[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: results of gnulib tests with -fcheck-pointer-bounds
|
From: |
Paul Eggert |
|
Subject: |
Re: results of gnulib tests with -fcheck-pointer-bounds |
|
Date: |
Fri, 19 May 2017 15:48:51 -0700 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.1.0 |
On 05/19/2017 08:27 AM, Bruno Haible wrote:
The message "Saw a #BR!" is a bit cryptic
An understatement to be sure. In my experience, even when you know
exactly which machine instruction is trapping and know which source-code
statement it corresponds to, it's often tricky to puzzle out why an
-fcheck-pointer-bounds failure occurred. So far I haven't been bold
enough to give a tricky problem like that to my undergraduate students.
Maybe in a year or two the debugging tools will be better. (Plus, I have
to wait for our university to get teaching servers new enough to support
MPX.)
Does someone understand this argp-help.c code?
I didn't, but after looking at the code for a bit I see a problem that
could explain the symptoms you observe. hol_append subtracts pointers
into different arrays, which has undefined behavior in C, and
-fcheck-pointer-bounds can catch this after the resulting offset is used
to calculate a pointer and the pointer is then later used. This is
clearly a portability bug so I installed the first attached patch. Does
it fix the problem on your platform?
I also tested argp under -fsanitize=undefined and found a different bug,
fixed in the 2nd attached patch.
0001-argp-fix-pointer-subtraction-bug.patch
Description: Text Data
0002-argp-fix-shift-bug.patch
Description: Text Data