[Syllable-kernel] Re: [Syllable-developer] Need help

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

On Wed, 2004-11-10 at 13:47 +0000, Kristian Vandervliet wrote:
> I'm currently testing Glibc 2.3.3, and as part of that I am trying
> to rebuild Gcc 3.3.4 against the new libs.  I've run into a problem
> which is now beginning to look like a bug with Glibc 2.3.3, but I'm
> totally stumped.
> 
> I've got it down to the following testcase:
> 
> #include <stdlib.h>
> #include <stdio.h>
> 
> FILE *y;
> 
> int main( int argc, char *argv[] )
> {
>   FILE *x;
> 
>   printf("x\n");
>   x = fopen(argv[0],"r");
>   fclose(x);
>   printf("x closed\n");
> 
>   if( NULL == y )
>   {
>     printf("y is NULL\n");
>     return EXIT_FAILURE;
>   }
>   printf("y\n");
>   y = fopen(argv[0],"r");
>   fclose(y);
>   printf("y closed\n");
> 
>   return EXIT_SUCCESS;
> }
> 
> Output is:
> 
> $ ./fopen
> x
> x closed
> y
> Segmentation fault (core dumped)
> $ 

For some strange reason, y is *not* NULL (or it wouldn't have printed
"y").  It's in the BSS, so it *should* be NULL.
> 
> If you're paying attention, it actually crashes when it gets the the
> if( NULL == y ) with a NULL pointer:
> 
> 0:fopen::fopen : Invalid pagefault at 00000000 (NOTP:READ:USER)
> 0:fopen::fopen : EAX = 00000000 : EBX = 8000185c : ECX = 00000009 : EDX =
> a00e4aa0
> 0:fopen::fopen : ESI = 00000001 : EDI = ffffbb2c : EBP = ffffbaac
> 0:fopen::fopen : SS::ESP = 0023::ffffba90
> 0:fopen::fopen : CS::EIP = 0013::800006b5
> 0:fopen::fopen : DS = 0023 : ES = 0023 : FS = 0023 : GS = 00d0
> 0:fopen::fopen : EFLAGS = 00213286 (PF SF IF RF ID )
> 0:fopen::fopen : CPU ID = 0 : kernel stack = 051c5014
> 0:fopen::fopen : 0 -> 800006b5
> 0:fopen::fopen :    fopen + 000006b5 -> __gmon_start__ + 800006b5
> 0:fopen::fopen : 1 -> a00143e1
> 0:fopen::fopen :    libc.so.2 + 000143e1 -> __libc_start_main + 000000a1
> 0:fopen::fopen : 2 -> 80000435
> 0:fopen::fopen :    fopen + 00000435 -> __gmon_start__ + 80000435
> 0:fopen::fopen : verify_area() got kernel address 00000000

This confirms it, as it's crashing in fopen.

My guess is that the loader is somehow not zeroing out the bss, or is
somehow aliasing y to something else.

If I run this code locally on Linux, either with gcc 3.4.3 or with tcc,
it exits with "y is NULL".

Daniel