This is the mail archive of the mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[bug] gcc 2.95.3-10 currupts the stack


I suspect there is a very nasty bug in cygwin's gcc
port because I'm fighting with
stack corruption in my attempt to get latest kaffe (a
free software virtual machine for
Java, from CVS to fully work on

I'm compiling using gcc 2.95.3-10 and -O0, in order to
avoid bugs introduced by
optimization features. Compiling with gcc 3.2 and -O2
makes kaffe crash in about
the same situation (trying to access a jar file)
within an inlined static function.
So I assume the same bug exists in both compiler

I'm using the latest Cygwin release from last weekend.
I've attached the output of
a typical gdb session. I don't speak i386 assembler so
if anyone can make sense out
of this, I'd be glad to hear from you.

What seems to happen is that a parameter 'name' get
severly corrupted on the stack.
And then the whole program crashes with SIGSEGV.
Depending on whether I pull some
pointer variables in or out of the function, and turn
them into statics, I can even
get a SIGFPE, despite that there is no piece of
floating point data around.

Oh, and kaffe uses threads ;)

$ cd libraries/javalib
/usr/local/kaffe/bin/kaffe uvf rt.jar -C . META-INF/
GNU gdb 2003-01-28-cvs (cygwin-special)
Copyright 2003 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General
Public License, and you are
welcome to change it and/or distribute copies of it
under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show
warranty" for details.
This GDB was configured as "i686-pc-cygwin"...
(gdb) b findJarFile
Breakpoint 1 at 0x445dba: file jar.c, line 118.
(gdb) run
Starting program:
/usr/local/kaffe/jre/bin/kaffe-bin.exe -vemdebug
THREAD kaffe.
tools.jar.Jar uvf rt.jar -C . META-INF/

Breakpoint 1, findJarFile (name=0x10032118
    at jar.c:108
108     {

(gdb) bt
#0  findJarFile (name=0x10032118
    at jar.c:108
#1  0x00447473 in openJarFile (
    name=0x10032118 "/usr/local/kaffe/jre/lib/rt.jar")
at jar.c:1056
#2  0x004447f2 in findClassInJar (cname=0x1003c538
    hand=0x91fae8, einfo=0x91fb38) at findInJar.c:205
#3  0x004445ea in findClass (centry=0x1003c518,
    at findInJar.c:121
#4  0x0043343e in loadStaticClass (class=0x463b20,
    name=0x42fa1b "java/lang/Object") at
#5  0x0042fca1 in initBaseClasses () at
#6  0x0042f885 in initialiseKaffe () at
#7  0x0041e234 in JNI_CreateJavaVM (vm=0x463890,
env=0x4638a0, args=0x463830)
    at jni.c:205
#8  0x00401197 in main (argc=9, argv=0x10031528) at
(gdb) s
findJarFile (name=0x1003c0f8 "\002") at jar.c:118
118             assert(name != NULL);

Et voila, parameter 'name' is suddendly corrupted
after I single step through the code.

(gdb) i threads
  3 thread -353117.0xfffa8c1b  0xbff7a280 in
UnregisterDeviceNotification ()
  2 thread -353117.0xfffaa98b  0x610755d7 in
siginterrupt ()
* 1 thread -353117.0xfffafd2f  findJarFile (
    name=0x10032118 "/usr/local/kaffe/jre/lib/rt.jar")
at jar.c:108

