#13 kiki coredump on AMD64 (gdb output included)

Status: open

Owner: nobody

Labels: execution problems (7)

Priority: 5

Updated: 2012-09-17

Created: 2006-07-30

Creator: as_gentoo

Private: No

When I try to start kiki on AMD64 I get a coredump,
this is what gdb says to the issue:

(gdb) run
Starting program: /usr/games/bin/kiki
[Thread debugging using libthread_db enabled]
[New Thread 47781732159008 (LWP 31346)]
terminate called after throwing an instance of
'std::out_of_range'
what(): basic_string::replace

Program received signal SIGABRT, Aborted.
[Switching to Thread 47781732159008 (LWP 31346)]
0x00002b750b0ab7e9 in raise () from /lib/libc.so.6
(gdb) stack
Undefined command: "stack". Try "help".
(gdb) bt

0 0x00002b750b0ab7e9 in raise () from /lib/libc.so.6

1 0x00002b750b0acbce in abort () from /lib/libc.so.6

2 0x00002b750ac8fc08 in

gnu_cxx::verbose_terminate_handler () from
/usr/lib/gcc/x86_64-pc-linux-gnu/3.4.5/libstdc++.so.6

3 0x00002b750ac8cac4 in __cxa_call_unexpected () from

/usr/lib/gcc/x86_64-pc-linux-gnu/3.4.5/libstdc++.so.6

4 0x00002b750ac8cb01 in std::terminate () from

/usr/lib/gcc/x86_64-pc-linux-gnu/3.4.5/libstdc++.so.6

5 0x00002b750ac8ccd5 in __cxa_throw () from

/usr/lib/gcc/x86_64-pc-linux-gnu/3.4.5/libstdc++.so.6

6 0x00002b750ac13e2f in std::__throw_out_of_range ()

from /usr/lib/gcc/x86_64-pc-linux-gnu/3.4.5/libstdc++.so.6

7 0x00002b750ac680b0 in std::string::replace () from

/usr/lib/gcc/x86_64-pc-linux-gnu/3.4.5/libstdc++.so.6

8 0x00002b750ac685bf in std::string::replace () from

/usr/lib/gcc/x86_64-pc-linux-gnu/3.4.5/libstdc++.so.6

9 0x00000000004967ba in kStringReplaceTabs ()

10 0x0000000000496ea3 in kStringPrintf ()

11 0x00000000004b146f in KConsole::printf ()

12 0x000000000044d33d in KikiController::KikiController ()

13 0x000000000044ea5d in

__static_initialization_and_destruction_0 ()

14 0x000000000044ea9f in global constructors keyed to

_ZN14KikiControllerC2Ev ()

15 0x0000000000567226 in __do_global_ctors_aux ()

16 0x0000000000413f7b in _init ()

17 0x0000000044cc9f90 in ?? ()

18 0x0000000000567179 in __libc_csu_init ()

19 0x00002b750b0990ca in __libc_start_main () from

/lib/libc.so.6

20 0x0000000000415909 in _start ()

(gdb) up

1 0x00002b750b0acbce in abort () from /lib/libc.so.6

(gdb) down

0 0x00002b750b0ab7e9 in raise () from /lib/libc.so.6

(gdb)

My systems config:

