Created attachment 6683 [details] GDB debug output +++ This bug was initially created as a clone of Bug #14602 +++ glibc-2.16.90-24.fc19.x86_64 https://koji.fedoraproject.org/koji/buildinfo?buildID=359617 Core was generated by `/unsafe/home/jkratoch/hammock/20121013Build-gdbcvs-rawhide/fedora-rawhide-x86_6'. Program terminated with signal 11, Segmentation fault. #0 two_way_short_needle (needle_len=<optimized out>, needle=<optimized out>, haystack_len=<optimized out>, haystack=<optimized out>) at str-two-way.h:309 309 != (haystack_char = CANON_ELEMENT (*phaystack++))) Detailed debug dump attached. I do not have it reproducible by hand, it happened during nightly builds. Regression by: glibc-2.16.90-23.fc19.x86_64 -> glibc-2.16.90-24.fc19.x86_64
Created attachment 6684 [details] .tar.xz of core file, gdb binary, rpm -qa (Fedora Rawhide 2012-10-12)
Reproduced it with FSF GDB HEAD: cd gdb/testsuite; while runtest gdb.base/find.exp;do :;done According to logs crashes also: gdb.python/py-inferior.exp
Can you provide GDB command line option to trigger this?
You can use a memmem wrapper to extract a testcase: 1. Copy simple_memmem from string/test-memmem.c in glibc. 2. Write a function to dump memmem input into a C source code, including address values. 3. Call simple_memmem to get correct result. 4. Compare result from memmem against simple_memmem. If it fails, call the dumper to generate the testcase. 4. Link GDB against the memmem wrapper. You can generate a testcase by 1. Dumper called on wrong result from memmem. 2. Run dumper by hand inside GDB when GDB segfaults
Created attachment 6685 [details] .c crash reproducer.
Fixed in e9f372520618161d7d73e028ca23818e83b88bbc.