(gdb) disas
Dump of assembler code for function findJarFile:
0x00445db0 <findJarFile+0>:     pop    %ecx
0x00445db1 <findJarFile+1>:     and   
0x00445db4 <findJarFile+4>:     in     (%dx),%al
0x00445db5 <findJarFile+5>:     adc    $0x53,%al
0x00445db7 <findJarFile+7>:     mov    0x8(%ebp),%ebx
0x00445dba <findJarFile+10>:    test   %ebx,%ebx
0x00445dbc <findJarFile+12>:    jne    0x445dd5
0x00445dbe <findJarFile+14>:    add   
0x00445dc1 <findJarFile+17>:    push   $0x445d6a
0x00445dc6 <findJarFile+22>:    push   $0x76
0x00445dc8 <findJarFile+24>:    push   $0x5982f81e
0x00445dcd <findJarFile+29>:    sbbl  
0x00445dd4 <findJarFile+36>:    pop    %ecx
0x00445dd5 <findJarFile+37>:    addl   $0x0,0x463290
0x00445ddc <findJarFile+44>:    add    %al,(%eax)
0x00445dde <findJarFile+46>:    add    %ch,%al
0x00445de0 <findJarFile+48>:    xorb  
0x00445de4 <findJarFile+52>:    add   
0x00445de7 <findJarFile+55>:    push   $0x4632c0
0x00445dec <findJarFile+60>:    push   $0x463280
0x00445df1 <findJarFile+65>:    call   0x4400f0
0x00445df6 <findJarFile+70>:    mov    0x463284,%eax
0x00445dfb <findJarFile+75>:    movl  
0x00445e05 <findJarFile+85>:    mov    %eax,0x4632a0
0x00445e0a <findJarFile+90>:    add    $0x10,%esp
0x00445e0d <findJarFile+93>:    jmp    0x445ed3
0x00445e12 <findJarFile+98>:    mov    %esi,%esi
0x00445e14 <findJarFile+100>:   cmpl   $0x0,0x4632a0
0x00445e1b <findJarFile+107>:   jne    0x445e34
0x00445e1d <findJarFile+109>:   add   
0x00445e20 <findJarFile+112>:   push   $0x445d77
0x00445e25 <findJarFile+117>:   push   $0x7f
0x00445e27 <findJarFile+119>:   push   $0x445d1e
0x00445e2c <findJarFile+124>:   call   0x45bf70
0x00445e31 <findJarFile+129>:   add    $0x10,%esp
0x00445e34 <findJarFile+132>:   mov    0x4632a0,%eax
0x00445e39 <findJarFile+137>:   cmpl   $0x0,0x8(%eax)
0x00445e3d <findJarFile+141>:   jne    0x445e59
0x00445e3f <findJarFile+143>:   add   
0x00445e42 <findJarFile+146>:   push   $0x445d84
0x00445e47 <findJarFile+151>:   push   $0x80
0x00445e4c <findJarFile+156>:   push   $0x445d1e
0x00445e51 <findJarFile+161>:   call   0x45bf70
0x00445e56 <findJarFile+166>:   add    $0x10,%esp
0x00445e59 <findJarFile+169>:   add   
0x00445e5c <findJarFile+172>:   push   %ebx
0x00445e5d <findJarFile+173>:   mov    0x4632a0,%eax
0x00445e62 <findJarFile+178>:   mov    0x8(%eax),%eax
0x00445e65 <findJarFile+181>:   push   %eax
0x00445e66 <findJarFile+182>:   call   0x45c130
0x00445e6b <findJarFile+187>:   add    $0x10,%esp
0x00445e6e <findJarFile+190>:   test   %eax,%eax
0x00445e70 <findJarFile+192>:   jne    0x445ec2
0x00445e72 <findJarFile+194>:   mov    0x4632a0,%eax
0x00445e77 <findJarFile+199>:   mov    0x4632b0,%edx
0x00445e7d <findJarFile+205>:   mov    (%eax),%eax
0x00445e7f <findJarFile+207>:   mov    %eax,(%edx)
0x00445e81 <findJarFile+209>:   mov    0x4632a0,%edx
0x00445e87 <findJarFile+215>:   mov    0x463284,%eax
0x00445e8c <findJarFile+220>:   mov    %eax,(%edx)
0x00445e8e <findJarFile+222>:   mov    %edx,0x463284
0x00445e94 <findJarFile+228>:   mov    0x10(%edx),%eax
0x00445e97 <findJarFile+231>:   mov    %edx,0x463290
0x00445e9d <findJarFile+237>:   lea    0x1(%eax),%ecx
0x00445ea0 <findJarFile+240>:   mov    %ecx,0x10(%edx)
0x00445ea3 <findJarFile+243>:   cmp   
0x00445ea6 <findJarFile+246>:   jne    0x445ec2
0x00445ea8 <findJarFile+248>:   add   
0x00445eab <findJarFile+251>:   push   $0x445d98
0x00445eb0 <findJarFile+256>:   push   $0x8d
0x00445eb5 <findJarFile+261>:   push   $0x445d1e
0x00445eba <findJarFile+266>:   call   0x45bf70
0x00445ebf <findJarFile+271>:   add    $0x10,%esp
0x00445ec2 <findJarFile+274>:   mov    0x4632a0,%eax
0x00445ec7 <findJarFile+279>:   mov    %eax,0x4632b0
0x00445ecc <findJarFile+284>:   mov    (%eax),%eax
0x00445ece <findJarFile+286>:   mov    %eax,0x4632a0
0x00445ed3 <findJarFile+291>:   test   %eax,%eax
0x00445ed5 <findJarFile+293>:   je     0x445ee4
0x00445ed7 <findJarFile+295>:   cmpl   $0x0,0x463290
0x00445ede <findJarFile+302>:   je     0x445e14
0x00445ee4 <findJarFile+308>:   add   
0x00445ee7 <findJarFile+311>:   push   $0x4632c0
0x00445eec <findJarFile+316>:   push   $0x463280
0x00445ef1 <findJarFile+321>:   call   0x440134
0x00445ef6 <findJarFile+326>:   call   0x43d1a4
0x00445efb <findJarFile+331>:   mov    0x463290,%eax
0x00445f00 <findJarFile+336>:   mov   
0x00445f03 <findJarFile+339>:   mov    %ebp,%esp
0x00445f05 <findJarFile+341>:   pop    %ebp
0x00445f06 <findJarFile+342>:   ret
End of assembler dump.