Portage 2.1-r1 (default-linux/amd64/2005.1,
gcc-vanilla, glibc-2.4-r3, 2.6.16-gentoo-r13 x86_64)
=================================================================
System uname: 2.6.16-gentoo-r13 x86_64 AMD Athlon(tm)
64 Processor 3000+
Gentoo Base System version 1.12.1
app-admin/eselect-compiler: [Not Present]
dev-lang/python: 2.3.5-r2, 2.4.3-r1
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache: [Not Present]
dev-util/confcache: [Not Present]
sys-apps/sandbox: 1.2.17
sys-devel/autoconf: 2.13, 2.59-r7
sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1,
1.8.5-r3, 1.9.6-r2
sys-devel/binutils: 2.16.1-r2
sys-devel/gcc-config: 1.3.13-r3
sys-devel/libtool: 1.5.22
virtual/os-headers: 2.6.11-r2
ACCEPT_KEYWORDS="amd64"
AUTOCLEAN="yes"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=athlon64 -O1 -pipe -g -ggdb
-fomit-frame-pointer -fno-inline -fno-pie
-fno-stack-protector"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.4/env
/usr/kde/3.4/share/config /usr/kde/3.4/shutdown
/usr/lib/X11/xkb /usr/share/config
/usr/share/texmf/dvipdfm/config/
/usr/share/texmf/dvips/config/
/usr/share/texmf/tex/generic/config/
/usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/"
CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf
/etc/revdep-rebuild /etc/terminfo /usr/X11R6/bin/startx"
CXXFLAGS="-march=athlon64 -O1 -pipe -g -ggdb
-fomit-frame-pointer -fno-inline -fno-pie
-fno-stack-protector"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig candy distlocks metadata-transfer
nostrip sandbox severe sfperms splitdebug strict test"
GENTOO_MIRRORS="http://pandemonium.tiscali.de/pub/gentoo/
ftp://ftp.tu-clausthal.de/pub/linux/gentoo/
ftp://ftp.gentoo.mesh-solutions.com/gentoo/
http://ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/"
LANG="de_DE.utf8"
LC_ALL="de_DE.utf8"
LDFLAGS="-Wl,-O1"
LINGUAS="de"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links
--perms --times --compress --force --whole-file
--delete --delete-after --stats --timeout=180
--exclude='/distfiles' --exclude='/local'
--exclude='/packages'"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.de.gentoo.org/gentoo-portage"
USE="7zip X a52 aac acpi alsa amd64 amr artworkextra
asf audiofile avi bash-completion berkdb bidi
bitmap-fonts bzlib cairo cdda cdio cdparanoia cdr cli
cpudetection crypt css cups custom-cflags dbus dga
directfb dlloader dmalloc dnd dpms dri dts dvb dvd dvdr
dvdread dvi eds effects emacs emboss encode evo exif
fame fat fbcon ffmpeg firefox foomaticdb freetype gcj
ggi gif gimpprint gnome gnutls gpm gs gstreamer gtk
gtk2 hal hardened howl hpn httpd iconv imlib ipv6
isdnlog ithreads javascript jpeg jpeg2k kde lcms
libsamplerate linuxthreads-tls live lzo lzw lzw-tiff
mad matroska mbox memlimit milter mjpeg mmap mng
mozcalendar mozdevelop mozsvg mp3 mp4 mpeg mpi nautilus
ncurses nls nptl nptlonly nsplugin ntfs nvidia
offensive ogg on-the-fly-crypt openal openexr opengl
pam pcre pda pdf pdflib perl png ppds pppd python qt
qt3 qt4 quicktime readline reflection reiserfs rle sasl
screen sdl session sndfile spell spl ssl stream svg
symlink tcpd test tetex tga theora threads tidy tiff
toolbar truetype truetype-fonts type1-fonts unicode usb
userlocales v4l v4l2 vcd video_cards_nvidia videos vlm
vorbis wmf wxwindows x264 xine xml xmms xorg xosd xpm
xprint xtermtoolbar xv xvid xvmc yv12 zlib elibc_glibc
input_devices_keyboard input_devices_mouse
input_devices_evdev kernel_linux linguas_de userland_GNU"
Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK,
MAKEOPTS, PORTAGE_RSYNC_EXTRA_OPTS

Discussion

Dean Edmonds - 2007-03-26

Logged In: YES
user_id=336930
Originator: NO

The problem here is that the code assumes that 'unsigned int' is equivalent to 'std::string::size_type', which isn't true on x64. In particular, if std::string::find() returns 'npos' and that is assigned to an 'unsigned int' variable then it will be truncated to a much smaller value. A subsequent attempt to compare that to 'npos' will fail, leading to these crashes.

The fix is to look for every occurrence of 'npos' in the code and change the 'unsigned int' variables in those functions to 'std::string::size_type'.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.