compiler bug turning up in cmake package?
Andrew Haley
aph at redhat.com
Tue Aug 26 10:17:00 UTC 2008
Matthew Woehlke wrote:
> I'm getting this SEGV trying to install kdelibs on my machine (koji
> package 2.6.1-1.fc10.i386):
>
> #0 cmELF::GetRPath (this=0xbf986708) at
> /usr/src/debug/cmake-2.6.1/Source/cmELF.cxx:787
> #1 0x080e9c07 in cmSystemTools::CheckRPath (file=@0xbf986800,
> newRPath=@0xbf9867fc)
> at /usr/src/debug/cmake-2.6.1/Source/cmSystemTools.cxx:2617
> #2 0x08134378 in cmFileCommand::HandleRPathCheckCommand
> (this=0x9ad3db8, args=@0xbf986874)
> at /usr/src/debug/cmake-2.6.1/Source/cmFileCommand.cxx:1557
> #3 0x0815dd6a in cmFileCommand::InitialPass (this=0x9ad3db8,
> args=@0xbf986874)
> at /usr/src/debug/cmake-2.6.1/Source/cmFileCommand.cxx:121
> #4 0x081620cc in cmCommand::InvokeInitialPass (this=0x9ad3db8,
> args=@0x9ad3fd4, status=@0xbf986918)
> at /usr/src/debug/cmake-2.6.1/Source/cmCommand.h:68
> #5 0x080c65a8 in cmMakefile::ExecuteCommand (this=0x9ac2730,
> lff=@0x9ad3fc8, status=@0xbf986918)
> at /usr/src/debug/cmake-2.6.1/Source/cmMakefile.cxx:399
> #6 0x08150baa in cmIfFunctionBlocker::IsFunctionBlocked
> (this=0x9ad1170, lff=@0x9ad7f98, mf=@0x9ac2730,
> inStatus=@0xbf9869f8) at
> /usr/src/debug/cmake-2.6.1/Source/cmIfCommand.cxx:116
> #7 0x080b95dc in cmMakefile::IsFunctionBlocked (this=0x9ac2730,
> lff=@0x9ad7f98, status=@0xbf9869f8)
> at /usr/src/debug/cmake-2.6.1/Source/cmMakefile.cxx:2303
>
> The relevant code is pretty boring:
>
> 785 bool cmELF::Valid() const
> 786 {
> 787 return this->Internal && this->Internal->GetFileType() !=
> FileTypeInvalid;
> 788 }
>
> ...but the disassembly is unnerving:
>
> 0x819d4c0 <_ZN5cmELF8GetRPathEv>: push %ebp
> 0x819d4c1 <_ZN5cmELF8GetRPathEv+1>: mov %esp,%ebp
I think you may be right.
First passed arg is at %ebp + 8.
The stack is:
this
retaddr
prev frame <-- %ebp
> 0x819d4c3 <_ZN5cmELF8GetRPathEv+3>: sub $0x8,%esp
> 0x819d4c6 <_ZN5cmELF8GetRPathEv+6>: mov 0x8(%ebp),%eax
%eax now contains this
> 0x819d4c9 <_ZN5cmELF8GetRPathEv+9>: mov (%eax),%edx
First word of object -> %edx
> 0x819d4cb <_ZN5cmELF8GetRPathEv+11>: test %edx,%edx
> 0x819d4cd <_ZN5cmELF8GetRPathEv+13>: je 0x819d510 <_ZN5cmELF8GetRPathEv+80>
> 0x819d4cf <_ZN5cmELF8GetRPathEv+15>: mov 0x10(%edx),%eax
> 0x819d4d2 <_ZN5cmELF8GetRPathEv+18>: test %eax,%eax
> 0x819d4d4 <_ZN5cmELF8GetRPathEv+20>: je 0x819d500 <_ZN5cmELF8GetRPathEv+64>
> 0x819d4d6 <_ZN5cmELF8GetRPathEv+22>: cmp $0x2,%eax
> 0x819d4d9 <_ZN5cmELF8GetRPathEv+25>: je 0x819d4e2 <_ZN5cmELF8GetRPathEv+34>
> 0x819d4db <_ZN5cmELF8GetRPathEv+27>: cmp $0x3,%eax
> 0x819d4de <_ZN5cmELF8GetRPathEv+30>: xchg %ax,%ax
> 0x819d4e0 <_ZN5cmELF8GetRPathEv+32>: jne 0x819d500 <_ZN5cmELF8GetRPathEv+64>
> 0x819d4e2 <_ZN5cmELF8GetRPathEv+34>: mov (%edx),%eax
> 0x819d4e4 <_ZN5cmELF8GetRPathEv+36>: movl $0xf,0x4(%esp)
> 0x819d4ec <_ZN5cmELF8GetRPathEv+44>: mov %edx,(%esp)
> 0x819d4ef <_ZN5cmELF8GetRPathEv+47>: call *0x14(%eax)
> 0x819d4f2 <_ZN5cmELF8GetRPathEv+50>: leave
> 0x819d4f3 <_ZN5cmELF8GetRPathEv+51>: nop
> 0x819d4f4 <_ZN5cmELF8GetRPathEv+52>: lea 0x0(%esi,%eiz,1),%esi
> 0x819d4f8 <_ZN5cmELF8GetRPathEv+56>: ret
> 0x819d4f9 <_ZN5cmELF8GetRPathEv+57>: lea 0x0(%esi,%eiz,1),%esi
> 0x819d500 <_ZN5cmELF8GetRPathEv+64>: xor %eax,%eax
> 0x819d502 <_ZN5cmELF8GetRPathEv+66>: leave
> 0x819d503 <_ZN5cmELF8GetRPathEv+67>: nop
> 0x819d504 <_ZN5cmELF8GetRPathEv+68>: lea 0x0(%esi,%eiz,1),%esi
> 0x819d508 <_ZN5cmELF8GetRPathEv+72>: ret
> 0x819d509 <_ZN5cmELF8GetRPathEv+73>: lea 0x0(%esi,%eiz,1),%esi
> 0x819d510 <_ZN5cmELF8GetRPathEv+80>: mov 0x10(%edx),%eax
> 0x819d513 <_ZN5cmELF8GetRPathEv+83>: nop
> 0x819d514 <_ZN5cmELF8GetRPathEv+84>: lea 0x0(%esi,%eiz,1),%esi
> 0x819d518 <_ZN5cmELF8GetRPathEv+88>: jmp 0x819d4db
> <_ZN5cmELF8GetRPathEv+27>
>
> Look particularly at the test at +11 and jump at +13, and then at lines
> +80 and +15. If I read this right, it tests if "this->Internal" is NULL,
> and then *dereferences it either way*. This is clearly not what the
> source listing says (and is clearly wrong), so I wonder where this
> generated code came from.
>
> Hmm, actually, staring it it, trying to figure out how to hot-hack it so
> the install will finish, it looks like the jump address is wrong (should
> be going to +64, not +80). Or else, something funny is happening w.r.t.
> "Internal"s vtable.
I think you need to press ahead at full speed to generate a standalone
test case from this.
Andrew.
More information about the fedora-devel-list
mailing list