Bug#923527: bliss: example segfaults in gmp
Bernhard Übelacker
bernhardu at mailbox.org
Tue Mar 26 10:53:47 GMT 2019
Hello David Bremner,
now the hint in the subject makes sense ;-)
I can perfectly reproduce the crash now.
I compared the arguments from the build log [1]
and reduced it until the crash happens and
the important part is the "-D BLISS_USE_GMP".
Therefore /usr/share/doc/bliss-doc/examples/Makefile could
maybe completed with a CXXFLAGS line similar to one below,
to avoid that situation.
Kind regards,
Bernhard
[1] https://buildd.debian.org/status/fetch.php?pkg=bliss&arch=amd64&ver=0.73-2&stamp=1542196885&raw=0
root at debian:/usr/share/doc/bliss-doc/examples# git diff
diff --git a/Makefile b/Makefile
index 2a676ba..d290e31 100644
--- a/Makefile
+++ b/Makefile
@@ -26,6 +26,18 @@ default: all
LDLIBS = -lbliss -lgmp
+#CXXFLAGS = -Wdate-time -D_FORTIFY_SOURCE=2 -DBLISS_COMPILED_DATE="\"Debian \"" -D BLISS_USE_GMP -g -O2 -fstack-protector-strong -Wformat -Werror=format-security
+# works
+
+#CXXFLAGS = -D BLISS_USE_GMP -g -O2 -fstack-protector-strong -Wformat -Werror=format-security
+# works
+
+#CXXFLAGS = -g -O2 -fstack-protector-strong -Wformat -Werror=format-security
+# fails
+
+CXXFLAGS = -D BLISS_USE_GMP
+# works
+
all: build
build: $(PROGRAMS)
-------------- next part --------------
# Buster amd64 qemu VM 2019-03-26
apt update
apt dist-upgrade
apt install dpkg-dev devscripts mc systemd-coredump gdb valgrind bliss bliss-doc libbliss-dev bliss-dbgsym libbliss2-dbgsym libgmp10-dbgsym
cd /usr/share/doc/bliss-doc/examples
make
root at debian:/usr/share/doc/bliss-doc/examples# make
g++ bliss.cc -lbliss -lgmp -o bliss
mkdir /tmp/source/libgmp10/orig -p
cd /tmp/source/libgmp10/orig
apt source libgmp10
cd
#########
wget "https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=923527;filename=foo.in;msg=15" -O foo.in
benutzer at debian:~$ /usr/share/doc/bliss-doc/examples/bliss foo.in
Speicherzugriffsfehler (Speicherabzug geschrieben)
root at debian:~# coredumpctl list
TIME PID UID GID SIG COREFILE EXE
Tue 2019-03-26 11:23:31 CET 14934 1000 1000 11 present /usr/share/doc/bliss-doc/examples/bliss
[ 451.341549] bliss[14934]: segfault at 3fff ip 00007febc293c0f9 sp 00007ffd303fe908 error 6 in libgmp.so.10.3.2[7febc2923000+5e000]
[ 451.341558] Code: ff 48 89 c1 e9 55 ff ff ff 0f 1f 84 00 00 00 00 00 48 8d 56 10 e9 b7 70 fe ff 0f 1f 80 00 00 00 00 48 8b 47 08 48 85 f6 78 17 <48> 89 30 0f 95 c0 0f b6 c0 89 47 04 c3 66 2e 0f 1f 84 00 00 00 00
root at debian:~# coredumpctl gdb 14934
PID: 14934 (bliss)
UID: 1000 (benutzer)
GID: 1000 (benutzer)
Signal: 11 (SEGV)
Timestamp: Tue 2019-03-26 11:23:31 CET (4min 57s ago)
Command Line: /usr/share/doc/bliss-doc/examples/bliss foo.in
Executable: /usr/share/doc/bliss-doc/examples/bliss
Control Group: /user.slice/user-1000.slice/session-3.scope
Unit: session-3.scope
Slice: user-1000.slice
Session: 3
Owner UID: 1000 (benutzer)
Boot ID: 5b54465ced1e488b84113e9382cd085d
Machine ID: 32f43b50ac8c4b21941bc0b02f8e7811
Hostname: debian
Storage: /var/lib/systemd/coredump/core.bliss.1000.5b54465ced1e488b84113e9382cd085d.14934.1553595811000000.lz4
Message: Process 14934 (bliss) of user 1000 dumped core.
