http://gcc.gnu.org/bugzilla/show_bug.cgi?id=56881
Bug #: 56881
Summary: Miscompilation (optimisation failure?) causing NULL
dereference and segfault at runtime
Classification: Unclassified
Product: gcc
Version: unknown
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: other
AssignedTo: unassig...@gcc.gnu.org
ReportedBy: devs...@moreofthesa.me.uk
Created attachment 29828
--> http://gcc.gnu.org/bugzilla/attachment.cgi?id=29828
Source which triggers the problem at -O2
We (Unvanquished devs) have found what looks like an optimisation bug in gcc
4.8.0. The ‘offending’ code is this (lines 60 to 62 of
src/tools/lcc/cpp/hideset.c):
hs1 = (Hideset)domalloc(len*sizeof(Hideset));
memmove(hs1, nhs, len*sizeof(Hideset));
hidesets[nhidesets] = hs1;
The allocation succeeds (domalloc is a malloc wrapper), the memmove is fine,
but hs1 somehow becomes NULL. So next time this function is called, there's a
NULL pointer which gets dereferenced a few lines above.
Putting a function call in between the first two lines above works around the
problem, as does swapping the latter two lines (as is done in
https://github.com/Unvanquished/Unvanquished/commit/9157ac0d3668fc059ce001620bbfa45ccf66c8df).
Pre-processed source is attached. I'm able to cause the problem with -Os, -O2
or -O3 but not -O0 or -O; I can try enabling or disabling specific
optimisations.
I'm using stock gcc-4.8 4.8.0-2 (Debian experimental), but another of us, an
Arch user, is using core/gcc 4.8.0-1 (base-devel) and is seeing the same
problem (which is why I'm reporting it here rather than in the Debian BTS).
Architecture is amd64 in both cases.
