Created attachment 18692 [details]
The output file indicated in the error gziped

Comment 2 Donny Davies (RETIRED) 2003-10-03 14:36:17 UTC

rpcclient/cmd_spoolss.c:666: internal compiler error:
                        ^^^
this bug is too freaky for me ;-)

but seriously, i dont think i can fix this.  im not so sure it's really
related to linux-2.6.x either.

please try to post to bigs.samba.org and provide them your compiler/binutils/glibc
versions etc, plus the .out file.

perhaps Azarah or other toolchain people on the Gentoo team might have
an idea about this.  i really dont know much about the internals of
compilers and ICE....

I wonder if this is an -fstack-protector problem, since I get it, too, and
I'm running 2.4.20 kernel. (I've seen some other GCC 3.3.1 bugs with -fstack-protector.)

Comment 4 Donny Davies (RETIRED) 2003-10-03 19:50:34 UTC

Hmm, might be -- I get it too on 2.4.x, but the local fix I've been using
for a while is far too incorrect and ugly to comment on further.

Will try an -fno-stack-protector build.

When I removed -fstack-protector, it compiled successfully. Therefore, I
suggest excluding -fstack-protector from the CCFLAGS.

Oops. I meant CFLAGS, not CCFLAGS. (My thinko.)

Comment 7 Donny Davies (RETIRED) 2003-10-03 21:52:47 UTC

Isnt that something, builds ok there now.

Hrpmph.  I guess it would nice to isolate exactly what is going on
since it appears to affect only one single function!

I believe something's wrong with GCC (when stack-protector is used). The
same situation (internal compiler error) occurs elsewhere. See bug 28728
for another example. Someday I hope to learn enough to debug GCC, but I'm
not there yet! ;-)

Ok maybe this sound weird but i have made some tests with kumba on IRC, and
i added to my base CFLAGS: "-O3 -march=pentium3 -pipe -fomit-frame-pointer
-fstack-protector" these two flags "-ffast-math -fforce-addr" and now samba
compiles.
Samba also compiled removing the -fstack-protector without adding the last
two flags.

Comment 10 Donny Davies (RETIRED) 2003-10-04 11:31:46 UTC

Im testing a small fix for this at the moment.  Involves compiling/installing
one .c/.o file, and editing the gcc-installed specs file.

Thereby allowing the use of -fstack-protector to build this.

I dont wish to filter -fstack-protector, Id actually prefer to have SAMBA
built with this flag....  will report results shortly.

Comment 11 Donny Davies (RETIRED) 2003-10-04 11:51:13 UTC

Didnt work.

Something is wacky with display_reg_value() in cmd_spoolss.c.  filtering
-fstack-protector for this one function is a bit harsh I still think though.

Hmm.

Comment 12 Joshua Kinard 2003-10-04 16:51:36 UTC

Donny, as per Comment #9, maybe instead of filtering -fstack-protector, add
-ffast-math and -fforce-addr to the CFLAGS in the ebuild instead? (i.e.,
via append-flags)

Comment 13 Joshua Kinard 2003-10-04 23:33:36 UTC

Donny: According to Howard Golden's comments on Bug #28728, -fforce-addr
does the magic that lets -fstack-protector work.  He's confirmed it on mjpegtools,
and I believe he'll give word if it also lets Mozilla compila.  Both of which
segfault with -fstack-protector if -fforce-addr is not specified.  -ffast-math
might be safer to leave off to keep in line with IEEE math standards.

Also CC'ing the hardened people on this, as they will likely find it of interest.

Comment 14 Donny Davies (RETIRED) 2003-10-11 23:58:36 UTC

I guess all we can do is either:
    - filter -fstack-protector
    - add -fforce-addr

How about the filter option then?  I could live with that...

Comment 15 Joshua Kinard 2003-10-12 00:16:13 UTC

I'm up for adding -fforce-addr to the ebuild as a temporary measure.  If
you read Comment #20 on Bug #28728, it appears this is a bug in propolice,
and the propolice architect, Dr. Hiroaki Etoh, has said he'll try to get
a fix for it eventually.  Once this fix gets released, we can get it in a
new gcc snapshot and give it a run to see if it resolves the issues.

For adding -fforce-addr to the ebuild, I'd suggest doing a check of the CFLAGS
to see if -fstack-protector is in them, and if so, append-flags "-fforce-addr:.
 Otherwise, we leaves CFLAGS alone.  This avoids any possible issues that
may arise with the use of -fforce-addr to user's machines, although I myself
haven't noticed any issues directly relating to -fforce-addr, and gcc's manual
even hints at it being rather safe.