Stack trace of thread 14934:
#0 0x00007febc293c0f9 __gmpz_set_si (libgmp.so.10)
#1 0x00007febc29aac10 _ZN5bliss6BigNum6assignEi (libbliss.so.2)
#2 0x00007febc29ada3c _ZN5bliss13AbstractGraph18find_automorphismsERNS_5StatsEPFvPvjPKjES3_ (libbliss.so.2)
#3 0x00005561cbde2cd0 main (bliss)
#4 0x00007febc245a09b __libc_start_main (libc.so.6)
#5 0x00005561cbde21da _start (bliss)
GNU gdb (Debian 8.2.1-2) 8.2.1
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/share/doc/bliss-doc/examples/bliss...(no debugging symbols found)...done.
[New LWP 14934]
Core was generated by `/usr/share/doc/bliss-doc/examples/bliss foo.in'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00007febc293c0f9 in __gmpz_set_si () from /usr/lib/x86_64-linux-gnu/libgmp.so.10
(gdb) set width 0
(gdb) set pagination off
(gdb) bt
#0 0x00007febc293c0f9 in __gmpz_set_si () from /usr/lib/x86_64-linux-gnu/libgmp.so.10
#1 0x00007febc29aac10 in bliss::AbstractGraph::search(bool, bliss::Stats&) () from /usr/lib/x86_64-linux-gnu/libbliss.so.2
#2 0x00007febc29ada3c in bliss::AbstractGraph::find_automorphisms(bliss::Stats&, void (*)(void*, unsigned int, unsigned int const*), void*) () from /usr/lib/x86_64-linux-gnu/libbliss.so.2
#3 0x00005561cbde2cd0 in main ()
(gdb)
Core was generated by `/usr/share/doc/bliss-doc/examples/bliss foo.in'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 __gmpz_set_si (dest=dest at entry=0x7ffd303feb20, val=val at entry=1) at ../../mpz/set_si.c:42
42 ../../mpz/set_si.c: Datei oder Verzeichnis nicht gefunden.
(gdb) set width 0
(gdb) set pagination off
(gdb) directory /tmp/source/libgmp10/orig/gmp-6.1.2+dfsg/debian/source
Source directories searched: /tmp/source/libgmp10/orig/gmp-6.1.2+dfsg/debian/source:$cdir:$cwd
(gdb) bt
#0 __gmpz_set_si (dest=dest at entry=0x7ffd303feb20, val=val at entry=1) at ../../mpz/set_si.c:42
#1 0x00007febc29aac10 in bliss::BigNum::assign (n=1, this=0x7ffd303feb20) at ./include/bliss/bignum.hh:61
#2 bliss::Stats::reset (this=0x7ffd303feb20) at ../graph.hh:70
#3 bliss::AbstractGraph::search (this=0x5561cce140b0, canonical=false, stats=...) at ../graph.cc:638
#4 0x00007febc29ada3c in bliss::AbstractGraph::find_automorphisms (this=0x5561cce140b0, stats=..., hook=<optimized out>, user_param=<optimized out>) at ../graph.cc:1765
#5 0x00005561cbde2cd0 in main ()
(gdb) down
#0 __gmpz_set_si (dest=dest at entry=0x7ffd303feb20, val=val at entry=1) at ../../mpz/set_si.c:42
42 PTR (dest)[0] = vl & GMP_NUMB_MASK;
(gdb) list
33
34 void
35 mpz_set_si (mpz_ptr dest, signed long int val)
36 {
37 mp_size_t size;
38 mp_limb_t vl;
39
40 vl = (mp_limb_t) ABS_CAST (unsigned long int, val);
41
42 PTR (dest)[0] = vl & GMP_NUMB_MASK;
43 size = vl != 0;
44
45 #if GMP_NAIL_BITS != 0
46 if (vl > GMP_NUMB_MAX)
47 {
48 MPZ_REALLOC (dest, 2);
49 PTR (dest)[1] = vl >> GMP_NUMB_BITS;
50 size = 2;
51 }
52 #endif
53
54 SIZ (dest) = val >= 0 ? size : -size;
55 }
(gdb) disassemble $pc-0x20,$pc+0x20
Dump of assembler code from 0x7febc293c0d9 to 0x7febc293c119:
0x00007febc293c0d9: (bad)
0x00007febc293c0da: test %al,(%rax)
0x00007febc293c0dc: add %al,(%rax)
0x00007febc293c0de: add %al,(%rax)