If I use stepi to get through the function, it is the
and instruction at 
0x00445db1 which corrupts the name variable on the
stack. Funny enough, then
I can manage to execute most of the function up to the
return statement, 
which gives me a SIGSEGV because of the corrupted
stack, I guess.

Here are the last stepis before the SIGSEGV:

0x00445f03      147             return( return_val );
0x00445f05      147             return( return_val );
0x00445f06 in findJarFile (name=0x6b2f6c61 <Address
0x6b2f6c61 out of bounds>)
    at jar.c:147
147             return( return_val );
0x100381c0 in ?? ()
0x100381c2 in ?? ()
0x100381c4 in ?? ()
0x10038227 in ?? ()

Program received signal SIGSEGV, Segmentation fault.
0x10038227 in ?? ()

The C code of the function:

static jarFile *return_val;
static jarFile *curr;
static jarFile **prev;

#if !defined(KAFFEH)
	static int iLockRoot;

static jarFile * findJarFile(char *name)
#if !defined(KAFFEH)
	int iLockRoot;

	jarFile *return_val;
	jarFile *curr;
	jarFile **prev;

	assert(name != NULL);
	return_val = NULL;
	curr = jarCache.files;
	prev = &jarCache.files;
	while( curr && !return_val )
		assert(curr != NULL);
		assert(curr->fileName != 0);
		if( !strcmp(curr->fileName, name) )
			/* unlink it... */
			*prev = curr->next;
			/* and move it to the front */
			curr->next = jarCache.files;
			jarCache.files = curr;
			/* Return this node and increment the user count */
			return_val = curr;

			assert(return_val->users >= 1);
		prev = &curr->next;
		curr = curr->next;
	return( return_val );

I've browsed the list archives, but I couldn't find a
similar case. 

I've attached a copy of the output of cygcheck -s.

best regards,
dalibor topic

Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
Cygwin Win95/NT Configuration Diagnostics
Current System Time: Mon Feb 10 12:41:05 2003

Windows 98 SE Ver 4.10 Build 2222 

Path:	C:\cygwin\usr\local\bin


HOME = `C:\cygwin\home\Dalibor Topic'
MAKE_MODE = `unix'
PWD = `/cygdrive/c/kaffe/libraries/javalib'
USER = `Dalibor Topic'

Use `-r' to scan registry

a:  fd           N/A    N/A                    
c:  hd  FAT32   3714Mb  77% CP    UN           
d:  cd  CDFS     637Mb 100%       UN           CDROM

C:\cygwin      /          system  binmode
C:\cygwin/bin  /usr/bin   system  binmode
C:\cygwin/lib  /usr/lib   system  binmode
.              /cygdrive  user    binmode,cygdrive

Found: C:\cygwin\bin\bash.exe
Found: C:\cygwin\bin\cat.exe
Found: C:\cygwin\bin\cpp.exe
Found: C:\cygwin\bin\find.exe
Found: c:\WINDOWS\COMMAND\find.exe
Found: C:\cygwin\bin\gcc.exe
Found: C:\cygwin\bin\gdb.exe
Found: C:\cygwin\bin\ld.exe
Found: C:\cygwin\bin\ls.exe
Found: C:\cygwin\bin\make.exe
Found: C:\cygwin\bin\sh.exe