Comment 16 solar (RETIRED) 2003-10-12 01:02:21 UTC

Users of the stable gcc 3.2.3 are not encountering this bug are they?

If not then perhaps  checking gcc --version | head -n 1 | awk '{print $3}'

and then filtering from there would be the ideal way to go.. 
But I'm sure you had already planned for that :)

As a rule of thumb just about anything that opens a socket to the outside
world is something that we would want to protect with PaX & propolice(ssp).

PaX prevents real buffer & heap overflows by limiting arbitrary read/write/execution
access of the processes memory and propolice(ssp) to protect from the return-to-libc
style attacks.

Comment 17 solar (RETIRED) 2003-10-12 01:04:02 UTC

If they are not used together then its almost as good as nothing at all.

I have just posted Dr. Etoh's patch to propolice to bug 28728. So you might
want to try it with your gcc. I'm going to do so here, but it will take a
while to test.

I experienced frequent lockups in mozilla-1.4 when compiled with both -fstack-protector
and -fforce-addr. I don't know if this was caused by either of those flags
or not. See my comments to bug 28728. I'm passing this along so you can be
aware of a *possible* gotcha with either of these flags. Does anyone know
how stable -fstack-protector and -fforce-addr are? (Why isn't -fforce-addr
included with -O2? From the documentation of -fforce-addr, it appears to
be "safe." See my colloquy with Andy Dustman in bug 28728.)

Update the name of the bug

This still is a issue with gcc version 3.2.3 (stable) ... is there a propolice patch available for this version?

Addl info requested by Alexander:

Compiling rpcclient/cmd_spoolss.c
rpcclient/cmd_spoolss.c: In function `display_reg_value':
rpcclient/cmd_spoolss.c:666: Internal compiler error in add_insn_before, at emit-rtl.c:3567
Please submit a full bug report,
with preprocessed source if appropriate.
See <URL:http://bugs.gentoo.org/> for instructions.
make: *** [rpcclient/cmd_spoolss.o] Error 1

!!! ERROR: net-fs/samba-3.0.0-r1 failed.
!!! Function src_compile, Line 160, Exitcode 2
!!! SAMBA pieces

Portage 2.0.49-r15 (default-x86-1.4, gcc-3.2.3, glibc-2.3.2-r3, 2.4.22-ac4)
=================================================================
System uname: 2.4.22-ac4 i686 Pentium III (Coppermine)
Gentoo Base System version 1.4.3.10
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CFLAGS="-O2 -mcpu=pentium3 -fstack-protector -funroll-loops -fomit-frame-pointer -pipe"
CHOST="i686-pc-linux-gnu"
COMPILER="gcc3"
CONFIG_PROTECT="/etc /var/qmail/control /usr/share/config /usr/kde/2/share/config /usr/kde/3/share/config"
CONFIG_PROTECT_MASK="/etc/gconf /etc/env.d"
CXXFLAGS="-O2 -mcpu=pentium3 -fstack-protector -funroll-loops -fomit-frame-pointer -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="sandbox ccache autoaddcvs"
GENTOO_MIRRORS="http://www.gtlib.cc.gatech.edu/pub/gentoo ftp://ftp.gtlib.cc.gatech.edu/pub/gentoo ftp://mirror.iawnet.sandia.gov/pub/gentoo/ http://gentoo.mirrors.pair.com/ ftp://gentoo.mirrors.pair.com/ http://gentoo.seren.com/gentoo rsync://gentoo.seren.com/gentoo http://gentoo.noved.org/"
MAKEOPTS="-j3"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="x86 oss apm arts avi crypt cups encode foomaticdb gif imlib jpeg libg++ mad mikmod motif mpeg ncurses nls oggvorbis opengl pdflib png quicktime sdl spell truetype xml2 xmms xv zlib gdbm berkdb slang readline tcpd libwww perl python -X -gtk -gtk2 -gnome -alsa -qt -kde -gpm -svga apache2 gd mysql ldap kerberos threads freedts xml pam samba sasl ssl unicode"

Comment 22 Alexander Gabert (RETIRED) 2003-11-28 11:57:10 UTC

19:51:14 <@pappy-> 20:50:25 [/usr/local/chroots/chroot001:11328.pty-s1.epoch] epoch ~ # readelf -s $(which smbd)| grep __guard
19:51:14 <@pappy->   3599: 00000000    32 OBJECT  GLOBAL DEFAULT  UND __guard@GLIBC_2.3.2 (10)
19:51:27 <@pappy-> 20:50:32 [/usr/local/chroots/chroot001:11328.pty-s1.epoch] epoch ~ # readelf -s $(which smbd)| grep __stack_smash
19:51:27 <@pappy->   3725: 00000000   530 FUNC    GLOBAL DEFAULT  UND __stack_smash_handler@GLIBC_2.3.2 (10)
19:51:39 <@pappy-> >>> net-fs/samba-3.0.0-r1 merged.

