gconftool-2 segfaults on arm [shrinkwrap]

A rebuild with -O0 on armel is ongoing, to confirm this is a gcc regression since January when the previous version of gconf was uploaded. The gconf changes are minimal and unlikely to be the cause of the bug.

actually not building yet, FFE needed first.

I am out of the office until 17/04/2011.

Note: This is an automated response to your message "[Bug 757427] [NEW]
gconftool-2 segfaults on arm" sent on 11/4/11 14:32:13.

This is the only notification you will receive while this person is away.

Looks like this caused several FTBFS on armel today:

evolution-indicator gnome-games indicator-session liferea

Those are in Main. I didn't check Universe.

Workaround was uploaded earlier today, but didn't refer to the bug:

gconf (2.32.2-0ubuntu2) natty; urgency=low

  * debian/rules: Build with -O0 on armel, prevent miscompilation
    causing segfault.
 -- Jani Monoses <email address hidden> Mon, 11 Apr 2011 13:19:42 +0300

tomboy, evo-indicators, indicator-session and liferea from main rebuilt successfully with the new gconf.

I can reproduce this in gconf 2.32.2 built with with -O2 and gcc-linaro-4.5-2011.03-0.

michaelh@ursa3:~/linaro/packages/gconf-2.32.2/gconf/.libs$ export LD_LIBRARY_PATH=$PWD
michaelh@ursa3:~/linaro/packages/gconf-2.32.2/gconf/.libs$ gdb ./gconfd-2
...
(gdb) r
Starting program: /home/michaelh/linaro/packages/gconf-2.32.2/gconf/.libs/gconfd-2
[Thread debugging using libthread_db enabled]

Program received signal SIGSEGV, Segmentation fault.
strlen () at ../ports/sysdeps/arm/strlen.S:29
29 ../ports/sysdeps/arm/strlen.S: No such file or directory.
 in ../ports/sysdeps/arm/strlen.S
(gdb) back
#0 strlen () at ../ports/sysdeps/arm/strlen.S:29
#1 0x2ad40f0c in _IO_vfprintf_internal (s=0x7eeabe78, format=<value optimized out>, ap=<value optimized out>) at vfprintf.c:1614
#2 0x2adbd480 in __vasprintf_chk (result_ptr=0x7eeabf54, flags=1, format=0x11634 "Could not connect to session bus: %s", args=<value optimized out>) at vasprintf_chk.c:68
#3 0x2acbae42 in g_vasprintf () from /lib/libglib-2.0.so.0
#4 0x2acbae42 in g_vasprintf () from /lib/libglib-2.0.so.0
Backtrace stopped: previous frame identical to this frame (corrupt stack?)

This smells like the shrink wrap optimisation.

Adding -fno-shrink-wrap and changing back to -O2 works around this problem:

michaelh@ursa3:~/linaro/packages/gconf-2.32.2/gconf/.libs$ gdb ./gconfd-2
...
(gdb) r
Starting program: /home/michaelh/linaro/packages/gconf-2.32.2/gconf/.libs/gconfd-2
[Thread debugging using libthread_db enabled]

Program exited with code 01.
(gdb) quit

The code in type_byte() is wrong:

type_byte:
 cmp r0, #7
 bhi .L22
 tbb [pc, r0]
.L31:
 .byte (.L23-.L31)/2
 .byte (.L24-.L31)/2
 .byte (.L25-.L31)/2
 .byte (.L26-.L31)/2
 .byte (.L32-.L31)/2
 .byte (.L28-.L31)/2
 .byte (.L29-.L31)/2
 .byte (.L30-.L31)/2
.L30:
 movs r0, #112
 bx lr
.L22:
 push {r4, lr}
 movw r0, #:lower16:.LC1
 sub sp, sp, #8
 movw r1, #:lower16:.LC2
 movw r3, #:lower16:.LANCHOR0
 movt r0, #:upper16:.LC1
 movt r1, #:upper16:.LC2
 movw r2, #1758
 movt r3, #:upper16:.LANCHOR0
 movs r4, #0
 str r4, [sp, #0]
 bl g_assertion_message
 movs r0, #118
 bx lr
.L24:
 movs r0, #115
 bx lr
.L25:
 movs r0, #105
 bx lr
.L26:
 movs r0, #102
 bx lr
        ...

Most of the branches are fine, except the one that has the assertion. The prologue pushes and adjusts the stack by 8 but doesn't fix it in the epilogue.

lp:~rsandifo/gcc-linaro/lp-758082 does not fix this.

gcc-linaro-4.5-2011.04 works around this by disabling shrink wrap by default.

Changing the priority to medium as it's no longer a bad-code bug in the default configuration.

shrink-wrap was disabled on all architectures in natty