0x00007febc293c0e0 <__gmpz_set_q+0>: lea 0x10(%rsi),%rdx
0x00007febc293c0e4 <__gmpz_set_q+4>: jmpq 0x7febc29231a0 <__gmpz_tdiv_q at plt>
0x00007febc293c0e9: nopl 0x0(%rax)
0x00007febc293c0f0 <__gmpz_set_si+0>: mov 0x8(%rdi),%rax
0x00007febc293c0f4 <__gmpz_set_si+4>: test %rsi,%rsi
0x00007febc293c0f7 <__gmpz_set_si+7>: js 0x7febc293c110 <__gmpz_set_si+32>
=> 0x00007febc293c0f9 <__gmpz_set_si+9>: mov %rsi,(%rax)
0x00007febc293c0fc <__gmpz_set_si+12>: setne %al
0x00007febc293c0ff <__gmpz_set_si+15>: movzbl %al,%eax
0x00007febc293c102 <__gmpz_set_si+18>: mov %eax,0x4(%rdi)
0x00007febc293c105 <__gmpz_set_si+21>: retq
0x00007febc293c106 <__gmpz_set_si+22>: nopw %cs:0x0(%rax,%rax,1)
0x00007febc293c110 <__gmpz_set_si+32>: neg %rsi
0x00007febc293c113 <__gmpz_set_si+35>: mov %rsi,(%rax)
0x00007febc293c116 <__gmpz_set_si+38>: mov $0xffffffff,%eax
End of assembler dump.
(gdb) print dest
$1 = (mpz_ptr) 0x7ffd303feb20
(gdb) print $rax
$2 = 16383
(gdb) print/x $rax
$3 = 0x3fff
(gdb) print/x $rdi
$4 = 0x7ffd303feb20
(gdb) print *dest
$5 = {_mp_alloc = 0, _mp_size = -2147483648, _mp_d = 0x3fff}
################
benutzer at debian:~$ gdb -q --args /usr/share/doc/bliss-doc/examples/bliss foo.in
Reading symbols from /usr/share/doc/bliss-doc/examples/bliss...(no debugging symbols found)...done.
(gdb) set width 0
(gdb) set pagination off
(gdb) directory /tmp/source/libgmp10/orig/gmp-6.1.2+dfsg/debian/source
Source directories searched: /tmp/source/libgmp10/orig/gmp-6.1.2+dfsg/debian/source:$cdir:$cwd
(gdb) b main
Breakpoint 1 at 0x18aa
(gdb) run
Starting program: /usr/share/doc/bliss-doc/examples/bliss foo.in
Breakpoint 1, 0x00005555555558aa in main ()
(gdb) record
(gdb) cont
Continuing.
[1]+ Angehalten gdb -q --args /usr/share/doc/bliss-doc/examples/bliss foo.in
benutzer at debian:~$ fg
gdb -q --args /usr/share/doc/bliss-doc/examples/bliss foo.in
Process record: failed to record execution log.
Program stopped.
__gmpz_set_si (dest=dest at entry=0x7fffffffe460, val=val at entry=1) at ../../mpz/set_si.c:42
42 PTR (dest)[0] = vl & GMP_NUMB_MASK;
(gdb) disassemble $pc-0x20,$pc+0x20
Dump of assembler code from 0x7ffff7f450d9 to 0x7ffff7f45119:
0x00007ffff7f450d9: (bad)
0x00007ffff7f450da: test %al,(%rax)
0x00007ffff7f450dc: add %al,(%rax)
0x00007ffff7f450de: add %al,(%rax)
0x00007ffff7f450e0 <__gmpz_set_q+0>: lea 0x10(%rsi),%rdx
0x00007ffff7f450e4 <__gmpz_set_q+4>: jmpq 0x7ffff7f2c1a0 <__gmpz_tdiv_q at plt>
0x00007ffff7f450e9: nopl 0x0(%rax)
0x00007ffff7f450f0 <__gmpz_set_si+0>: mov 0x8(%rdi),%rax
0x00007ffff7f450f4 <__gmpz_set_si+4>: test %rsi,%rsi
0x00007ffff7f450f7 <__gmpz_set_si+7>: js 0x7ffff7f45110 <__gmpz_set_si+32>
=> 0x00007ffff7f450f9 <__gmpz_set_si+9>: mov %rsi,(%rax)
0x00007ffff7f450fc <__gmpz_set_si+12>: setne %al
0x00007ffff7f450ff <__gmpz_set_si+15>: movzbl %al,%eax
0x00007ffff7f45102 <__gmpz_set_si+18>: mov %eax,0x4(%rdi)
0x00007ffff7f45105 <__gmpz_set_si+21>: retq
0x00007ffff7f45106 <__gmpz_set_si+22>: nopw %cs:0x0(%rax,%rax,1)
0x00007ffff7f45110 <__gmpz_set_si+32>: neg %rsi
0x00007ffff7f45113 <__gmpz_set_si+35>: mov %rsi,(%rax)
0x00007ffff7f45116 <__gmpz_set_si+38>: mov $0xffffffff,%eax
End of assembler dump.
