[Debian-astro-maintainers] Bug#883236: scamp: segfault in load_field() at field.c:343
Roy Clark (kralcyor)
royclark086 at gmail.com
Fri Dec 1 06:32:40 UTC 2017
Package: scamp
Version: 2.0.4-4
Severity: normal
Dear Maintainer,
1. Reproduce
$ scamp test-scamp-segfault.cat
> WARNING: scamp.conf not found, using internal defaults
> WARNING: This executable has been compiled using a version of the
> ATLAS library without support for multithreading. Performance will be
> degraded.
----- SCAMP 2.0.4 started on 2017-12-01 at 13:34:33 with 2 threads
----- 1 inputs:
> Examining Catalog test-scamp-segfault.cat
Segmentation fault
Though any .cat accepted by scamp should works, I attached the test sample
"test-scamp-segfault.cat" in this Email.
The attachment "scamp-backtrace.txt" is a gdb backtrace obtained by
running following command:
$ gdb --batch -ex "r test-scamp-segfault.cat" -ex "bt" -ex "bt full" -ex "thread apply all bt full" -ex "quit" /usr/bin/scamp &> scamp-backtrace.txt
2. Possible cause
This problem may be caused by that the questioned line is undefined
behaviour.
When build the package with gcc option -Wsequence-point enabled(add
"export DEB_CFLAGS_MAINT_APPEND = -Wsequence-point" to debian/rules),
there is the following warning:
gcc -DHAVE_CONFIG_H -I. -I.. -I/usr/include/plplot -Wdate-time -D_FORTIFY_SOURCE=2 -D_REENTRANT -g -O2 -fdebug-prefix-map=/home/kralcyor/tmp/packaging/scamp/scamp-2.0.4=. -fstack-protector-strong -Wformat -Werror=format-security -Wsequence-point -c -o field.o field.c
field.c: In function ‘load_field’:
field.c:343:27: warning: operation on ‘n’ may be undefined [-Wsequence-point]
set[n]->setindex = n++;
~^~
3. Walk around
Apply the patch:
--- a/src/field.c
+++ b/src/field.c
@@ -340,7 +340,8 @@
nsample += set[n]->nsample;
free_tab(set[n]->imatab);
set[n]->imatab = NULL;
- set[n]->setindex = n++;
+ set[n]->setindex = n;
+ n++;
}
field->nsample = nsample;
Regards,
Roy Clark
-- System Information:
Debian Release: buster/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.13.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages scamp depends on:
ii curl 7.57.0-1
ii libatlas3-base 3.10.3-5
ii libc6 2.25-2
ii libfftw3-single3 3.3.6p2-2
ii libplplot15 5.13.0+dfsg-7
scamp recommends no packages.
scamp suggests no packages.
-- debconf-show failed
-------------- next part --------------
A non-text attachment was scrubbed...
Name: test-scamp-segfault.cat
Type: application/octet-stream
Size: 25920 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/debian-astro-maintainers/attachments/20171201/893788c8/attachment-0001.obj>
-------------- next part --------------
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
> WARNING: scamp.conf not found, using internal defaults
> WARNING: This executable has been compiled using a version of the ATLAS library without support for multithreading. Performance will be degraded.
�[1M>
�[1A----- SCAMP 2.0.4 started on 2017-12-01 at 13:55:43 with 2 threads
�[1M>
�[1A----- 1 inputs:
[New Thread 0x7ffff4769700 (LWP 10661)]
[New Thread 0x7ffff3f68700 (LWP 10662)]
�[1M> Examining Catalog test-scamp-segfault.cat
Thread 2 "scamp" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ffff4769700 (LWP 10661)]
0x000055555558e58a in load_field (filename=<optimized out>, fieldindex=fieldindex at entry=0) at field.c:343
343 field.c: No such file or directory.
#0 0x000055555558e58a in load_field (filename=<optimized out>, fieldindex=fieldindex at entry=0) at field.c:343
#1 0x000055555558eb94 in pthread_load_field (arg=<optimized out>) at field.c:655
#2 0x00007ffff6879517 in start_thread (arg=0x7ffff4769700) at pthread_create.c:456
#3 0x00007ffff635182f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97
#0 0x000055555558e58a in load_field (filename=<optimized out>, fieldindex=fieldindex at entry=0) at field.c:343
wcs = <optimized out>
cat = 0x7fffec0008c0
tab = 0x7fffec003a60
imatab = <optimized out>
key = <optimized out>
field = <optimized out>
set = <optimized out>
htype = 1452482960
ttype = 21845
str = "test-scamp-segfault.cat\000mp-segfault.cat\000t\000\000\000\377\377", '\000' <repeats 147 times>, "\064`\366\377\177\000\000"...
