https://gcc.gnu.org/bugzilla/show_bug.cgi?id=117315
Bug ID: 117315
Summary: [12/13/14/15 regression] Wireshark miscompiled with
LTO since r11-5391-gbb07490abba850
Product: gcc
Version: 15.0
Status: UNCONFIRMED
Keywords: lto, wrong-code
Severity: normal
Priority: P3
Component: ipa
Assignee: unassigned at gcc dot gnu.org
Reporter: sjames at gcc dot gnu.org
Target Milestone: ---
Wireshark upstream mentioned that a little while ago they had a bug where they
used -fno-delete-null-pointer-checks to workaround an issue with LTO at
https://gitlab.com/wireshark/wireshark/-/issues/18216 which first got reported
in Debian at https://bugs.debian.org/1015706. The Gentoo bug is
https://bugs.gentoo.org/941890.
wmem_test fails w/ a segfault after dereferencing a null pointer, even though
there's a null pointer check beforehand. I was initially suspicious of the
pointer being used beforehand, but when reducing it, I ended up hitting it even
with -fno-delete-null-pointer-checks. I also found marking
lookup_or_insert32_node w/ noipa fixes things.
There's a null pointer check for tree->root right above this return, but p
tree->root shows it's null:
```
(gdb) frame 12
#12 0x0000555555573e35 in wmem_tree_foreach (tree=0x507000000200,
callback=0x555555554c90 <count_nodes>, user_data=0x7ffff4809050) at
/home/sam/git/wireshark/wsutil/wmem/wmem_tree.c:789
warning: Source file is more recent than executable.
789 return wmem_tree_foreach_nodes(tree->root, callback, user_data
```
Now, all that said, here's an attempted reduction, but I'm still not sure if
Wireshark is to blame yet.
---
```
$ gcc -Og -ggdb3 -flto=auto -fno-strict-aliasing wmem_allocator_strict.c
wmem_core.c wmem_tree.c -o libwsutil.so.0.0.0 -Wl,-z,lazy -shared
-Wl,-soname,libwsutil.so.0
$ gcc -O2 -ggdb3 -flto=auto -fno-strict-aliasing wmem_test.c wmem_tree.c
wmem_user_cb.c libwsutil.so.0.0.0 -o wmem_test
$ LD_LIBRARY_PATH=$(pwd) ./wmem_test
Segmentation fault (core dumped) ./wmem_test
```
```
Program received signal SIGSEGV, Segmentation fault.
wmem_tree_foreach_nodes (node=0x55555555d5e0, callback=0x555555555c80
<count_nodes>, user_data=0x7fffffffd69c) at
/home/sam/git/wireshark/reduce/wmem_tree.c:168
168 if (wmem_tree_foreach_nodes(node->left, callback, user_data)) {
(gdb) bt
#0 wmem_tree_foreach_nodes (node=0x55555555d5e0, callback=0x555555555c80
<count_nodes>, user_data=0x7fffffffd69c) at
/home/sam/git/wireshark/reduce/wmem_tree.c:168
#1 wmem_tree_foreach (tree=0x55555555d550, callback=0x555555555c80
<count_nodes>, user_data=0x7fffffffd69c) at
/home/sam/git/wireshark/reduce/wmem_tree.c:180
#2 wmem_tree_count (tree=0x55555555d550) at
/home/sam/git/wireshark/reduce/wmem_tree.c:85
#3 wmem_test_tree () at /home/sam/git/wireshark/reduce/wmem_test.c:24
#4 0x0000555555556247 in main (argc=<optimized out>, argv=<optimized out>) at
/home/sam/git/wireshark/reduce/wmem_test.c:36
(gdb) frame 1
#1 wmem_tree_foreach (tree=0x55555555d550, callback=0x555555555c80
<count_nodes>, user_data=0x7fffffffd69c) at
/home/sam/git/wireshark/reduce/wmem_tree.c:180
180 _Bool k = wmem_tree_foreach_nodes(tree->root, callback, user_data);
(gdb) p tree->root
$1 = (wmem_tree_node_t *) 0x0
```