(gdb) print/x $rax
$1 = 0x3fff
(gdb) display/x $rax
1: /x $rax = 0x3fff
(gdb) reverse-stepi
0x00007ffff7f450f7 40 vl = (mp_limb_t) ABS_CAST (unsigned long int, val);
1: /x $rax = 0x3fff
(gdb) display/i $pc
2: x/i $pc
=> 0x7ffff7f450f7 <__gmpz_set_si+7>: js 0x7ffff7f45110 <__gmpz_set_si+32>
(gdb) reverse-stepi
0x00007ffff7f450f4 40 vl = (mp_limb_t) ABS_CAST (unsigned long int, val);
1: /x $rax = 0x3fff
2: x/i $pc
=> 0x7ffff7f450f4 <__gmpz_set_si+4>: test %rsi,%rsi
(gdb)
40 vl = (mp_limb_t) ABS_CAST (unsigned long int, val);
1: /x $rax = 0x0
2: x/i $pc
=> 0x7ffff7f450f0 <__gmpz_set_si>: mov 0x8(%rdi),%rax
(gdb) x/1xg $rdi + 8
0x7fffffffe468: 0x0000000000003fff
(gdb) watch *0x7fffffffe468
Hardware watchpoint 2: *0x7fffffffe468
(gdb) dele 2
(gdb) set can-use-hw-watchpoints 0
(gdb) watch *0x7fffffffe468
Watchpoint 3: *0x7fffffffe468
(gdb) watch *0x7fffffffe460
Watchpoint 4: *0x7fffffffe460
(gdb) undisp 1
(gdb) reverse-cont
Continuing.
Watchpoint 3: *0x7fffffffe468
Old value = 16383
New value = 0
0x0000555555555f1a in bliss::BigNum::assign(int) ()
2: x/i $pc
=> 0x555555555f1a <_ZN5bliss6BigNum6assignEi+18>: fstpt (%rax)
(gdb) bt
#0 0x0000555555555f1a in bliss::BigNum::assign(int) ()
#1 0x0000555555555f7b in bliss::Stats::reset() ()
#2 0x0000555555555ff4 in bliss::Stats::Stats() ()
#3 0x0000555555555c15 in main ()
################
set width 0
set pagination off
directory /tmp/source/libgmp10/orig/gmp-6.1.2+dfsg/debian/source
b main
run
record
cont
###############
https://buildd.debian.org/status/fetch.php?pkg=bliss&arch=amd64&ver=0.73-2&stamp=1542196885&raw=0
g++ -DHAVE_CONFIG_H -I. -I.. -Wdate-time -D_FORTIFY_SOURCE=2 -DBLISS_COMPILED_DATE="\"Debian \"" -D BLISS_USE_GMP -I ./include -g -O2 -fdebug-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -Wformat -Werror=format-security -c -o bliss-bliss.o `test -f 'bliss.cc' || echo '../'`bliss.cc
###############
root at debian:/usr/share/doc/bliss-doc/examples# git diff
diff --git a/Makefile b/Makefile
index 2a676ba..d290e31 100644
--- a/Makefile
+++ b/Makefile
@@ -26,6 +26,18 @@ default: all
LDLIBS = -lbliss -lgmp
+#CXXFLAGS = -Wdate-time -D_FORTIFY_SOURCE=2 -DBLISS_COMPILED_DATE="\"Debian \"" -D BLISS_USE_GMP -g -O2 -fstack-protector-strong -Wformat -Werror=format-security
+# works
+
+#CXXFLAGS = -D BLISS_USE_GMP -g -O2 -fstack-protector-strong -Wformat -Werror=format-security
+# works
+
+#CXXFLAGS = -g -O2 -fstack-protector-strong -Wformat -Werror=format-security
+# fails
+
+CXXFLAGS = -D BLISS_USE_GMP
+# works
+
all: build
build: $(PROGRAMS)
More information about the debian-science-maintainers
mailing list