label = "\000\000\000\000\000\000\000\000P<\207\366\377\177\000\000\340\216v\364\377\177\000\000\063\376\336\367\377\177", '\000' <repeats 18 times>, "\270!\223VUU\000\000\220!\223VUU\000\000\340!\223VUU\000"
keystr = "\005", '\000' <repeats 14 times>
rfilename = <optimized out>
pstr = <optimized out>
astrombuf = <optimized out>
photombuf = <optimized out>
pspath = <optimized out>
d = <optimized out>
i = <optimized out>
j = <optimized out>
n = 1
s = <optimized out>
nsample = 1
line = <optimized out>
#1 0x000055555558eb94 in pthread_load_field (arg=<optimized out>) at field.c:655
findex = 0
proc = <optimized out>
#2 0x00007ffff6879517 in start_thread (arg=0x7ffff4769700) at pthread_create.c:456
__res = <optimized out>
pd = 0x7ffff4769700
now = <optimized out>
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140737294800640, 1722582721818372361, 140737488346030, 140737488346031, 93824992471728, 140737294800640, -1722557353077397239, -1722562171101665015}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
not_first_call = <optimized out>
pagesize_m1 = <optimized out>
sp = <optimized out>
freesize = <optimized out>
__PRETTY_FUNCTION__ = "start_thread"
#3 0x00007ffff635182f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97
No locals.
Thread 3 (Thread 0x7ffff3f68700 (LWP 10662)):
#0 0x00007ffff687fb26 in futex_wait_cancelable (private=<optimized out>, expected=0, futex_word=0x5555569359d8) at ../sysdeps/unix/sysv/linux/futex-internal.h:88
__ret = -512
oldtype = 0
err = <optimized out>
#1 __pthread_cond_wait_common (abstime=0x0, mutex=0x555556935960, cond=0x5555569359b0) at pthread_cond_wait.c:502
spin = 0
buffer = {__routine = 0x7ffff687f960 <__condvar_cleanup_waiting>, __arg = 0x7ffff3f67e90, __canceltype = 0, __prev = 0x0}
cbuffer = {wseq = 2, cond = 0x5555569359b0, mutex = 0x555556935960, private = 0}
err = <optimized out>
g = 0
flags = <optimized out>
signals = 0
result = 0
seq = 1
#2 __pthread_cond_wait (cond=cond at entry=0x5555569359b0, mutex=mutex at entry=0x555556935960) at pthread_cond_wait.c:655
No locals.
#3 0x00005555555aa484 in threads_gate_sync (gate=0x555556935950) at threads.c:123
No locals.
#4 0x000055555558ebdc in pthread_load_field (arg=<optimized out>) at field.c:663
findex = -1
proc = <optimized out>
#5 0x00007ffff6879517 in start_thread (arg=0x7ffff3f68700) at pthread_create.c:456
__res = <optimized out>
pd = 0x7ffff3f68700
now = <optimized out>
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140737286407936, 1722582721818372361, 140737488346030, 140737488346031, 93824992471728, 140737286407936, -1722573844141201143, -1722562171101665015}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
not_first_call = <optimized out>
pagesize_m1 = <optimized out>
sp = <optimized out>
freesize = <optimized out>
__PRETTY_FUNCTION__ = "start_thread"
#6 0x00007ffff635182f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97
No locals.
Thread 2 (Thread 0x7ffff4769700 (LWP 10661)):
#0 0x000055555558e58a in load_field (filename=<optimized out>, fieldindex=fieldindex at entry=0) at field.c:343
wcs = <optimized out>
cat = 0x7fffec0008c0
tab = 0x7fffec003a60
imatab = <optimized out>
key = <optimized out>
field = <optimized out>
set = <optimized out>
htype = 1452482960
ttype = 21845
str = "test-scamp-segfault.cat\000mp-segfault.cat\000t\000\000\000\377\377", '\000' <repeats 147 times>, "\064`\366\377\177\000\000"...