20:51:21 [/usr/local/chroots/chroot001:11328.pty-s1.epoch] epoch ~ # hcc -l
 glibc: GNU C Library stable release version 2.3.2, by Roland McGrath et al.
 glibc: Compiled by GNU CC version 3.3.2 20031022 (Gentoo Linux 3.3.2-r3, propolice).
   gcc: gcc version 3.3.2 20031022 (Gentoo Linux 3.3.2-r3, propolice)
    ld: GNU ld version 2.14.90.0.7 20031029

config: hcc-3.3.2.0-x86  -  /etc/hcc.conf
*cpp:
%{posix:-D_POSIX_SOURCE} %{!D__KERNEL__: %{!DIN_GCC: %{!static: %{!nostartfiles: %{!nodefaultlibs: %{!nostdlib: %{!nostdinc: %{!yet_exec: %{!nopie: -D__PIC__ -D__pic__}} } } } } } } } %{pthread:-D_REENTRANT}
--
*cc1:
%(cc1_cpu) %{!D__KERNEL__: %{!DIN_GCC: %{!static: %{!nostartfiles: %{!nodefaultlibs: %{!nostdlib: %{!nostdinc: %{!yet_exec: %{!nopie: -fPIC}} %{!yno_propolice: -fstack-protector -fstack-protector-all -fforce-addr} } } } } } } } %{profile:-p}
--
*endfile:
%{static|yet_exec|D__KERNEL__|DIN_GCC: crtend.o%s} %{!static: %{!yet_exec: %{!D__KERNEL__: %{!DIN_GCC: crtendS.o%s}}}} crtn.o%s
--
*link:
%{!static:--eh-frame-hdr} -m elf_i386 %{shared:-shared} %{!shared: %{!ibcs: %{!static: %{rdynamic:-export-dynamic} %{!dynamic-linker:-dynamic-linker /lib/ld-linux.so.2}} %{static:-static}}} %{!D__KERNEL__: %{!DIN_GCC: %{!static: %{!nostartfiles: %{!nodefaultlibs: %{!nostdlib: %{!nostdinc: %{!shared: %{!Bshareable: %{!i: %{!r: %{!yet_exec: %{!nopie: -pie -z combreloc}} } } } } } } } } } } }
--
*startfile:
%{!shared: %{pg:gcrt1.o%s} %{!pg:%{p:gcrt1.o%s} %{!p:%{profile:gcrt1.o%s} %{!profile: %{static|yet_exec|D__KERNEL__|DIN_GCC: crt1.o%s} %{!static: %{!yet_exec: %{!D__KERNEL__: %{!DIN_GCC: Scrt1.o%s}}}} }}}} crti.o%s %{static:crtbeginT.o%s} %{!static: %{yet_exec|D__KERNEL__|DIN_GCC: crtbegin.o%s} %{!yet_exec: %{!D__KERNEL__: %{!DIN_GCC: crtbeginS.o%s}}} }

cannot be reproduced here

please confirm again after updating to gcc and glibc with guard and etc-update and hcc -a to make hardened-gcc happy

Comment 23 Joshua Kinard 2003-11-28 14:18:09 UTC

Dave: the Samba error your reporting sounds rather familiar.  I notice it looks like you're running an old gcc version.  The patch that I know of that resolved this kind of error when into gcc-3.3.1-r5, if I recall correctly.  You can try updating to the latest gcc (~3.3.2), and recompile samba, *OR* add the -fforce-addr flag to your CFLAGS, which should get around the issue.

Joshua: I'm using -fforce-addr for now. I have some app testing to do with this system before I switch gcc versions.. I'll probably upgrade gcc before I start working with etdyn. . Thanks

Comment 25 Alexander Gabert (RETIRED) 2003-11-29 15:28:01 UTC

close and WONTFIX

use latest gcc please or -fforce-addr to circumvent propolice problems with old gcc

TIA,

Alex