Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

#539 segfault after giving invalid input

segfault
closed-fixed
Sam Steingold
clisp (525)
5
2010-01-28
2010-01-28
Bill Evans
No

uname -a
Linux tiger 2.6.29.6-smp #2 SMP Mon Aug 17 00:52:54 CDT 2009 i686 Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz GenuineIntel GNU/Linux

gcc --version
gcc (GCC) 4.3.3
Copyright (C) 2008 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

libc version:
glibc-2.9-i486-3

I pulled down the source for clisp and dependencies today, 27 Jan 2010.

ulimit -s
16384

clisp --version
STACK size: 98206 [0xb7cd4f00 0xb7c75088]
GNU CLISP 2.48 (2009-07-28) (built 3473639060) (memory 3473639240)
Software: GNU C 4.3.3
gcc -Wall -g -O2 -W -Wswitch -Wcomment -Wpointer-arith -Wimplicit -Wreturn-type -Wmissing-declarations -Wno-sign-compare -Wno-format-nonliteral -falign-functions=4 -g -O0 -DDEBUG_OS_ERROR -DDEBUG_SPVW -DDEBUG_BYTECODE -DSAFETY=3 -DUNICODE -DDYNAMIC_FFI -I. /u/wally/lisp/bug1/sandbox/lib/libreadline.so -Wl,-rpath -Wl,/u/wally/lisp/bug1/sandbox/lib -lncurses -ldl /u/wally/lisp/bug1/sandbox/lib/libavcall.a /u/wally/lisp/bug1/sandbox/lib/libcallback.a -L/u/wally/lisp/bug1/sandbox/lib -lsigsegv -lc
SAFETY=3 HEAPCODES LINUX_NOEXEC_HEAPCODES SPVW_BLOCKS SPVW_MIXED TRIVIALMAP_MEMORY
libsigsegv 2.8
libreadline 6.0
Features:
(READLINE REGEXP SYSCALLS I18N LOOP COMPILER CLOS MOP CLISP ANSI-CL COMMON-LISP
LISP=CL INTERPRETER SOCKETS GENERIC-STREAMS LOGICAL-PATHNAMES SCREEN FFI
GETTEXT UNICODE BASE-CHAR=CHARACTER PC386 UNIX)
C Modules: (clisp i18n syscalls regexp readline)
Installation directory: /u/wally/lisp/bug1/sandbox/lib/clisp-2.48/
User language: ENGLISH
Machine: I686 (I686) tiger.x441afea5.org [127.0.0.1]

(Pardon unfortunate expressions; I'm a lisp newbie.)
I built LISP with the attached shell script. I couldn't figure out the exact command to give to gdb instead of "boot" or "full" in the instructions, so I simply did "gdb clisp" and the gdb "run" command with the clisp I'd just built.

I downloaded the source (including dependencies) and built clisp with the attached bash script.

Then I did the following, as recorded by the script command. I know the commands are highly infelicitous, but it should blow up with a segfault, should it?

Script started on Wed 27 Jan 2010 08:27:39 PM PST
wally:~/lisp/bug1/sandbox/bin$ gdb ./clisp
GNU gdb 6.8
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "i486-slackware-linux"...
(gdb) run
Starting program: /u/wally/lisp/bug1/sandbox/bin/clisp
Executing new program: /u/wally/lisp/bug1/sandbox/lib/clisp-2.48/base/lisp.run
STACK size: 98206 [0xb7d49f00 0xb7cea088]
i i i i i i i ooooo o ooooooo ooooo ooooo
I I I I I I I 8 8 8 8 8 o 8 8
I \ `+' / I 8 8 8 8 8 8
\ `-+-' / 8 8 8 ooooo 8oooo
`-__|__-' 8 8 8 8 8
| 8 o 8 8 o 8 8
------+------ ooooo 8oooooo ooo8ooo ooooo 8

Welcome to GNU CLISP 2.48 (2009-07-28) <http://clisp.cons.org/>

Copyright (c) Bruno Haible, Michael Stoll 1992, 1993
Copyright (c) Bruno Haible, Marcus Daniels 1994-1997
Copyright (c) Bruno Haible, Pierpaolo Bernardi, Sam Steingold 1998
Copyright (c) Bruno Haible, Sam Steingold 1999-2000
Copyright (c) Sam Steingold, Bruno Haible 2001-2009

Type :h and hit Enter for context help.

