Ticket #641 (closed bug: fixed)

Opened 13 years ago

Last modified 12 years ago

Crash when loading PIR file

Reported by: jonathand Owned by:
Priority: normal Milestone:
Component: none Version: 1.0.0
Severity: medium Keywords: parrot, malformed, crash
Cc: Language:
Patch status: Platform: linux

Description

Parrot crashes while loading the following file :

.sub main

.local pmc bfdata bfdata = new [0;0;0;0;0;0;0;0;0;0] # <-- 10 zeros

.end

## corresponding backtrace #0 0xb7f32a68 in constant_folding () from /usr/lib/libparrot.so.1.0.0 #1 0xb7f32c98 in e_pbc_emit () from /usr/lib/libparrot.so.1.0.0 #2 0xb7f23750 in emit_flush () from /usr/lib/libparrot.so.1.0.0 #3 0xb7f1da7e in imc_compile_unit () from /usr/lib/libparrot.so.1.0.0 #4 0xb7f1dae8 in imc_close_unit () from /usr/lib/libparrot.so.1.0.0 #5 0xb7f12600 in yyparse () from /usr/lib/libparrot.so.1.0.0 #6 0xb7f1deb0 in compile_to_bytecode () from /usr/lib/libparrot.so.1.0.0 #7 0xb7f1f1a1 in imcc_run () from /usr/lib/libparrot.so.1.0.0 #8 0x08048958 in _start ()

Note that the following is parsed sucessfully : .sub main

.local pmc bfdata bfdata = new [0;0;0;0;0;0;0;0;0] # <-- only 9 zeros here

.end

Change History

Changed 13 years ago by jonathand

(same info with proper formatting, sorry) 

.sub main
  .local pmc bfdata
  bfdata = new [0;0;0;0;0;0;0;0;0;0] # <-- 10 zeros
.end

## corresponding backtrace
#0  0xb7f32a68 in constant_folding () from /usr/lib/libparrot.so.1.0.0
#1  0xb7f32c98 in e_pbc_emit () from /usr/lib/libparrot.so.1.0.0
#2  0xb7f23750 in emit_flush () from /usr/lib/libparrot.so.1.0.0
#3  0xb7f1da7e in imc_compile_unit () from /usr/lib/libparrot.so.1.0.0
#4  0xb7f1dae8 in imc_close_unit () from /usr/lib/libparrot.so.1.0.0
#5  0xb7f12600 in yyparse () from /usr/lib/libparrot.so.1.0.0
#6  0xb7f1deb0 in compile_to_bytecode () from /usr/lib/libparrot.so.1.0.0
#7  0xb7f1f1a1 in imcc_run () from /usr/lib/libparrot.so.1.0.0
#8  0x08048958 in _start ()

.sub main
  .local pmc bfdata
  bfdata = new [0;0;0;0;0;0;0;0;0] # <-- only 9 zeros here
.end

Changed 13 years ago by NotFound

Funny data: if you use the option -d 7000 before the segmentation fault you get: 

code_size(ops) 6  oldsize 0

But adding one more 0 to the key (11 in total), it segfaults without any debug messssage.

Changed 12 years ago by coke

  • status changed from new to closed
  • resolution set to fixed

This appears to be covered by the KEYLEN in compilers/imcc/pbc.c: 

.sub main
  .local pmc bfdata
    bfdata = new [0;0;0;0;0;0;0;0;0;0;0;0] # <-- 10 zeros
    .end

now dies with 

error:imcc:build_key:key too complex increase KEYLEN

        in file 'foo.pir' line 4

but no segfault.

Added a test in r45305.

Changed 12 years ago by bubaflub

  • status changed from closed to reopened
  • resolution fixed deleted

I'm still failing on a clean build on trunk (r45323). 

not ok 18 - over long keys should not segfault (TT \#641)

#   Failed test 'over long keys should not segfault (TT \#641)'
#   at t/compilers/imcc/syn/regressions.t line 231.
#                   ''
#     doesn't match '/key too complex/
# '
# './parrot   "/Users/bob/Desktop/work/parrot/t/compilers/imcc/syn/regressions_18.pir"' failed with exit code [SIGNAL 11]

uname -a Darwin bob.chapter 10.2.0 Darwin Kernel Version 10.2.0: Tue Nov 3 10:37:10 PST 2009; root:xnu-1486.2.11~1/RELEASE_I386 i386

gcc --version i686-apple-darwin10-gcc-4.2.1 (GCC) 4.2.1 (Apple Inc. build 5646) (dot 1)

Let me know if ya need any other information / testing.

Changed 12 years ago by bubaflub

In an attempt to bisect I checked out r45305 and built it. I still get the same error: 

not ok 18 - over long keys should not segfault (TT \#641)

#   Failed test 'over long keys should not segfault (TT \#641)'
#   at t/compilers/imcc/syn/regressions.t line 231.
#                   ''
#     doesn't match '/key too complex/
# '
# './parrot   "/Users/bob/Desktop/work/parrot/t/compilers/imcc/syn/regressions_18.pir"' failed with exit code [SIGNAL 11]

I'm guessing that this always failed for me and I only noticed now.

Changed 12 years ago by mikehh

getting the test failure at r45380 on Ubuntu 9.10 i386 (g++ and gcc) but not if --optimize is set in configure.: 

not ok 18 - over long keys should not segfault (TT \#641)

#   Failed test 'over long keys should not segfault (TT \#641)'
#   at t/compilers/imcc/syn/regressions.t line 231.
#                   'Segmentation fault
# '
#     doesn't match '/key too complex/
# '
# './parrot   "/home/mhu/t.gn.parrot/t/compilers/imcc/syn/regressions_18.pir"' failed with exit code 139

that was with g++, same result with gcc, but the test passes with both g++ and gcc if --optimize is set.

Changed 12 years ago by mikehh

At r45381 the same applied to Ubuntu 9.10 amd64 on both gcc and g++.

The test t/compilers/imcc/syn/regressions.t - Failed test: 18 without --optimize, but PASSes the test when built with --optimize.

Changed 12 years ago by NotFound

Fixed array dim in r45385. With this fix it doesn't segfault for me in Ubuntu.

Changed 12 years ago by bubaflub

  • status changed from reopened to closed
  • resolution set to fixed

I can confirm that this passes in r45387 on Mac OS X. closing as fixed.

Note: See TracTickets for help on using tickets.