This test case (taken from Emacs autoconfig, "gcc-8 -o conftest -g3 -O2 conftest.c -lgccjit") randomly segfaults on Ubuntu 18.04.
christian@christian-homeoffice:~/Software/src$ ./conftest
christian@christian-homeoffice:~/Software/src$ ./conftest
christian@christian-homeoffice:~/Software/src$ ./conftest
christian@christian-homeoffice:~/Software/src$ ./conftest
christian@christian-homeoffice:~/Software/src$ ./conftest
christian@christian-homeoffice:~/Software/src$ ./conftest
Segmentation fault (core dumped)
christian@christian-homeoffice:~/Software/src$ ./conftest
christian@christian-homeoffice:~/Software/src$ ./conftest
christian@christian-homeoffice:~/Software/src$ ./conftest
christian@christian-homeoffice:~/Software/src$ ./conftest
christian@christian-homeoffice:~/Software/src$ ./conftest
christian@christian-homeoffice:~/Software/src$ ./conftest
christian@christian-homeoffice:~/Software/src$ ./conftest
christian@christian-homeoffice:~/Software/src$ ./conftest
christian@christian-homeoffice:~/Software/src$ ./conftest
Segmentation fault (core dumped)
christian@christian-homeoffice:~/Software/src$ ./conftest
christian@christian-homeoffice:~/Software/src$ ./conftest
Segmentation fault (core dumped)
Backtrace in GDB:
Core was generated by `./conftest'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 do_add_prefix (pprefix=pprefix@entry=0x7ffe29e78c00, prefix=prefix@entry=0x556e0d2586a0 "/home/christian/Software/bear/bin/", first=first@entry=false) at ../../src/gcc/file-find.c:119
119 ../../src/gcc/file-find.c: Datei oder Verzeichnis nicht gefunden.
(gdb) bt
#0 do_add_prefix (pprefix=pprefix@entry=0x7ffe29e78c00, prefix=prefix@entry=0x556e0d2586a0 "/home/christian/Software/bear/bin/", first=first@entry=false) at ../../src/gcc/file-find.c:119
#1 0x00007f417d35dfb7 in add_prefix (pprefix=pprefix@entry=0x7ffe29e78c00, prefix=prefix@entry=0x556e0d2586a0 "/home/christian/Software/bear/bin/") at ../../src/gcc/file-find.c:147
#2 0x00007f417d35e075 in prefix_from_string (p=<optimized out>, pprefix=pprefix@entry=0x7ffe29e78c00) at ../../src/gcc/file-find.c:201
#3 0x00007f417d35e15a in prefix_from_env (env=env@entry=0x7f417d3dcb50 "PATH", pprefix=pprefix@entry=0x7ffe29e78c00) at ../../src/gcc/file-find.c:168
#4 0x00007f417c712a91 in gcc::jit::playback::context::invoke_embedded_driver (this=this@entry=0x7ffe29e78e30, argvec=argvec@entry=0x7ffe29e78c98) at ../../src/gcc/jit/jit-playback.c:2513
#5 0x00007f417c715341 in gcc::jit::playback::context::invoke_driver(char const*, char const*, char const*, timevar_id_t, bool, bool) () at ../../src/gcc/jit/jit-playback.c:2492
#6 0x00007f417c7163f8 in gcc::jit::playback::context::convert_to_dso (this=this@entry=0x7ffe29e78e30, ctxt_progname=ctxt_progname@entry=0x7f417d3cff1c "libgccjit.so") at ../../src/gcc/jit/jit-tempdir.h:59
#7 0x00007f417c71647a in gcc::jit::playback::compile_to_memory::postprocess (this=0x7ffe29e78e30, ctxt_progname=0x7f417d3cff1c "libgccjit.so") at ../../src/gcc/jit/jit-playback.c:1900
#8 0x00007f417c714e0f in gcc::jit::playback::context::compile (this=this@entry=0x7ffe29e78e30) at ../../src/gcc/jit/jit-playback.c:1873
#9 0x00007f417c70b374 in gcc::jit::recording::context::compile (this=this@entry=0x556e0d20a730) at ../../src/gcc/jit/jit-recording.c:1352
#10 0x00007f417c6ff780 in gcc_jit_context_compile (ctxt=0x556e0d20a730) at ../../src/gcc/jit/libgccjit.c:2679
#11 0x0000556e0b327a49 in main (argc=<optimized out>, argv=<optimized out>) at conftest.c:131
Interestingly, I have not been able to reproduce the crash when running the program directly under gdb.
This crash is introduced by patch pr87808.diff:
[...]
+#ifdef FALLBACK_
+ if (gcc_driver_file == NULL && ::getenv ("GCC_EXEC_PREFIX") == NULL)
+ {
+ struct path_prefix path;
+
+ prefix_from_env ("PATH", &path);
[...]
"path" is used uninitialized.