To reproduce the bug, get MPFR trunk, compile with CC=g++ (with or without optimizations) and make check. The crash occurs on tprintf (and tsprintf and tfprintf). I could reproduce it with both g++-4.2 (GCC) 4.2.4 (Debian 4.2.4-2) g++.real (Debian 4.3.1-1) 4.3.1
No problem with gcc. (gdb) run Starting program: /home/vlefevre/software/mpfr/tests/.libs/lt-tprintf Program received signal SIGILL, Illegal instruction. 0x00007f65b27c5556 in __gmpfr_vasprintf (ptr=0x7fffbac424b0, fmt=0x404de4 "A, b. %Fe, c. %i%zn\n", ap=0x7fffbac424f0) at vasprintf.c:1845 1845 ++fmt; Current language: auto; currently c++ (gdb) bt #0 0x00007f65b27c5556 in __gmpfr_vasprintf (ptr=0x7fffbac424b0, fmt=0x404de4 "A, b. %Fe, c. %i%zn\n", ap=0x7fffbac424f0) at vasprintf.c:1845 #1 0x00007f65b27c1671 in __gmpfr_vprintf ( fmt=0x404dde "a. %R*A, b. %Fe, c. %i%zn\n", ap=0x7fffbac424f0) at printf.c:85 #2 0x00000000004028f4 in check_vprintf ( fmt=0x404dde "a. %R*A, b. %Fe, c. %i%zn\n") at tprintf.c:67 #3 0x0000000000402c27 in check_mixed () at tprintf.c:192 #4 0x000000000040312b in main (argc=1, argv=0x7fffbac427d8) at tprintf.c:361 And with valgrind: vin:...ftware/mpfr/tests> ./tprintf.vg ==19537== Memcheck, a memory error detector. ==19537== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al. ==19537== Using LibVEX rev 1804, a library for dynamic binary translation. ==19537== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP. ==19537== Using valgrind-3.3.0-Debian, a dynamic binary instrumentation framework. ==19537== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al. ==19537== For more details, rerun with: -v ==19537== vex amd64->IR: unhandled instruction bytes: 0xF 0xB 0x48 0x83 ==19537== valgrind: Unrecognised instruction at address 0x4E46556. ==19537== Your program just tried to execute an instruction that Valgrind ==19537== did not recognise. There are two possible reasons for this. ==19537== 1. Your program has a bug and erroneously jumped to a non-code ==19537== location. If you are running Memcheck and you just saw a ==19537== warning about a bad jump, it's probably your program's fault. ==19537== 2. The instruction is legitimate but Valgrind doesn't handle it, ==19537== i.e. it's Valgrind's fault. If you think this is the case or ==19537== you are not sure, please let us know and we'll try to fix it. ==19537== Either way, Valgrind will now raise a SIGILL signal which will ==19537== probably kill your program. ==19537== ==19537== Process terminating with default action of signal 4 (SIGILL): dumping core ==19537== Illegal opcode at address 0x4E46556 ==19537== at 0x4E46556: __gmpfr_vasprintf (vasprintf.c:1845) ==19537== by 0x4E42670: __gmpfr_vprintf (printf.c:85) ==19537== by 0x4028F3: check_vprintf(char*, ...) (tprintf.c:67) ==19537== by 0x402C26: check_mixed() (tprintf.c:192) ==19537== by 0x40312A: main (tprintf.c:361) ==19537== ==19537== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 8 from 1) ==19537== malloc/free: in use at exit: 6,832 bytes in 14 blocks. ==19537== malloc/free: 646 allocs, 632 frees, 390,447 bytes allocated. ==19537== For counts of detected errors, rerun with: -v ==19537== searching for pointers to 14 not-freed blocks. ==19537== checked 209,424 bytes. ==19537== ==19537== LEAK SUMMARY: ==19537== definitely lost: 0 bytes in 0 blocks. ==19537== possibly lost: 0 bytes in 0 blocks. ==19537== still reachable: 6,832 bytes in 14 blocks. ==19537== suppressed: 0 bytes in 0 blocks. ==19537== Rerun with --leak-check=full to see details of leaked memory. zsh: illegal hardware instruction ./tprintf.vg -- Summary: g++ generates code with illegal instruction on Pentium D / x86_64 Product: gcc Version: 4.2.4 Status: UNCONFIRMED Severity: major Priority: P3 Component: target AssignedTo: unassigned at gcc dot gnu dot org ReportedBy: vincent at vinc17 dot org http://gcc.gnu.org/bugzilla/show_bug.cgi?id=36484