[1]> (setf :asdf 4)

*** - SETQ: :ASDF is a constant, may not be used as a variable
The following restarts are available:
USE-VALUE :R1 Input a value to be used instead.
ABORT :R2 Abort main loop
Break 1 [2]> :r1
Use instead: 5

Program received signal SIGSEGV, Segmentation fault.
0x0808033c in sym_value (sym={one_o = 3221225632}, env={one_o = 136834334},
symbolmacro_=0xbfa2c940) at eval.d:912
912 if (special_var_p(TheSymbol(sym))) {
(gdb) bt
#0 0x0808033c in sym_value (sym={one_o = 3221225632}, env={one_o = 136834334},
symbolmacro_=0xbfa2c940) at eval.d:912
#1 0x080804c4 in sym_macrop (sym={one_o = 3221225632}) at eval.d:951
#2 0x08099cd0 in check_setq_body (caller={one_o = 136834494}) at control.d:164
#3 0x08099ea5 in C_setq () at control.d:187
#4 0x08087a4f in eval_fsubr (fun={one_o = 539925974}, args=
{one_o = 1745007938}) at eval.d:3261
#5 0x080873d4 in eval1 (form={one_o = 1745007930}) at eval.d:3099
#6 0x08086ed3 in eval (form={one_o = 1745007930}) at eval.d:2964
#7 0x08087286 in eval1 (form={one_o = 1745007930}) at eval.d:3057
#8 0x08086ed3 in eval (form={one_o = 1745007986}) at eval.d:2964
#9 0x08156196 in C_read_eval_print () at debug.d:409
#10 0x0808df8b in funcall_subr (fun={one_o = 136807766}, args_on_stack=2)
at eval.d:5226
#11 0x0808d40c in funcall (fun={one_o = 136841022}, args_on_stack=2)
at eval.d:4866
#12 0x08091df1 in interpret_bytecode_ (closure={one_o = 541706158},
codeptr=0x203f0b9c, byteptr_in=0x203f0bae "ÇP\200L*+\001") at eval.d:6790
#13 0x0808edac in funcall_closure (closure={one_o = 541706158}, args_on_stack=0)
at eval.d:5629
#14 0x0808d3b2 in funcall (fun={one_o = 541706158}, args_on_stack=0)
at eval.d:4861
#15 0x080a013f in C_driver () at control.d:2002
#16 0x08091f50 in interpret_bytecode_ (closure={one_o = 541003126},
codeptr=0x203f0b34, byteptr_in=0x203f0b46 "") at eval.d:6796
#17 0x0808edac in funcall_closure (closure={one_o = 541003126}, args_on_stack=0)
at eval.d:5629
#18 0x0808d3b2 in funcall (fun={one_o = 541003126}, args_on_stack=0)
at eval.d:4861
#19 0x080929b5 in interpret_bytecode_ (closure={one_o = 541234406},
codeptr=0x203f286c, byteptr_in=0x203f287e "") at eval.d:6845
#20 0x0808edac in funcall_closure (closure={one_o = 541234406}, args_on_stack=0)
at eval.d:5629
#21 0x0808d3b2 in funcall (fun={one_o = 541234406}, args_on_stack=0)
at eval.d:4861
#22 0x080929b5 in interpret_bytecode_ (closure={one_o = 541235238},
codeptr=0x203f286c, byteptr_in=0x203f287e "") at eval.d:6845
#23 0x0808edac in funcall_closure (closure={one_o = 541235238}, args_on_stack=0)
at eval.d:5629
#24 0x0808d3b2 in funcall (fun={one_o = 541235238}, args_on_stack=0)
at eval.d:4861
#25 0x080929b5 in interpret_bytecode_ (closure={one_o = 541412694},
codeptr=0x203f286c, byteptr_in=0x203f287e "") at eval.d:6845
#26 0x0808edac in funcall_closure (closure={one_o = 541412694}, args_on_stack=0)
at eval.d:5629
#27 0x0808d3b2 in funcall (fun={one_o = 541412694}, args_on_stack=0)
at eval.d:4861
#28 0x08156553 in driver () at debug.d:478
#29 0x0807acc7 in main_actions (p=0x828e720) at spvw.d:3712
#30 0x08077aa0 in main (argc=7, argv=0xbfa35164) at spvw.d:3946
(gdb) quit
The program is running. Exit anyway? (y or n) y
wally:~/lisp/bug1/sandbox/bin$ exit
exit

Script done on Wed 27 Jan 2010 08:28:02 PM PST

Discussion

  • Bill Evans
    Bill Evans
    2010-01-28

    script for building clisp

     
    Attachments
  • Sam Steingold
    Sam Steingold
    2010-01-28

    • assigned_to: haible --> sds
    • status: open --> closed-fixed
     
  • Sam Steingold
    Sam Steingold
    2010-01-28

    thank you for your bug report.
    the bug has been fixed in the CVS tree.
    you can either wait for the next release (recommended)
    or check out the current CVS tree (see http://clisp.cons.org\)
    and build CLISP from the sources (be advised that between
    releases the CVS tree is very unstable and may not even build
    on your platform).