Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 258658 - Header issue in sys-devel/gcc-4.1.2 / sys-libs/glibc-2.6.1
Summary: Header issue in sys-devel/gcc-4.1.2 / sys-libs/glibc-2.6.1
Status: RESOLVED INVALID
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Core system (show other bugs)
Hardware: AMD64 Linux
: High critical (vote)
Assignee: Gentoo Toolchain Maintainers
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-02-11 23:16 UTC by Alessandro Di Marco
Modified: 2009-02-12 12:24 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alessandro Di Marco 2009-02-11 23:16:57 UTC 
Hello,
probably I'm missing something, but it happens that the trivial snippet here below segfaults on my amd64 dual-header box. The issue goes away simply uncommenting the below #include.

#include <stdio.h>
#include <netinet/in.h>

/* uncomment me to solve the problem! */
/* #include <arpa/inet.h> */

int main(void)
{
	struct in_addr io = { 0x100007f };

        printf("%s\n", inet_ntoa(io)); // <-- segfaults

	return 0;
}


Reproducible: Always

Steps to Reproduce:
1. Save the snippet in issue.c
2. gcc issue.c -o issue
3. ./issue

Actual Results:  
<0> $ ./issue
Segmentation fault

Syslog reports:
Feb 12 00:12:43 s_kernel@longinus issue[10702]: segfault at 4e4976c0 ip 00007f104dfcaaf0 sp 00007fff564adc38 error 4 in libc-2.6.1.so[7f104df57000+136000]


Expected Results:  
<0> $ ./issue
127.0.0.1


<0> $ emerge --info
Portage 2.1.6.4 (default/linux/amd64/2008.0/desktop, gcc-4.1.2, glibc-2.6.1-r0, 2.6.28.1 x86_64)
=================================================================
System uname: Linux-2.6.28.1-x86_64-Intel-R-_Core-TM-2_CPU_T7200_@_2.00GHz-with-glibc2.2.5
Timestamp of tree: Mon, 09 Feb 2009 11:45:01 +0000
ccache version 2.4 [enabled]
app-shells/bash:     3.2_p39
dev-java/java-config: 1.3.7-r1, 2.1.6-r1
dev-lang/python:     2.5.2-r7
dev-util/ccache:     2.4-r7
sys-apps/baselayout: 1.12.11.1
sys-apps/sandbox:    1.2.18.1-r2
sys-devel/autoconf:  2.13, 2.63
sys-devel/automake:  1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10.2
sys-devel/binutils:  2.18-r3
sys-devel/gcc-config: 1.4.0-r4
sys-devel/libtool:   1.5.26
virtual/os-headers:  2.6.27-r2
ACCEPT_KEYWORDS="amd64"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=nocona -O3 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /var/qmail/alias /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c /etc/udev/rules.d"
CXXFLAGS="-march=nocona -O3 -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="ccache distlocks fixpackages metadata-transfer notitles parallel-fetch protect-owned sandbox sfperms strict unmerge-orphans userfetch userpriv usersandbox"
GENTOO_MIRRORS="http://mirror.muntinternet.net/pub/gentoo/ http://mirrors.sec.informatik.tu-darmstadt.de/gentoo/ http://mirror.switch.ch/ftp/mirror/gentoo/ http://mirror.bytemark.co.uk/gentoo/ http://ftp.uni-erlangen.de/pub/mirrors/gentoo"
LDFLAGS="-Wl,-O1"
LINGUAS="en"
MAKEOPTS="-j3"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/portage/local/layman/enlightenment /usr/local/portage"
SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage"
USE="X aac acpi alsa amd64 aspell bash-completion berkdb bluetooth branding bzip2 cairo cdr cjk cracklib crypt cups dbus dri dts dvd dvdr dvdread emacs encode esd fam firefox gd gdbm gencertdaily gif gimp gpm hal iconv imagemagick imap imlib ipv6 jabber java jpeg jpeg2k latex libnotify lm_sensors mad midi mmx mmxext mp3 mpeg mplayer multilib ncurses nls nonfsv4 nptl nptlonly nsplugin nvidia ogg opengl pam pcre pdf perl plotutils png portage ppds python qmail readline remote rtc sdl sensord session slp spell srt sse sse2 ssl ssse3 startup-notification subversion sysfs tcl tcpd tetex threads tiff tk truetype unicode usb vorbis wifi xanim xml xorg xpm xulrunner xv xvid xvmc zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="evdev keyboard mouse synaptics" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en" USERLAND="GNU" VIDEO_CARDS="nvidia intel"
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LANG, LC_ALL, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Comment 1 Alessandro Di Marco 2009-02-12 01:52:53 UTC 
I think to have discovered what happens. When the #include is commented out, the compiler uses the 32bit funcall in place of the needed 64bit one. Here below is the corresponding assembly snippet for both versions:

/* #include <arpa/inet.h> */

	movl	$16777343, -16(%rbp)
	movl	-16(%rbp), %edi
	movl	$0, %eax
	call	inet_ntoa
	cltq
	movq	%rax, -8(%rbp)
	movq	-8(%rbp), %rdi
	call	puts
	movl	$0, %eax

#include <arpa/inet.h>

	movl	$16777343, -16(%rbp)
	movl	-16(%rbp), %edi
	call	inet_ntoa
	movq	%rax, -8(%rbp)
	movq	-8(%rbp), %rdi
	call	puts
	movl	$0, %eax

As you can see, the #include-less version uses the cltq (aka cdqe) to convert the doubleword in eax to a quadword in rax with the same numerical value. Probably this value is not as good as it should (see below)

4       /* uncomment me to solve the problem! */
5       /* #include <arpa/inet.h> */
6
7       int main(void)
8       {
9               struct in_addr io = { 0x100007f };
10              char *x = inet_ntoa(io);
11
12              printf("%s\n", x);
(gdb) s
9               struct in_addr io = { 0x100007f };
(gdb) s
10              char *x = inet_ntoa(io);
(gdb) s
12              printf("%s\n", x);
(gdb) p x
$1 = 0x478e76c0 <Address 0x478e76c0 out of bounds>
Comment 2 Alessandro Di Marco 2009-02-12 02:23:27 UTC 
OK, I solved. Without the #include, gcc assumes that inet_ntoa() returns an integer (4 bytes). Differently on x86, this is unable to store memory addresses (char * is 8 bytes long in amd64 architecture), so the cltq instruction does nothing but extending an already truncated address and the printf segfaults.

Sorry for any inconvenience
Comment 3 SpanKY gentoo-dev 2009-02-12 05:50:47 UTC 
you probably ignored the warnings.  implicit decls -> int return type.
Comment 4 Alessandro Di Marco 2009-02-12 12:24:03 UTC 
Yeah, usually I don't! Since the snippet came by a well-known network book, this time I "forgot" the -Wall..