Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.

Bug 154504

Summary: Segmentation fault in initstate_r () from /lib/tls/
Product: [Fedora] Fedora Reporter: Mateusz Ploskon <m.ploskon>
Component: glibcAssignee: Jakub Jelinek <jakub>
Status: CLOSED RAWHIDE QA Contact: Brian Brock <bbrock>
Severity: high Docs Contact:
Priority: medium    
Version: 3CC: marcus
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Fixed In Version: 2.3.5-1 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-04-28 12:39:45 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Mateusz Ploskon 2005-04-12 10:12:40 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (compatible; Konqueror/3.3; Linux) (KHTML, like Gecko)

Description of problem:
// following code compiled with 
// gcc -g -O3 -ansi -pedantic -save-temps test.c 
// causes: 
// Program received signal SIGSEGV, Segmentation fault. 
// 0x0040d130 in initstate_r () from /lib/tls/ 
int main() 
  char s[255]; 
  sprintf(s, "%s", "ala ma kota"); 
  return 0; 

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.compile the description a.out 

Additional info:

> gcc -v 
Reading specs from /usr/lib/gcc/i386-redhat-linux/3.4.2/specs 
Configured with: ../configure --prefix=/usr --mandir=/usr/share/man 
--infodir=/usr/share/info --enable-shared --enable-threads=posix 
--disable-checking --with-system-zlib --enable-__cxa_atexit 
--disable-libunwind-exceptions --enable-java-awt=gtk --host=i386-redhat-linux 
Thread model: posix 
gcc version 3.4.2 20041017 (Red Hat 3.4.2-6.fc3)

Comment 1 Mateusz Ploskon 2005-04-12 10:51:50 UTC
*** Bug 154505 has been marked as a duplicate of this bug. ***

Comment 2 Jakub Jelinek 2005-04-12 14:43:36 UTC
This ought to be fixed by

Comment 3 Marcus Sharpe 2005-04-14 12:55:56 UTC
(In reply to comment #2)
> This ought to be fixed by

The last patch added to that bug report (glibc-2.3.4-fix-initstate_r.patch) has
an extra check to ensure buf->state is non-NULL before saving the state. This
extra check doesn't seem to have made it into glibc 2.3.5, and so I get the
following backtrace with the above test app:

Program received signal SIGSEGV, Segmentation fault.
__initstate_r (seed=3898788, arg_state=0x3b7dc0 "", n=32, buf=0x3b7da4)
    at random_r.c:252
252         old_state[-1] = TYPE_0;
(gdb) bt
#0  __initstate_r (seed=3898788, arg_state=0x3b7dc0 "", n=32, buf=0x3b7da4)
    at random_r.c:252
#1  0x002fab5c in strfry (string=0xbffff570 "ala ma kota") at strfry.c:35
#2  0x080483a1 in main () at test.c:9
(gdb) p old_state
$1 = (int32_t *) 0x0
(gdb) p buf->state
$2 = (int32_t *) 0x0

This is with glibc-2.3.5-0.fc3.1

Comment 4 Jakub Jelinek 2005-04-15 18:32:25 UTC
The fix was committed to glibc CVS on Apr, 12th, so it is not in any glibc
rpm yet.

Comment 5 Jakub Jelinek 2005-04-28 12:39:45 UTC
Should be fixed in glibc-2.3.5-1 in rawhide.