[Bug 860322] New: Xfig crashes on dash-dotted lines (gcc bug?)
https://bugzilla.novell.com/show_bug.cgi?id=860322 https://bugzilla.novell.com/show_bug.cgi?id=860322#c0 Summary: Xfig crashes on dash-dotted lines (gcc bug?) Classification: openSUSE Product: openSUSE 13.1 Version: Final Platform: x86-64 OS/Version: openSUSE 13.1 Status: NEW Severity: Normal Priority: P5 - None Component: X11 Applications AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: munderl@tnt.uni-hannover.de QAContact: qa-bugs@suse.de Found By: --- Blocker: --- Created an attachment (id=575749) --> (http://bugzilla.novell.com/attachment.cgi?id=575749) Patch against xfig 3.2.5c User-Agent: Opera/9.80 (X11; Linux x86_64) Presto/2.12.388 Version/12.15 If a line style is set to dash-dotted in xfig, xfig seg faults. Reproducible: Always Steps to Reproduce: 1. Open xfig 2. Draw a line 3. Set line style to dash-dotted Actual Results: seg fault If I compile the sources myself, same crash. valgrind reports uninitilized values. If optimizations are turned off (-O0), xfig runs fine and valgrind reports no problems. I tracked the problem down to a static int variable in w_drawprim.c, specifying the size of the dash-dot description array. I made it volatile (patch attached) and everything is fine now, even with optimizations turned on again. Therefore it may be a problem of gcc, or gcc is confused by the xfig code - no clue. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=860322 https://bugzilla.novell.com/show_bug.cgi?id=860322#c1 Martin Kroeker <martin@ruby.chemie.uni-freiburg.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |martin@ruby.chemie.uni-frei | |burg.de --- Comment #1 from Martin Kroeker <martin@ruby.chemie.uni-freiburg.de> 2014-02-08 13:51:21 UTC --- I can confirm this, and concur this looks very much like a gcc optimizer bug. Actually making just the local variable "nd" volatile solves the problem as well. Before the change, the for loop (il=0;il<nd;il++) iterates well beyond the actual value of nd (as confirmed by printf just before the loop) until array accesses within the loop run into uncharted territory causing a segfault. The code in itself looks fairly straightforward, so who knows what else got miscompiled in 13.1. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=860322 https://bugzilla.novell.com/show_bug.cgi?id=860322#c2 --- Comment #2 from Martin Kroeker <martin@ruby.chemie.uni-freiburg.de> 2014-02-08 14:26:05 UTC --- It turns out an alternative solution would be to add -fno-aggressive-loop-optimizations to the build flags. So this seems to be a manifestation of controversial changes in gcc-4.8.x discussed in e.g. gcc PR53073 (or more likely some bug introduced at that time), though I fail to see how the rather harmless xfig code could be misconstrued like the case mentioned in the PR. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=860322 https://bugzilla.novell.com/show_bug.cgi?id=860322#c3 --- Comment #3 from Martin Kroeker <martin@ruby.chemie.uni-freiburg.de> 2014-02-08 15:16:28 UTC ---
From gcc PR59017 (and a whole bunch of other PRs on the same topic that got closed as INVALID), the reasoning appears to be that the compiler is allowed to optimize to anything including infinite loops if it detects some trace of undefined behaviour. Actually there seems to be a bug in w_drawprim.c as the dash_list array is declared [16][2] while the loop tries to write to array elements with second dimension up to 3,5 or 7 , apparently relying on compact storage of the array to hit the desired element.
-- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=860322 https://bugzilla.novell.com/show_bug.cgi?id=860322#c4 --- Comment #4 from Marco Munderloh <munderl@tnt.uni-hannover.de> 2014-02-08 15:26:50 UTC --- Created an attachment (id=577766) --> (http://bugzilla.novell.com/attachment.cgi?id=577766) w_drawprim.c (xfig 3.2.5c) with dash_list array fixed. Martin, you are right. I mailed the developer of xfig and he found the bug originating in the wrongly initialized dash_list. He send me a fixed w_drawprim.c (xfig version 3.2.5c) which I attached. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=860322 https://bugzilla.novell.com/show_bug.cgi?id=860322#c5 --- Comment #5 from Martin Kroeker <martin@ruby.chemie.uni-freiburg.de> 2014-02-08 15:44:18 UTC --- Created an attachment (id=577767) --> (http://bugzilla.novell.com/attachment.cgi?id=577767) rewrite accesses to dash_list array in w_drawprim.c Alternate solution to patch 577766 - does not change dash_list array, but sanitizes accesses to its members. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=860322 https://bugzilla.novell.com/show_bug.cgi?id=860322#c6 --- Comment #6 from Martin Kroeker <martin@ruby.chemie.uni-freiburg.de> 2014-02-08 15:47:20 UTC --- Thanks. "Upstream wins" I guess, and I trust Brian to have verified that this does not break the simpler dash patterns. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=860322 https://bugzilla.novell.com/show_bug.cgi?id=860322#c Xiyuan Liu <xyliu@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |xyliu@suse.com AssignedTo|bnc-team-screening@forge.pr |werner@suse.com |ovo.novell.com | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=860322 https://bugzilla.novell.com/show_bug.cgi?id=860322#c Dr. Werner Fink <werner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #575749|application/octet-stream |text/plain mime type| | Attachment #575749|0 |1 is patch| | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=860322 https://bugzilla.novell.com/show_bug.cgi?id=860322#c Dr. Werner Fink <werner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #577766|application/octet-stream |text/plain mime type| | Attachment #577766|0 |1 is patch| | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=860322 https://bugzilla.novell.com/show_bug.cgi?id=860322#c7 Dr. Werner Fink <werner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |munderl@tnt.uni-hannover.de --- Comment #7 from Dr. Werner Fink <werner@suse.com> 2014-02-11 07:45:40 UTC --- Does this mean that the last patch obsolates both former patches? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=860322 https://bugzilla.novell.com/show_bug.cgi?id=860322#c Martin Kroeker <martin@ruby.chemie.uni-freiburg.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #577767|0 |1 is obsolete| | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=860322 https://bugzilla.novell.com/show_bug.cgi?id=860322#c8 --- Comment #8 from Martin Kroeker <martin@ruby.chemie.uni-freiburg.de> 2014-02-11 07:56:18 UTC --- No, last patch was my suggestion but our messages crossed. The last comment from Marco contains the "official" solution from upstream. (He attached the entire drawprim.c file, but the actual difference consists of just expanding the dashlist array to match the accesses, while my patch would constrain the accesses to match the original array.) I have marked mine as obsolete now. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=860322 https://bugzilla.novell.com/show_bug.cgi?id=860322#c9 Dr. Werner Fink <werner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |RESOLVED InfoProvider|munderl@tnt.uni-hannover.de | Resolution| |FIXED --- Comment #9 from Dr. Werner Fink <werner@suse.com> 2014-02-11 08:33:22 UTC --- Submit request ID #221763 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=860322 https://bugzilla.novell.com/show_bug.cgi?id=860322#c10 --- Comment #10 from Bernhard Wiedemann <bwiedemann@suse.com> 2014-02-11 10:00:13 CET --- This is an autogenerated message for OBS integration: This bug (860322) was mentioned in https://build.opensuse.org/request/show/221762 Factory / xfig https://build.opensuse.org/request/show/221763 13.1 / xfig -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=860322 https://bugzilla.novell.com/show_bug.cgi?id=860322#c11 Benjamin Brunner <bbrunner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|FIXED | --- Comment #11 from Benjamin Brunner <bbrunner@suse.com> 2014-02-11 10:19:59 CET --- Hi Werner, thanks for your submission. Unfortunately it doesn't build for openSUSE 13.1, because we have no libXaw3d-devel, just libXaw-devel or xaw3d-devel. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=860322 https://bugzilla.novell.com/show_bug.cgi?id=860322#c12 Dr. Werner Fink <werner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution| |FIXED --- Comment #12 from Dr. Werner Fink <werner@suse.com> 2014-02-11 10:32:10 UTC --- SR #221810 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=860322 https://bugzilla.novell.com/show_bug.cgi?id=860322#c13 --- Comment #13 from Bernhard Wiedemann <bwiedemann@suse.com> 2014-02-11 12:00:15 CET --- This is an autogenerated message for OBS integration: This bug (860322) was mentioned in https://build.opensuse.org/request/show/221810 13.1 / xfig -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=860322 https://bugzilla.novell.com/show_bug.cgi?id=860322#c14 --- Comment #14 from Dr. Werner Fink <werner@suse.com> 2014-02-13 13:10:47 UTC --- Submit request ID #222187 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=860322 https://bugzilla.novell.com/show_bug.cgi?id=860322#c15 --- Comment #15 from Bernhard Wiedemann <bwiedemann@suse.com> 2014-02-13 15:00:12 CET --- This is an autogenerated message for OBS integration: This bug (860322) was mentioned in https://build.opensuse.org/request/show/222187 13.1 / xfig -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=860322 https://bugzilla.novell.com/show_bug.cgi?id=860322#c16 --- Comment #16 from Swamp Workflow Management <swamp@suse.de> 2014-02-18 15:04:52 UTC --- openSUSE-RU-2014:0252-1: An update that has one recommended fix can now be installed. Category: recommended (low) Bug References: 860322 CVE References: Sources used: openSUSE 13.1 (src): xfig-3.2.5c-29.4.1 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com