I.e. this is a bug in nfs-utils, not the compiler. …Petr's example program crashes even when compiled with g++-4.9, and in C++ subtracting two null pointers is valid, yielding zero. Cheers, Sven -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/874mxhmtbw@turtle.gmx.de
Bug#757835: nfs-kernel-server: after update 1.2.8-6-1.2.8-8 rpc.mountd starts crashing
Package: nfs-kernel-server Version: 1:1.2.8-8 Followup-For: Bug #757835 -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 This bug is already fixed in upstream (included since 1.3.1-rc2): http://git.linux-nfs.org/?p=steved/nfs-utils.git;a=commit;h=25e83c2270b2d2966c992885faed0b79be09f474 -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCgAGBQJT6nbsAAoJEGlMre9Rx7W2L44P+wSVHGZkD63Xgz7irAfiSePT crwAzvf8qy3YAzYwZvpvM3Q7q+on61DPWAJ7ESEc7cj6KQa/IS5lUYgBety2uAsk loi+mxXdV9RaIEY51xcyFl9tTdRJ+cK1cnbmwC5J9thcVM3cUbGdPWCvLz4wHfaS adUQuh+Zxi6vdO8Vxj1AjeADRwgg52uEfwLnhUjO8N1sduuwxwu51jADJSFhZCEj D+EZHTcSBZ34pXRq4gSTWQJIVmB8JUWmkPuizLVIwL3NUZa3H/b8lvkVfyOaYUsq ObplyM2gM0EfyFPL12nfHQ3CbKqJp/pWIj2T0I3RCwLGXWplFabQXBPFzJSLLNJI hDAi1h5ThtyLv//iZxSnrmZkTwJqyTclxx5ZFYDdcCsU4kuqNQuypq2+NqPtA8kk yiKzXrhOhlBMowEc674vch5GPdLNGamakziWcDFIQL9xg2e8rmxokmTulEeZkWcS F3L5UJohB5MeRrlK5N0u2y7ADi0Ie0+ZI97i/dmWdp3zY2AQiup5VETKCw4KmCUA y0lM8qtXB8DWI6+m0AIfyC7DOnrTgeaKOtZlRRxHcTaXc055r/+oh2TxR0ztp5+5 GUVNoAqcqWcIErn55PZkrHDFJZ8fcDqJaAEF1cvJ3YOPbkJT5D2sEdE5lP3r6BPe wizkDvwmWCW9r07rK4wt =p/T8 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140812202000.28480.95548.reportbug@kashyyyk.local
Bug#757835: nfs-kernel-server: after update 1.2.8-6-1.2.8-8 rpc.mountd starts crashing
On Tue, 2014-08-12 at 20:54 +0200, Sven Joachim wrote: On 2014-08-12 20:23 +0200, Ben Hutchings wrote: On Tue, 2014-08-12 at 09:05 -0700, Steve Langasek wrote: [...] Matthias, could you please have a look at the below test case? We have a regression in the latest nfs-kernel-server build, which appears to be caused by a gcc-4.9 bug. Should I work around this in nfs-utils, or is a quick fix possible in gcc-4.9? char buf[100]; void add_name(char *old) { char *cp = old; while (cp *cp) { cp++; } __builtin_strncpy(buf, old, cp-old); [...] So far as I know (haven't checked the latest standard), pointer subtraction has undefined behaviour unless both operands point into (or one beyond) the same array. As this is not true of null pointers, the compiler may infer that old can't be null, so cp can't be null, so there is no need to check whether it is. This is true in C, unfortunately. However… I.e. this is a bug in nfs-utils, not the compiler. …Petr's example program crashes even when compiled with g++-4.9, and in C++ subtracting two null pointers is valid, yielding zero. Ah, I wasn't aware of that difference. The compiler might then be relying on the source argument to __builtin_strncpy() being non-null. The standard says that the pointer arguments must be pointers to arrays, which seems to make this a valid assumption. However, I suspect many programs depend on 'copying' 0 characters to or from NULL being a safe no-op (I've probably done it myself in the past). It's probably a bad idea for the compiler to assume programs don't do that. Ben. -- Ben Hutchings Humans are not rational beings; they are rationalising beings. signature.asc Description: This is a digitally signed message part
Bug#757835: nfs-kernel-server: after update 1.2.8-6-1.2.8-8 rpc.mountd starts crashing
