Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 154504 - Segmentation fault in initstate_r () from /lib/tls/
Summary: Segmentation fault in initstate_r () from /lib/tls/
Alias: None
Product: Fedora
Classification: Fedora
Component: glibc
Version: 3
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: Jakub Jelinek
QA Contact: Brian Brock
: 154505 (view as bug list)
Depends On:
TreeView+ depends on / blocked
Reported: 2005-04-12 10:12 UTC by Mateusz Ploskon
Modified: 2007-11-30 22:11 UTC (History)
1 user (show)

Fixed In Version: 2.3.5-1
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2005-04-28 12:39:45 UTC

Attachments (Terms of Use)

Description Mateusz Ploskon 2005-04-12 10:12:40 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (compatible; Konqueror/3.3; Linux) (KHTML, like Gecko)

Description of problem:
// following code compiled with 
// gcc -g -O3 -ansi -pedantic -save-temps test.c 
// causes: 
// Program received signal SIGSEGV, Segmentation fault. 
// 0x0040d130 in initstate_r () from /lib/tls/ 
int main() 
  char s[255]; 
  sprintf(s, "%s", "ala ma kota"); 
  return 0; 

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.compile the description a.out 

Additional info:

> gcc -v 
Reading specs from /usr/lib/gcc/i386-redhat-linux/3.4.2/specs 
Configured with: ../configure --prefix=/usr --mandir=/usr/share/man 
--infodir=/usr/share/info --enable-shared --enable-threads=posix 
--disable-checking --with-system-zlib --enable-__cxa_atexit 
--disable-libunwind-exceptions --enable-java-awt=gtk --host=i386-redhat-linux 
Thread model: posix 
gcc version 3.4.2 20041017 (Red Hat 3.4.2-6.fc3)

Comment 1 Mateusz Ploskon 2005-04-12 10:51:50 UTC
*** Bug 154505 has been marked as a duplicate of this bug. ***

Comment 2 Jakub Jelinek 2005-04-12 14:43:36 UTC
This ought to be fixed by

Comment 3 Marcus Sharpe 2005-04-14 12:55:56 UTC
(In reply to comment #2)
> This ought to be fixed by

The last patch added to that bug report (glibc-2.3.4-fix-initstate_r.patch) has
an extra check to ensure buf->state is non-NULL before saving the state. This
extra check doesn't seem to have made it into glibc 2.3.5, and so I get the
following backtrace with the above test app:

Program received signal SIGSEGV, Segmentation fault.
__initstate_r (seed=3898788, arg_state=0x3b7dc0 "", n=32, buf=0x3b7da4)
    at random_r.c:252
252         old_state[-1] = TYPE_0;
(gdb) bt
#0  __initstate_r (seed=3898788, arg_state=0x3b7dc0 "", n=32, buf=0x3b7da4)
    at random_r.c:252
#1  0x002fab5c in strfry (string=0xbffff570 "ala ma kota") at strfry.c:35
#2  0x080483a1 in main () at test.c:9
(gdb) p old_state
$1 = (int32_t *) 0x0
(gdb) p buf->state
$2 = (int32_t *) 0x0

This is with glibc-2.3.5-0.fc3.1

Comment 4 Jakub Jelinek 2005-04-15 18:32:25 UTC
The fix was committed to glibc CVS on Apr, 12th, so it is not in any glibc
rpm yet.

Comment 5 Jakub Jelinek 2005-04-28 12:39:45 UTC
Should be fixed in glibc-2.3.5-1 in rawhide.

Note You need to log in before you can comment on or make changes to this bug.