  306k 2002/04/27 C:\cygwin\bin\cyghttpd.dll
   19k 2002/02/20 C:\cygwin\bin\cyggdbm.dll
   58k 2002/05/07 C:\cygwin\bin\cygbz2-1.dll
  929k 2002/06/24 C:\cygwin\bin\cygiconv-2.dll
   35k 2002/01/09 C:\cygwin\bin\cygform6.dll
   20k 2002/01/09 C:\cygwin\bin\cygmenu6.dll
  175k 2002/01/09 C:\cygwin\bin\cygncurses++6.dll
  202k 2002/01/09 C:\cygwin\bin\cygncurses6.dll
   12k 2002/01/09 C:\cygwin\bin\cygpanel6.dll
   21k 2001/06/20 C:\cygwin\bin\cygintl.dll
   22k 2001/12/13 C:\cygwin\bin\cygintl-1.dll
   28k 2002/09/20 C:\cygwin\bin\cygintl-2.dll
   32k 2003/01/04 C:\cygwin\bin\cygltdl-3.dll
   45k 2001/04/25 C:\cygwin\bin\cygform5.dll
   26k 2001/04/25 C:\cygwin\bin\cygmenu5.dll
  156k 2001/04/25 C:\cygwin\bin\cygncurses++5.dll
   15k 2001/04/25 C:\cygwin\bin\cygpanel5.dll
  226k 2001/04/25 C:\cygwin\bin\cygncurses5.dll
   22k 2002/06/09 C:\cygwin\bin\cygpopt-0.dll
   17k 2001/06/28 C:\cygwin\bin\cyghistory4.dll
  108k 2001/06/28 C:\cygwin\bin\cygreadline4.dll
   20k 2002/10/10 C:\cygwin\bin\cyghistory5.dll
  127k 2002/10/10 C:\cygwin\bin\cygreadline5.dll
  847k 2003/01/09 C:\cygwin\bin\cygcrypto-0.9.7.dll
  177k 2003/01/09 C:\cygwin\bin\cygssl-0.9.7.dll
  644k 2002/12/08 C:\cygwin\bin\cygcrypto.dll
  165k 2002/12/08 C:\cygwin\bin\cygssl.dll
   40k 2001/11/21 C:\cygwin\bin\cygpcre.dll
   39k 2001/11/21 C:\cygwin\bin\cygpcreposix.dll
   50k 2002/03/12 C:\cygwin\bin\cygz.dll
  885k 2003/01/24 C:\cygwin\bin\cygwin1.dll
    Cygwin DLL version info:
        DLL version: 1.3.19
        DLL epoch: 19
        DLL bad signal mask: 19005
        DLL old termios: 5
        DLL malloc env: 28
        API major: 0
        API minor: 71
        Shared data: 3
        DLL identifier: cygwin1
        Mount registry: 2
        Cygnus registry name: Cygnus Solutions
        Cygwin registry name: Cygwin
        Program options name: Program Options
        Cygwin mount registry name: mounts v2
        Cygdrive flags: cygdrive flags
        Cygdrive prefix: cygdrive prefix
        Cygdrive default prefix: 
        Build date: Thu Jan 23 21:31:48 EST 2003
        CVS tag: cygwin-1-3-19-1
        Shared id: cygwin1S3

Cygwin Package Information
Package             Version             
_update-info-dir    00130-1             
ash                 20020731-1          
autoconf            2.54-1              
autoconf-devel      2.57-1              
autoconf-stable     2.13-4              
automake            1.7.1-1             
automake-devel      1.7.2-1             
automake-stable     1.4p5-5             
base-files          1.1-1               
base-passwd         1.0-1               
bash                2.05b-8             
binutils            20021117-1          
bison               1.875-1             
bzip2               1.0.2-2             
chkconfig           1.2.24h-1           
cvs                 1.11.0-1            
cygrunsrv           0.95-1              
cygutils            1.1.3-1             
cygwin              1.3.19-1            
cygwin-doc          1.3-2               
diff                1.0-1               
diffutils           2.8.1-1             
file                3.37-1              
fileutils           4.1-1               
findutils           4.1.7-4             
gawk                3.1.1-5             
gcc                 3.2-3               
gcc-mingw           20020817-5          
gcc2                2.95.3-10           
gdb                 20030128-1          
gdbm                1.8.0-4             
grep                2.5-1               
groff               1.18.1-2            
gzip                1.3.3-4             
less                378-1               
libbz2_1            1.0.2-2             
libiconv2           1.8-2               
libintl             0.10.38-3           
libintl1            0.10.40-1           
libintl2            0.11.5-1            
libltdl3            20030103-1          
libncurses5         5.2-1               
libncurses6         5.2-8               
libpopt0            1.6.4-4             
libreadline4        4.1-2               
libreadline5        4.3-2               
libtool             20020705-1          
libtool-devel       20030103-1          
libtool-stable      1.4.3-1             
login               1.7-1               
m4                  1.4-1               
make                3.79.1-7            
man                 1.5j-1              
mingw-runtime       2.3-1               
mktemp              1.4-1               
nano                1.1.10-1            
ncurses             5.2-8               
newlib-man          20020801            
openssh             3.5p1-3             
openssl             0.9.7-1             
openssl096          0.9.6h-1            
patch               2.5.8-2             
pcre                3.7-1               
perl                5.6.1-2             
pkgconfig           0.14.0-1            
readline            4.3-2               
sed                 4.0.5-1             
sh-utils            2.0.15-3            
sharutils           4.2.1-2             
shutdown            1.2-2               
sysvinit            2.84-3              
tar                 1.13.25-1           
tcltk               20030128-3          
tcp_wrappers        7.6-1               
termcap             20020930-1          
terminfo            5.2-3               
texinfo             4.2-4               
textutils           2.0.21-1            
time                1.7-1               
unzip               5.50-1              
w32api              2.1-1               
which               1.5-1               
zip                 2.3-2               
zlib                1.1.4-1             

Use -h to see help about each section

Unsubscribe info:
Bug reporting:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]