#410 segfault in libc

Don Hughes

segfault at 0 ip 00007fab8efe45cc sp 00007fff61976b20 error 4 in libc-2.17.so[7fab8ef70000+1a3000]
segfault at 0 ip 00007f8204e305cc sp 00007fff4c7d5c80 error 4 in libc-2.17.so[7f8204dbc000+1a3000]

Running Regina 3.7 on SuSE Linux 12.2

The error seems to be generated by this line:
if ( (left(x3,1) = '"') | (left(x3,1) = "'") | datatype(x3,'N') ) then call lineout file_rexx_define,x1 x2 x3

Where file_rexx_define is passed as a return code from a configuration routine. If I display file_rexx_define, it shows as the expected value with no unusual characters.

I do not get the error if I change it to:
if ( (left(x3,1) = '"') | (left(x3,1) = "'") | datatype(x3,'N') ) then call lineout 'Define',x1 x2 x3
using a constant instead of a variable for the file name.

other lines such as:
CALL LINEOUT file_rexx_save,raw_line
in the same program work without error

This is the 5th file opened by the program.


  • Don Hughes

    Don Hughes - 2013-04-23

    GNU gdb (GDB) SUSE (7.5.1-2.5.1)
    Copyright (C) 2012 Free Software Foundation, Inc.
    License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
    This is free software: you are free to change and redistribute it.
    There is NO WARRANTY, to the extent permitted by law. Type "show copying"
    and "show warranty" for details.
    This GDB was configured as "x86_64-suse-linux".
    For bug reporting instructions, please see:
    Reading symbols from /usr/local/sbin/regina...(no debugging symbols found)...done.
    (gdb) run
    Starting program: /usr/local/sbin/regina
    [Thread debugging using libthread_db enabled]
    Using host libthread_db library "/lib64/libthread_db.so.1".

    ... snip

    Detaching after fork from child process 9556.
    Detaching after fork from child process 9633.

    Program received signal SIGSEGV, Segmentation fault.
    0x00007ffff77605cc in fseeko64 () from /lib64/libc.so.6
    Missing separate debuginfos, use: zypper install glibc-debuginfo-2.17-10.2.x86_64
    (gdb) bt
    #0 0x00007ffff77605cc in fseeko64 () from /lib64/libc.so.6
    #1 0x00007ffff7acdc8f in ?? () from /usr/lib64/libregina.so.3
    #2 0x00007ffff7aa39e8 in ?? () from /usr/lib64/libregina.so.3
    #3 0x00007ffff7ac0ce8 in ?? () from /usr/lib64/libregina.so.3
    #4 0x00007ffff7ae94fd in ?? () from /usr/lib64/libregina.so.3
    #5 0x00007ffff7ac0e30 in ?? () from /usr/lib64/libregina.so.3
    #6 0x00007ffff7ae94fd in ?? () from /usr/lib64/libregina.so.3
    #7 0x00007ffff7ac0e30 in ?? () from /usr/lib64/libregina.so.3
    #8 0x00007ffff7b003c5 in ?? () from /usr/lib64/libregina.so.3
    #9 0x00007ffff7b007dd in __regina_faked_main () from /usr/lib64/libregina.so.3
    #10 0x000000000040065c in ?? ()
    #11 0x00007ffff770da15 in __libc_start_main () from /lib64/libc.so.6
    #12 0x0000000000400579 in ?? ()
    (gdb) quit

  • Don Hughes

    Don Hughes - 2013-05-29

    This issue was also reported to the libc maintainers.


    Here is my last post to them:

    Here is the results of the strace:

    open("/tmp/rexref.work3", O_RDWR) = 5
    open("/tmp/rexref.work3", O_RDWR) = -1 ENOENT (No such file or directory)

    Here are the relevant bits from a much larger program:

    rexwrk3 = "/tmp/rexref.work3"
    CALL LINEOUT rexwrk3,"Write some data to the file"
    "rm" rexwrk3
    CALL LINEOUT rexwrk3
    rc = STREAM(rexwrk3,'C','CLOSE')
    / Process the file /

    Normally the "rm" would come before the write, but a code refactoring
    incorrectly placed it after. Although closing a deleted file may be an error,
    the expected result would be an empty file, or, at worst, an error return, not
    a segmentation fault.

    Last edit: Don Hughes 2013-05-29

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

No, thanks