From: Thomas Rast <trast@student.ethz.ch>
To: Jeff King <peff@peff.net>
Cc: Jongman Heo <jongman.heo@samsung.com>, git <git@vger.kernel.org>,
"Antoine Pelisse" <apelisse@gmail.com>
Subject: Re: Segmentation fault with latest git (070c57df)
Date: Thu, 31 Jan 2013 09:42:07 +0100 [thread overview]
Message-ID: <87wqutvj4w.fsf@pctrast.inf.ethz.ch> (raw)
In-Reply-To: <20130131075511.GB5342@sigill.intra.peff.net> (Jeff King's message of "Thu, 31 Jan 2013 02:55:11 -0500")
Jeff King <peff@peff.net> writes:
> On Thu, Jan 31, 2013 at 07:27:04AM +0000, Jongman Heo wrote:
>
>> FYI, gdb backtrace and valgrind output attached below, Thanks.
>
> Thanks, that's helpful.
>
>> #4 0x0812bda0 in string_list_insert (list=0xbfffe7c0,
>> string=0x821ec3c "refs/remotes/origin/HEAD") at string-list.c:57
>> #5 0x08071838 in add_existing (refname=0x821ec3c "refs/remotes/origin/HEAD",
>> sha1=0x821ec14 "\a\fW\337B\352N\255\314C\320Em\021E`\022C&",
>> <incomplete sequence \303>, flag=1, cbdata=0xbfffe7c0)
>> at builtin/fetch.c:570
>
> So we are inserting the string from add_existing, which gets the list
> from a callback parameter. Which comes from...
>
>> #13 0x0807390a in do_fetch (remote=<value optimized out>, argc=0,
>> argv=0xbfffe9f8) at builtin/fetch.c:699
>
> ...here, which does this:
>
> struct string_list existing_refs = STRING_LIST_INIT_NODUP;
> [...]
> for_each_ref(add_existing, &existing_refs);
>
> And yet we get:
>
>> ==2195== Conditional jump or move depends on uninitialised value(s)
>> ==2195== at 0x812B41F: get_entry_index (string-list.c:10)
>> ==2195== by 0x812BD5F: string_list_insert_at_index (string-list.c:33)
>> ==2195== by 0x812BD9F: string_list_insert (string-list.c:57)
>> ==2195== by 0x8071837: add_existing (fetch.c:570)
>> ==2195== by 0x810AF96: do_one_ref (refs.c:525)
>> ==2195== by 0x810BB20: do_for_each_ref_in_dir (refs.c:551)
>> ==2195== by 0x810BD34: do_for_each_ref_in_dirs (refs.c:623)
>> ==2195== by 0x810BC8D: do_for_each_ref_in_dirs (refs.c:597)
>> ==2195== by 0x810C303: do_for_each_ref (refs.c:1295)
>> ==2195== by 0x810C63A: for_each_ref (refs.c:1343)
>> ==2195== by 0x8073909: fetch_one (fetch.c:699)
>> ==2195== by 0x8074250: cmd_fetch (fetch.c:992)
>
> which seems odd. cmp should be initialized to NULL, and then we never
> touch it (and even if we did, it wouldn't be unitialized, but rather
> have the value we put in it).
>
> It's almost like the compiler is getting the initializer wrong. It's a
> long shot, but I wonder if the presence of the bitfield could be
> triggering a compiler bug (or there is a subtle C rule about bitfield
> initializations that I do not know). Just for the sake of my sanity,
> what does the following program output for you?
>
> -- >8 --
> #include <stdio.h>
> #include <stdlib.h>
>
> typedef int (*compare_fn)(const char *, const char *);
>
> struct foo {
> char **items;
> unsigned int nr, alloc;
> unsigned int bitfield:1;
> compare_fn cmp;
> };
>
> int main(void)
> {
> struct foo f = { NULL, 0, 0, 0 };
> printf("cmp is %lu\n", (unsigned long)f.cmp);
> return 0;
> }
I doubt that would help because that stack region would be 0 anyway due
to kernel initialization of new pages. You'd have to somehow trample
over it first, like below.
Or perhaps something in the build process went wrong, and fetch.c didn't
get the memo about the new field in the struct. Depending on stack
layout, the next variable might be the 'int i' right before the
'string_list list' in the code, which could explain the value of 1.
---- 8< ----
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
typedef int (*compare_fn)(const char *, const char *);
struct foo {
char **items;
unsigned int nr, alloc;
unsigned int bitfield:1;
compare_fn cmp;
};
void scramble()
{
char foo[256];
memset(foo, 0x42, 256);
}
void init()
{
struct foo f = { NULL, 0, 0, 0 };
printf("cmp is %lu\n", (unsigned long)f.cmp);
}
int main(void)
{
scramble();
init();
return 0;
}
next prev parent reply other threads:[~2013-01-31 8:42 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-01-31 7:27 Re: Segmentation fault with latest git (070c57df) Jongman Heo
2013-01-31 7:55 ` Jeff King
2013-01-31 8:42 ` Thomas Rast [this message]
2013-01-31 8:54 ` Jeff King
-- strict thread matches above, loose matches on Subject: below --
2013-02-04 2:18 Re: Re: Re: " Jongman Heo
2013-02-04 3:40 ` Jonathan Nieder
2013-02-01 1:31 허종만
2013-02-01 1:40 ` Junio C Hamano
2013-02-01 6:36 ` Jeff King
2013-02-01 7:06 ` Jeff King
2013-02-01 7:09 ` Jeff King
2013-01-31 1:35 Jongman Heo
2013-01-31 6:49 ` Jeff King
2013-01-31 7:02 ` Antoine Pelisse
2013-01-31 7:35 ` Jeff King
2013-02-04 6:58 ` Jongman Heo
2013-02-04 7:13 ` Junio C Hamano
2013-02-04 8:37 ` Jeff King
2013-02-04 9:16 ` Junio C Hamano
2013-02-04 9:29 ` Junio C Hamano
2013-02-04 9:45 ` Jeff King
2013-02-04 9:38 ` Jeff King
2013-02-04 16:46 ` Junio C Hamano
2013-02-04 18:34 ` Jonathan Nieder
2013-05-15 3:14 ` sam
2013-05-15 3:22 ` sam
2013-05-16 13:12 ` Ramkumar Ramachandra
2013-05-16 13:21 ` Ramkumar Ramachandra
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87wqutvj4w.fsf@pctrast.inf.ethz.ch \
--to=trast@student.ethz.ch \
--cc=apelisse@gmail.com \
--cc=git@vger.kernel.org \
--cc=jongman.heo@samsung.com \
--cc=peff@peff.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).