[Bug 860322] New: Xfig crashes on dash-dotted lines (gcc bug?)

bugzilla_noreply＠novell.com

24 Jan 2014 24 Jan '14

14:56

https://bugzilla.novell.com/show_bug.cgi?id=860322 https://bugzilla.novell.com/show_bug.cgi?id=860322#c0 Summary: Xfig crashes on dash-dotted lines (gcc bug?) Classification: openSUSE Product: openSUSE 13.1 Version: Final Platform: x86-64 OS/Version: openSUSE 13.1 Status: NEW Severity: Normal Priority: P5 - None Component: X11 Applications AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: munderl@tnt.uni-hannover.de QAContact: qa-bugs@suse.de Found By: --- Blocker: --- Created an attachment (id=575749) --> (http://bugzilla.novell.com/attachment.cgi?id=575749) Patch against xfig 3.2.5c User-Agent: Opera/9.80 (X11; Linux x86_64) Presto/2.12.388 Version/12.15 If a line style is set to dash-dotted in xfig, xfig seg faults. Reproducible: Always Steps to Reproduce: 1. Open xfig 2. Draw a line 3. Set line style to dash-dotted Actual Results: seg fault If I compile the sources myself, same crash. valgrind reports uninitilized values. If optimizations are turned off (-O0), xfig runs fine and valgrind reports no problems. I tracked the problem down to a static int variable in w_drawprim.c, specifying the size of the dash-dot description array. I made it volatile (patch attached) and everything is fine now, even with optimizations turned on again. Therefore it may be a problem of gcc, or gcc is confused by the xfig code - no clue. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

Show replies by date

bugzilla_noreply＠novell.com

8 Feb 8 Feb

13:51

New subject: [Bug 860322] Xfig crashes on dash-dotted lines (gcc bug?)

https://bugzilla.novell.com/show_bug.cgi?id=860322 https://bugzilla.novell.com/show_bug.cgi?id=860322#c1 Martin Kroeker changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |martin@ruby.chemie.uni-frei | |burg.de --- Comment #1 from Martin Kroeker 2014-02-08 13:51:21 UTC --- I can confirm this, and concur this looks very much like a gcc optimizer bug. Actually making just the local variable "nd" volatile solves the problem as well. Before the change, the for loop (il=0;ilhttps://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

14:26

New subject: [Bug 860322] Xfig crashes on dash-dotted lines (gcc bug?)

https://bugzilla.novell.com/show_bug.cgi?id=860322 https://bugzilla.novell.com/show_bug.cgi?id=860322#c2 --- Comment #2 from Martin Kroeker 2014-02-08 14:26:05 UTC --- It turns out an alternative solution would be to add -fno-aggressive-loop-optimizations to the build flags. So this seems to be a manifestation of controversial changes in gcc-4.8.x discussed in e.g. gcc PR53073 (or more likely some bug introduced at that time), though I fail to see how the rather harmless xfig code could be misconstrued like the case mentioned in the PR. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

15:16

New subject: [Bug 860322] Xfig crashes on dash-dotted lines (gcc bug?)

https://bugzilla.novell.com/show_bug.cgi?id=860322 https://bugzilla.novell.com/show_bug.cgi?id=860322#c3 --- Comment #3 from Martin Kroeker 2014-02-08 15:16:28 UTC ---

...

From gcc PR59017 (and a whole bunch of other PRs on the same topic that got closed as INVALID), the reasoning appears to be that the compiler is allowed to optimize to anything including infinite loops if it detects some trace of undefined behaviour. Actually there seems to be a bug in w_drawprim.c as the dash_list array is declared [16][2] while the loop tries to write to array elements with second dimension up to 3,5 or 7 , apparently relying on compact storage of the array to hit the desired element.

-- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.