https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61236
Bug ID: 61236 Summary: GCC 4.9 generates incorrect object code Product: gcc Version: 4.9.1 Status: UNCONFIRMED Severity: normal Priority: P3 Component: c Assignee: unassigned at gcc dot gnu.org Reporter: muks at banu dot com Hi all This is a bug report from the BIND DNS project team at ISC.org. We have a report to make of buggy code generated with GCC 4.9.0, and we request a C compiler developer to take a look. For the purpose of this ticket, you will have to look at source code. All code mentioned here is under the ISC license (free software license equivalent to MIT license). I have not been successful in making an isolated testcase, but I'll instead describe our analysis. The bug first was reported a few days ago on the Arch Linux bug tracker against BIND 9.10.0: https://bugs.archlinux.org/task/40304 They had recently switched the system gcc compiler to: gcc version 4.9.1 20140507 (prerelease) (GCC) and built the BIND package with this compiler. We had not seen such a crash on any of our builders or even our development environments. When we looked at it, it was an assertion being triggered in code that is similar to this: ---- void crashing_function(void) { /* some code */ if (some_condition) { goto free_and_exit; } /* some more code */ free_and_exit: if (ptr != NULL) { internal_mem_free(ptr, sizeof_ptr); } } void internal_mem_free(void *ptr, size_t size) { assert(ptr != NULL); UNUSED(size); free(ptr); } ---- >From the above, it is obvious that the assertion inside internal_mem_free() cannot fail. Yet this is what is happening and is the bug. You can find the code in question here: ftp://ftp.isc.org/isc/bind9/9.10.0-P1/bind-9.10.0-P1.tar.gz Open dns_rdataslab_fromrdataset()'s definition in lib/dns/rdataslab.c. It has the following code at the end of the function: ---- free_rdatas: if (x != NULL) isc_mem_put(mctx, x, nalloc * sizeof(struct xrdata)); return (result); } ---- The isc__mem_put() function [called by isc_mem_put() macro] asserts that x is not NULL as a prerequisite, and this assertion fails. The bug has also been reported on other operating systems such as LFS and also Fedora 20 with a locally built GCC 4.9. If you need any help in compiling the BIND tree, please ask us via email, or in #bind on irc.freenode.net, but it should be as simple as ./configure && make. Running the 'dnssec' system test will reproduce the assertion failure. If you want help on running the test too, please ask. To run the system test after successful configure and make, you'll have to run (as root): # sh bin/tests/system/ifconfig.sh up to setup local interface addresses that the tests use. Then (as a user): $ cd bin/tests/system/ $ #ulimit -c unlimited # if necessary, to dump core $ sh ./run.sh dnssec Core files should be inside bin/tests/system/dnssec/ tree after the assertion fails. I'll follow up with an analysis of the generated x86_64 object code for dns_rdataslab_fromrdataset() from our internal bug tracker that points out the bug in generated object code.