gconftool-2 segfaults on arm [shrinkwrap]

Bug #757427 reported by Jani Monoses on 2011-04-11
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Linaro GCC
Won't Fix
Michael Collison
gcc-4.5 (Ubuntu)
gconf (Ubuntu)

Bug Description

The 2.32.2 upload of gconf is likely miscompiled and segfaults. This leads to other armel FTBFSs in the archive when calling gconftool-2 as part of the install phase.

Jani Monoses (jani) wrote :

A rebuild with -O0 on armel is ongoing, to confirm this is a gcc regression since January when the previous version of gconf was uploaded. The gconf changes are minimal and unlikely to be the cause of the bug.

affects: ubuntu → gconf (Ubuntu)
tags: added: arm-porting-queue
summary: - gconf segfaults on arm
+ gconftool-2 segfaults on arm

actually not building yet, FFE needed first.

I am out of the office until 17/04/2011.

Note: This is an automated response to your message "[Bug 757427] [NEW]
gconftool-2 segfaults on arm" sent on 11/4/11 14:32:13.

This is the only notification you will receive while this person is away.

Looks like this caused several FTBFS on armel today:

evolution-indicator gnome-games indicator-session liferea

Those are in Main. I didn't check Universe.

Changed in gconf (Ubuntu):
status: New → Confirmed
importance: Undecided → Critical
milestone: none → ubuntu-11.04-beta-2
Martin Pitt (pitti) wrote :

Workaround was uploaded earlier today, but didn't refer to the bug:

gconf (2.32.2-0ubuntu2) natty; urgency=low

  * debian/rules: Build with -O0 on armel, prevent miscompilation
    causing segfault.
 -- Jani Monoses <email address hidden> Mon, 11 Apr 2011 13:19:42 +0300

Changed in gconf (Ubuntu):
status: Confirmed → Fix Released
Jani Monoses (jani) wrote :

tomboy, evo-indicators, indicator-session and liferea from main rebuilt successfully with the new gconf.

Michael Hope (michaelh1) wrote :

I can reproduce this in gconf 2.32.2 built with with -O2 and gcc-linaro-4.5-2011.03-0.

michaelh@ursa3:~/linaro/packages/gconf-2.32.2/gconf/.libs$ export LD_LIBRARY_PATH=$PWD
michaelh@ursa3:~/linaro/packages/gconf-2.32.2/gconf/.libs$ gdb ./gconfd-2
(gdb) r
Starting program: /home/michaelh/linaro/packages/gconf-2.32.2/gconf/.libs/gconfd-2
[Thread debugging using libthread_db enabled]

Program received signal SIGSEGV, Segmentation fault.
strlen () at ../ports/sysdeps/arm/strlen.S:29
29 ../ports/sysdeps/arm/strlen.S: No such file or directory.
 in ../ports/sysdeps/arm/strlen.S
(gdb) back
#0 strlen () at ../ports/sysdeps/arm/strlen.S:29
#1 0x2ad40f0c in _IO_vfprintf_internal (s=0x7eeabe78, format=<value optimized out>, ap=<value optimized out>) at vfprintf.c:1614
#2 0x2adbd480 in __vasprintf_chk (result_ptr=0x7eeabf54, flags=1, format=0x11634 "Could not connect to session bus: %s", args=<value optimized out>) at vasprintf_chk.c:68
#3 0x2acbae42 in g_vasprintf () from /lib/libglib-2.0.so.0
#4 0x2acbae42 in g_vasprintf () from /lib/libglib-2.0.so.0
Backtrace stopped: previous frame identical to this frame (corrupt stack?)

This smells like the shrink wrap optimisation.

Michael Hope (michaelh1) wrote :

Adding -fno-shrink-wrap and changing back to -O2 works around this problem:

michaelh@ursa3:~/linaro/packages/gconf-2.32.2/gconf/.libs$ gdb ./gconfd-2
(gdb) r
Starting program: /home/michaelh/linaro/packages/gconf-2.32.2/gconf/.libs/gconfd-2
[Thread debugging using libthread_db enabled]

Program exited with code 01.
(gdb) quit

Michael Hope (michaelh1) wrote :

The code in type_byte() is wrong:

 cmp r0, #7
 bhi .L22
 tbb [pc, r0]
 .byte (.L23-.L31)/2
 .byte (.L24-.L31)/2
 .byte (.L25-.L31)/2
 .byte (.L26-.L31)/2
 .byte (.L32-.L31)/2
 .byte (.L28-.L31)/2
 .byte (.L29-.L31)/2
 .byte (.L30-.L31)/2
 movs r0, #112
 bx lr
 push {r4, lr}
 movw r0, #:lower16:.LC1
 sub sp, sp, #8
 movw r1, #:lower16:.LC2
 movw r3, #:lower16:.LANCHOR0
 movt r0, #:upper16:.LC1
 movt r1, #:upper16:.LC2
 movw r2, #1758
 movt r3, #:upper16:.LANCHOR0
 movs r4, #0
 str r4, [sp, #0]
 bl g_assertion_message
 movs r0, #118
 bx lr
 movs r0, #115
 bx lr
 movs r0, #105
 bx lr
 movs r0, #102
 bx lr

Most of the branches are fine, except the one that has the assertion. The prologue pushes and adjusts the stack by 8 but doesn't fix it in the epilogue.

tags: added: shrinkwrap
Changed in gcc-linaro:
status: New → Triaged
importance: Undecided → High
Michael Hope (michaelh1) wrote :
Michael Hope (michaelh1) wrote :

gcc-linaro-4.5-2011.04 works around this by disabling shrink wrap by default.

Changing the priority to medium as it's no longer a bad-code bug in the default configuration.

Changed in gcc-linaro:
importance: High → Medium
Michael Hope (michaelh1) on 2011-06-09
summary: - gconftool-2 segfaults on arm
+ gconftool-2 segfaults on arm [shrinkwrap]
Matthias Klose (doko) wrote :

shrink-wrap was disabled on all architectures in natty

Changed in gcc-4.5 (Ubuntu):
status: New → Fix Released
Changed in gcc-linaro:
assignee: nobody → Michael Collison (michael-collison)
status: Triaged → Won't Fix
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers