[Bug binutils/14192] New: gprof SEGFAULT on Solaris

Fri, 01 Jun 2012 06:21:04 -0700 

http://sourceware.org/bugzilla/show_bug.cgi?id=14192

             Bug #: 14192
           Summary: gprof SEGFAULT on Solaris
           Product: binutils
           Version: 2.22
            Status: NEW
          Severity: normal
          Priority: P2
         Component: binutils
        AssignedTo: unassig...@sourceware.org
        ReportedBy: gbburkha...@gmail.com
    Classification: Unclassified


When 'gprof' is built on a Solaris system (SunOS bos0ux02 5.9 Generic_118558-28
sun4u sparc SUNW,Sun-Fire-V440) and linked with the Sun supplied 'libc'
library, it will seg fault when the 'bsearch' function is called in
'corefile.c', unless a map file is provided as an input argument.

The Solaris supplied 'bsearch' function will call the compare function at least
once, even if the number of table entries is zero.  The compare function
'search_mapped_symbol()', quite reasonably, doesn't check for a null pointer
passed to it for the array entry, and de-references it.

As a fix, I've added checks for an empty table prior to calling 'bsearch', so
the value of 'found' is explicitly set:

      if (symbol_map_count == 0)
          found = NULL;
      else
          found = (struct function_map *) bsearch (core_syms[i]->name,

There are two occurrences of calls to 'bsearch' in corefile.c; both need this
kind of handling.


Core was generated by `./gprof /home/glenn.burkhardt/crypt
/home/glenn.burkhardt/gmon.out'.
Program terminated with signal 11, Segmentation fault.
#0  search_mapped_symbol (l=0xf3fa6, r=0x0) at corefile.c:562
562         return strcmp ((const char *) l, ((const struct function_map *)
r)->function_name);
(gdb) whe
#0  search_mapped_symbol (l=0xf3fa6, r=0x0) at corefile.c:562
#1  0xff29ced4 in bsearch () from /usr/lib/libc.so.1
#2  0x000172c0 in core_create_function_syms () at corefile.c:588
#3  0x000198a8 in main (argc=3, argv=0xffbff4c4) at gprof.c:526
(gdb) up
#1  0xff29ced4 in bsearch () from /usr/lib/libc.so.1
(gdb) up
#2  0x000172c0 in core_create_function_syms () at corefile.c:588
588           found = (struct function_map *) bsearch (core_syms[i]->name,
symbol_map,
(gdb) p symbol_map
$1 = (struct function_map *) 0x0

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

_______________________________________________
bug-binutils mailing list
bug-binutils@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-binutils

Reply via email to