Package: nfs-kernel-server Version: 1:1.2.8-8 Severity: normal Dear Maintainer, Here is snippet from /var/log/messages of my nfs-server: Aug 11 20:54:05 muikku kernel: [12322.241131] NFSD: Using /var/lib/nfs/v4recovery as the NFSv4 state recovery directory Aug 11 20:54:05 muikku kernel: [12322.241875] NFSD: starting 90-second grace period (net c15dd380) Aug 11 20:54:14 muikku kernel: [12331.154343] rpc.mountd[12851]: segfault at 0 ip 0804ffb6 sp bfb01150 error 4 in rpc.mountd[8048000+19000] naturally shares fail to get mounted on client boxes. My network interfaces are like this: # /etc/network/interfaces -- configuration file for ifup(8), ifdown(8) # The loopback interface auto lo eth3 eth5 iface lo inet loopback # The first network card - this entry was created during the Debian installation # (network, broadcast and gateway are optional) iface eth5 inet static address 10.0.2.31 netmask 255.255.255.0 network 10.0.2.0 broadcast 10.0.2.255 gateway 10.0.2.15 iface eth3 inet static address 83.145.224.120 netmask 255.255.255.192 gateway 83.145.224.126 -- Package-specific info: -- rpcinfo -- program vers proto port service 104 tcp111 portmapper 103 tcp111 portmapper 102 tcp111 portmapper 104 udp111 portmapper 103 udp111 portmapper 102 udp111 portmapper 1000241 udp 59703 status 1000241 tcp 49718 status 132 tcp 2049 nfs 133 tcp 2049 nfs 134 tcp 2049 nfs 1002272 tcp 2049 1002273 tcp 2049 132 udp 2049 nfs 133 udp 2049 nfs 134 udp 2049 nfs 1002272 udp 2049 1002273 udp 2049 1000211 udp 33578 nlockmgr 1000213 udp 33578 nlockmgr 1000214 udp 33578 nlockmgr 1000211 tcp 58476 nlockmgr 1000213 tcp 58476 nlockmgr 1000214 tcp 58476 nlockmgr 151 udp 38809 mountd 151 tcp 60430 mountd 152 udp 34400 mountd 152 tcp 49733 mountd 153 udp 33372 mountd 153 tcp 53894 mountd -- /etc/default/nfs-kernel-server -- RPCNFSDCOUNT=8 RPCNFSDPRIORITY=0 RPCMOUNTDOPTS=--manage-gids NEED_SVCGSSD= RPCSVCGSSDOPTS= -- /etc/exports -- /u fisuvaan(rw,async,subtree_check,no_auth_nlm) 10.0.2.15(rw,subtree_check,no_auth_nlm) /home fisuvaan(rw,async,subtree_check,no_auth_nlm) 10.0.2.15(rw,subtree_check,no_auth_nlm) /var/mail fisuvaan(rw,subtree_check,no_auth_nlm) 10.0.2.15(rw,subtree_check,no_auth_nlm) /opt/ltsp *(ro,no_root_squash,async,no_subtree_check) -- /proc/fs/nfs/exports -- # Version 1.1 # Path Client(Flags) # IPs -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 3.14-2-686-pae (SMP w/1 CPU core) Locale: LANG=fi_FI.UTF-8, LC_CTYPE=fi_FI.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages nfs-kernel-server depends on: ii libblkid1 2.20.1-5.8 ii libc6 2.19-7 ii libcap2 1:2.24-4 ii libsqlite3-0 3.8.5-2 ii libtirpc1 0.2.4-2.1 ii libwrap0 7.6.q-25 ii lsb-base 4.1+Debian13 ii nfs-common1:1.2.8-8 ii ucf 3.0030 nfs-kernel-server recommends no packages. nfs-kernel-server suggests no packages. -- Configuration Files: /etc/default/nfs-kernel-server changed: RPCNFSDCOUNT=8 RPCNFSDPRIORITY=0 RPCMOUNTDOPTS=--manage-gids NEED_SVCGSSD= RPCSVCGSSDOPTS= /etc/exports changed: /u fisuvaan(rw,async,subtree_check,no_auth_nlm) 10.0.2.15(rw,subtree_check,no_auth_nlm) /home fisuvaan(rw,async,subtree_check,no_auth_nlm) 10.0.2.15(rw,subtree_check,no_auth_nlm) /var/mail fisuvaan(rw,subtree_check,no_auth_nlm) 10.0.2.15(rw,subtree_check,no_auth_nlm) /opt/ltsp *(ro,no_root_squash,async,no_subtree_check) -- no debconf information -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140811180433.13056.76611.report...@muikku.katiska.org
Bug#757835: nfs-kernel-server: after update 1.2.8-6-1.2.8-8 rpc.mountd starts crashing
Control: severity -1 grave On 2014-08-11 20:04 +0200, Antti Järvinen wrote: Package: nfs-kernel-server Version: 1:1.2.8-8 Severity: normal Dear Maintainer, Here is snippet from /var/log/messages of my nfs-server: Aug 11 20:54:05 muikku kernel: [12322.241131] NFSD: Using /var/lib/nfs/v4recovery as the NFSv4 state recovery directory Aug 11 20:54:05 muikku kernel: [12322.241875] NFSD: starting 90-second grace period (net c15dd380) Aug 11 20:54:14 muikku kernel: [12331.154343] rpc.mountd[12851]: segfault at 0 ip 0804ffb6 sp bfb01150 error 4 in rpc.mountd[8048000+19000] naturally shares fail to get mounted on client boxes. Same here, and since this renders nfs-kernel-server pretty much useless, I'm bumping the severity. Cheers, Sven -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87y4uunauu@turtle.gmx.de
