Execution of the test randomly fails for me on OpenBSD/amd64. Looking
at the code, it seems it is doing an out-of-bounds array access. For
refernce I've copied the code of the testcase below. As you can see
there's a foo(0) call in main(). Therefore
struct foo **upper = &as->x[rank * 8 - 1];
becomes
struct foo **upper = &as->x[-1];
so upper points to an address before the malloc()'ed memory. Then
when the code does
*upper = 0;
this generates a SIGSEGV, if the malloc()'ed memory happens to lie
right at the start of a page. I suppose that may never happen on some
platforms (Linux?) since many malloc() implementations will use the
start of a page for their own bookkeeping.
I don't really understand what the testcase is testing. Richard, can
you perhaps shed some light on this?
Thanks,
Mark
---
extern void abort(void);
struct foo {
int rank;
char *name;
};
struct mem {
struct foo *x[4];
};
void __attribute__((noinline)) bar(struct foo **f)
{
*f = __builtin_malloc(sizeof(struct foo));
}
struct foo * foo(int rank)
{
void *x = __builtin_malloc(sizeof(struct mem));
struct mem *as = x;
struct foo **upper = &as->x[rank * 8 - 1];
*upper = 0;
bar(upper);
return *upper;
}
int main()
{
if (foo(0) == 0)
abort ();
return 0;
}