label = "\000\000\000\000\000\000\000\000P<\207\366\377\177\000\000\340\216v\364\377\177\000\000\063\376\336\367\377\177", '\000' <repeats 18 times>, "\270!\223VUU\000\000\220!\223VUU\000\000\340!\223VUU\000"
keystr = "\005", '\000' <repeats 14 times>
rfilename = <optimized out>
pstr = <optimized out>
astrombuf = <optimized out>
photombuf = <optimized out>
pspath = <optimized out>
d = <optimized out>
i = <optimized out>
j = <optimized out>
n = 1
s = <optimized out>
nsample = 1
line = <optimized out>
#1 0x000055555558eb94 in pthread_load_field (arg=<optimized out>) at field.c:655
findex = 0
proc = <optimized out>
#2 0x00007ffff6879517 in start_thread (arg=0x7ffff4769700) at pthread_create.c:456
__res = <optimized out>
pd = 0x7ffff4769700
now = <optimized out>
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140737294800640, 1722582721818372361, 140737488346030, 140737488346031, 93824992471728, 140737294800640, -1722557353077397239, -1722562171101665015}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
not_first_call = <optimized out>
pagesize_m1 = <optimized out>
sp = <optimized out>
freesize = <optimized out>
__PRETTY_FUNCTION__ = "start_thread"
#3 0x00007ffff635182f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97
No locals.
Thread 1 (Thread 0x7ffff7fb2700 (LWP 10655)):
#0 0x00007ffff687fb26 in futex_wait_cancelable (private=<optimized out>, expected=0, futex_word=0x5555569359d8) at ../sysdeps/unix/sysv/linux/futex-internal.h:88
__ret = -512
oldtype = 0
err = <optimized out>
#1 __pthread_cond_wait_common (abstime=0x0, mutex=0x555556935960, cond=0x5555569359b0) at pthread_cond_wait.c:502
spin = 0
buffer = {__routine = 0x7ffff687f960 <__condvar_cleanup_waiting>, __arg = 0x7fffffffdba0, __canceltype = 4096, __prev = 0x0}
cbuffer = {wseq = 0, cond = 0x5555569359b0, mutex = 0x555556935960, private = 0}
err = <optimized out>
g = 0
flags = <optimized out>
signals = 0
result = 0
seq = 0
#2 __pthread_cond_wait (cond=cond at entry=0x5555569359b0, mutex=mutex at entry=0x555556935960) at pthread_cond_wait.c:655
No locals.
#3 0x00005555555aa484 in threads_gate_sync (gate=0x555556935950) at threads.c:123
No locals.
#4 0x000055555558ee9e in pthread_load_fields (fields=fields at entry=0x555556931030, nfield=nfield at entry=1) at field.c:720
pthread_attr = {__size = '\000' <repeats 17 times>, "\020", '\000' <repeats 37 times>, __align = 0}
proc = 0x555556932140
p = <optimized out>
#5 0x0000555555596109 in makeit () at makeit.c:132
filename = '\000' <repeats 511 times>
extension = '\000' <repeats 511 times>
str = '\000' <repeats 511 times>
fgroups = <optimized out>
fields = 0x555556931030
reffields = <optimized out>
tm = <optimized out>
alpha = <optimized out>
delta = <optimized out>
pstr = <optimized out>
i = <optimized out>
f = <optimized out>
g = <optimized out>
nfield = 1
ngroup = 0
nsample = <optimized out>
nclip = <optimized out>
hh = <optimized out>
mm = <optimized out>
dd = <optimized out>
dm = <optimized out>
#6 0x0000555555559db2 in main (argc=<optimized out>, argv=<optimized out>) at main.c:198
fp = <optimized out>
tdiff = <optimized out>
fields = <optimized out>
dets = <optimized out>
liststr = "H\363\003\366\377\177\000\000\000\000\000\000\000\000\000\000\002\000\000\000\000\000\000\000D\215\336\367\377\177\000\000\001", '\000' <repeats 15 times>, "\200ÒVUU\000\000\250G\207\366\377\177\000\000\260\337\377\377\377\177\000\000\063\376\336\367\377\177\000\000\000\000\000\000\001\000\000\000?\000\000\000\000\000\000\000`\340\377\377\377\177\000\000\000\034.\366\377\177\000\000\310\021\004\366\377\177\000\000\000\000\000\000\000\000\000\000\020\001\000\000\000\000\000\000\200\037\000\000\377\377\000\000\177\003", '\000' <repeats 22 times>, "\200\037\000\000\377\377", '\000' <repeats 200 times>...
argkey = 0x555556931010
argval = 0x555556931030
str = <optimized out>
listname = <optimized out>
listbuf = <optimized out>
a = <optimized out>
l = <optimized out>
narg = <optimized out>
nim = <optimized out>
opt = <optimized out>
opt2 = <optimized out>
bufpos = <optimized out>
bufsize = <optimized out>
A debugging session is active.
Inferior 1 [process 10655] will be killed.
Quit anyway? (y or n) [answered Y; input not from terminal]
More information about the Debian-astro-maintainers
mailing list