Processed: Re: Bug#757835: nfs-kernel-server: after update 1.2.8-6-1.2.8-8 rpc.mountd starts crashing
Processing control commands: severity -1 grave Bug #757835 [nfs-kernel-server] nfs-kernel-server: after update 1.2.8-6-1.2.8-8 rpc.mountd starts crashing Severity set to 'grave' from 'normal' -- 757835: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=757835 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/handler.s.b757835.140778145927682.transcr...@bugs.debian.org
Bug#757835: nfs-kernel-server: after update 1.2.8-6-1.2.8-8 rpc.mountd starts crashing
Hi, it seems to be gcc bug. For inexplicable reason compiler optimized 'if (cp *cp)' to just 'if (*cp)' :-( Changing 'char *cp' to 'char * volatile cp' at line 468 in support/export/client.c is enough to explain to gcc that it has no idea what it is doing, and fixes the crash. I think that after code does 'strncpy(new, old, cp-old)' or 'new[cp-old] = 0' or 'if (cp != old *cp)' compiler believes 'cp' cannot be NULL, forgetting that both 'cp' and 'old' could have been NULL, making these expressions valid for NULL cp. Petr nfsworkaround.patch Description: Binary data
Bug#757835: nfs-kernel-server: after update 1.2.8-6-1.2.8-8 rpc.mountd starts crashing
On Mon, Aug 11, 2014 at 11:49:16AM -0700, Petr Vandrovec wrote: Hi, it seems to be gcc bug. For inexplicable reason compiler optimized 'if (cp *cp)' to just 'if (*cp)' :-( Changing 'char *cp' to 'char * volatile cp' at line 468 in support/export/client.c is enough to explain to gcc that it has no idea what it is doing, and fixes the crash. I think that after code does 'strncpy(new, old, cp-old)' or 'new[cp-old] = 0' or 'if (cp != old *cp)' compiler believes 'cp' cannot be NULL, forgetting that both 'cp' and 'old' could have been NULL, making these expressions valid for NULL cp. Are you seeing this problem on i386 (like the original submitter), or do you see this problem on a different architecture? (If it's a compiler problem, this will be relevant to getting it fixed properly.) -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developerhttp://www.debian.org/ slanga...@ubuntu.com vor...@debian.org signature.asc Description: Digital signature
Bug#757835: nfs-kernel-server: after update 1.2.8-6-1.2.8-8 rpc.mountd starts crashing
amd64. I think it affects all architectures. In case you want to follow-up, attached is minimum testcase I could come up with. It crashes with gcc-4.9 and -O2. No crash with gcc-4.8, or at -O1. $gcc-4.9 -W -Wall -O2 client.c ./a.out Segmentation fault $gcc-4.8 -W -Wall -O2 client.c ./a.out $gcc-4.9 -W -Wall -O1 client.c ./a.out $ Petr On Mon, Aug 11, 2014 at 12:15 PM, Steve Langasek vor...@debian.org wrote: On Mon, Aug 11, 2014 at 11:49:16AM -0700, Petr Vandrovec wrote: Hi, it seems to be gcc bug. For inexplicable reason compiler optimized 'if (cp *cp)' to just 'if (*cp)' :-( Changing 'char *cp' to 'char * volatile cp' at line 468 in support/export/client.c is enough to explain to gcc that it has no idea what it is doing, and fixes the crash. I think that after code does 'strncpy(new, old, cp-old)' or 'new[cp-old] = 0' or 'if (cp != old *cp)' compiler believes 'cp' cannot be NULL, forgetting that both 'cp' and 'old' could have been NULL, making these expressions valid for NULL cp. Are you seeing this problem on i386 (like the original submitter), or do you see this problem on a different architecture? (If it's a compiler problem, this will be relevant to getting it fixed properly.) -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developerhttp://www.debian.org/ slanga...@ubuntu.com vor...@debian.org char buf[100]; void add_name(char *old) { char *cp = old; while (cp *cp) { cp++; } __builtin_strncpy(buf, old, cp-old); if (cp != old) { buf[0] = 'Q'; } if (cp *cp) { buf[0] = 'Q'; } } int main(void) { add_name(0); return 0; }