Bug#212048: g++-3.3: a statically compiled c++ binary which references syslog(3) SEGFAULTs on an exception

2003-09-21 Thread bert hubert 
Package: g++-3.3
Version: 1:3.3.2-0pre4
Severity: important
Tags: sid

When compiled with "g++ static.cc -o static -static", this program segfaults
on execution. I spent 6 hours narrowing this down as it is a very unlikely
bug. Some speculation below.

#include 
#include 

using namespace std;

int func()
{
  syslog(LOG_INFO,"","");
}

int main(int argc, char **argv)
{
  try {
throw(10);
  }
  catch(...) {
cout<<"Smells like a 10"<

Bug#212048: g++-3.2.3 does the same thing

2003-09-21 Thread bert hubert 
Does the same thing: g++-3.2 static.cc -o static -static

-- 
http://www.PowerDNS.com  Open source, database driven DNS Software 
http://lartc.org   Linux Advanced Routing & Traffic Control HOWTO

Bug#212048: reassign

2003-09-22 Thread bert hubert 
reassign 212048 libc6
severity 212048 serious

After comparing notes and retrying on g++-2.95.2, g++-3.2 and g++-3.3 and
seeing the bug in all places, Wichert Akkerman suggested reassigning the bug
to libc6 and changing its severity to 'serious'.

The problem shows on stock debian sid.

The problem does not show on SuSE or Red Hat, but does plague Debian with
very very new glibc + nptl, suggesting either something rotten with recent
glibc's or problems on a more fundamental level.

Christian Leber narrowed it down to:

works:  * this is glibc as of 2003-07-02T11:06:49-0700 and nptl 0.52
crash:  * this is glibc as of 2003-07-15T01:00:00-0700 and nptl 0.53

So something happened in between. Many thanks to Christian Leber for
providing the above dates!

thanks.
  
-- 
http://www.PowerDNS.com  Open source, database driven DNS Software 
http://lartc.org   Linux Advanced Routing & Traffic Control HOWTO

string::reserve method broken when shrinking

2001-10-11 Thread bert hubert 

>Submitter-Id:  net
>Originator:    bert hubert ([EMAIL PROTECTED])
>Organization:  PowerDNS
>Confidential:  no
>Synopsis:  When reserving a string to become smaller, program crashes
>Severity:  serious
>Priority:  medium
>Category:  libstdc++
>Class: wrong-code
>Release:   3.0.2 20010922 (Debian prerelease) (Debian testing/unstable)
>Environment:
System: Linux hubert 2.4.10 #1 Sun Sep 23 21:14:45 CEST 2001 i686 unknown
Architecture: i686


host: i386-pc-linux-gnu
build: i386-pc-linux-gnu
target: i386-pc-linux-gnu
configured with: ../src/configure -v 
--enable-languages=c,c++,java,f77,proto,objc --prefix=/usr 
--infodir=/share/info --mandir=/share/man --enable-shared --with-gnu-as 
--with-gnu-ld --with-system-zlib --enable-long-long --enable-nls 
--without-included-gettext --disable-checking --enable-threads=posix 
--enable-java-gc=boehm --with-cpp-install-dir=bin --enable-objc-gc i386-linux
>Description:
Snippet of code:

/** convenience function for creating a reply packet from a question packet.
Do not forget to delete it after use! */
DNSPacket *DNSPacket::replyPacket() const
{
  DNSPacket *r=new DNSPacket;
  r->setRemote(&remote);
  r->setAnswer(true);  // this implies the allocation of the header
  r->setA(true); // and we are authoritative
  r->setRA(0); // no recursion available
  r->setRD(d.rd); // if you wanted to recurse, answer will say you wanted it
(we don't do it)
  r->setID(d.id);
  r->setOpcode(0);

  // reserve some space
  r->stringbuffer.reserve(d_qlen+12);
  // copy the question in
  r->setQ(r->stringbuffer.c_str()+12,d_qlen);
  r->d.qdcount=1;
  
  r->d_dt=d_dt;

  return r;
}

I accidentally forgot the r-> before stringbuffer.reserve(d_qlen+12), which
caused a request to reserve a smaller space then currently used by
stringbuffer. The method was not const, which caused gcc not to notice the
error.

Backtrace of the coredump, somewhat incorrect:

#0  0x08075887 in std::__default_alloc_template::allocate(unsigned)
()
at eval.c:41
#1  0x080747d6 in std::string::_Rep::_S_create(unsigned,
std::allocator
+const&) () at eval.c:41
#2  0x08073535 in std::string::_Rep::_M_clone(std::allocator const&,
+unsigned) () at eval.c:41
#3  0x080737d5 in std::string::reserve(unsigned) () at eval.c:41
#4  0x0805cf17 in DNSPacket::replyPacket() () at eval.c:41
#5  0x0806aee7 in PacketHandler::question(DNSPacket*) () at eval.c:41
#6  0x080739e0 in Distributor::makeThread(void*) () at eval.c:41
#7  0x40020efa in pthread_detach () from /lib/libpthread.so.0

I think the problem is due to this line in basic_string.tcc:

  if (__res > this->capacity() || _M_rep()->_M_is_shared())

and then this one:

  _CharT* __tmp = _M_rep()->_M_clone(__a, __res - this->size());

This probably leads to a negative clone() request.

>How-To-Repeat:

>Fix: