Re: standards/47119: putc_unlocked(3) is found even with -std=c89

[Steffen "Daode" Nurpmeso <sdaoden%gmail.com@localhost>]

christos%zoulas.com@localhost (Christos Zoulas) wrote:

 |On Oct 24,  2:10pm, sdaoden%gmail.com@localhost (Steffen "Daode" Nurpmeso) 
wrote:
 |-- Subject: Re: standards/47119: putc_unlocked(3) is found even with \
 |-std=c89
 |
 || The following reply was made to PR standards/47119; it has been noted by \
 |. GNATS.
 || 
 || From: Steffen "Daode" Nurpmeso <sdaoden%gmail.com@localhost>
 || To: Martin Husemann <martin%duskware.de@localhost>
 || Cc: gnats-bugs%NetBSD.org@localhost
 || Subject: Re: standards/47119: putc_unlocked(3) is found even with \
 |. -std=c89
 || Date: Wed, 24 Oct 2012 16:05:07 +0200
 || 
 ||  Martin Husemann <martin%duskware.de@localhost> wrote:
 ||  
 |||On Wed, Oct 24, 2012 at 03:11:03PM +0200, Steffen Daode Nurpmeso wrote:
 |||> Because it is not part of C89/C99?
 |||
 |||You are misunderstanding the compiler option - it has no influence on the
 |||symbols visible in libraries nor system headers (at least in general).
 |||There are a few defines you can add via -D to make the headers pollute \
 |.. less
 ||  
 ||  Hmm.  I think you're right.
 ||  Well i'm not really working with those headers, and i still see
 ||  a '#define _GNU_SOURCE' on top of the one that's really important
 ||  for me.
 ||  
 |||namespace, but since this is a posix blessed function, it is better
 |||to avoid a name clash in application code.
 |||Martin
 ||  
 ||  Yes, a lot of conditions and a lot of what standards produce most
 ||  of the time, so thanks for all those work on standard compliance.
 ||  
 ||  Nonetheless - the bug is triggered only with -std=c89, and only on
 ||  NetBSD 6.0.  And in the meanwhile i've found it.
 ||  In fact it has nothing to do with putc_unlocked() (i was so clumsy
 ||  that i even tried to compile with -pthread and -D_REENTRANT, and
 ||  it was still expanded to __sputc() or so - amazing!), but it is in
 ||  fact alloca(3) that returns an invalid buffer:
 ||  
 ||    %fwrite_td() calls ac_alloc for 29
 ||    fwrite_td() calls memcpy (From: <XXXXXXXXXXX%YYYY.com@localhost>
 ||    )29
 ||    fwrite_td() before delctrl (^])29
 ||    fwrite_td() calls prefixwrite (^])29
 ||    *29 (0xbfbf9254)()*^@^@^@^@^@^@^@^@XXXXXXXXXX%YYYY.com@localhost>
 ||  
 ||  From the alloca(3) manual i see nothing special to adhere to,
 ||  i would not describe 29 bytes as a "large unbounded allocation".
 ||  The CFLAGS are simply '-std=c89 -O2', so nothing special at all.
 ||  I think this is worth another PR?
 |
 |You are probably missing some include header (stdlib.h) and there
 |is no prototype for alloca()? Post the code...
 |
 |christos

No no, that used to be Berkeley Mail before it was mangled ;)

Breakpoint 1, fwrite_td (ptr=0xbb60c520, nmemb=29, f=0xbb9afea0, flags=TD_NONE, 
prefix=0x0, prefixlen=0, size=1) at mime.c:1479
1494            mptr = xmptr = ac_alloc(mptrsz + 1);
0x0804b1ac in alloca@plt ()
0xbb993192 in memcpy () from /lib/libc.so.12

0x0804b1ac in alloca@plt ()

gdb) print mptr
$9 = 0xbfbf91f4 "p
=0r\277\277"

(gdb) info registers esp
esp            0xbfbf91e4       0xbfbf91e4

(gdb) print (char*)ptr
$10 = 0xbb60c520 "From: <Paul_Koning%Dell.com@localhost>\n"

1517                    memcpy(mptr, ptr, csize);

0x0804acac in memcpy@plt ()


(gdb) print (char*)ptr
$11 = 0xbb60c520 "From: <Paul_Koning%Dell.com@localhost>\n"
(gdb) print (char*)mptr
$12 = 0xbfbf91f4 "From: <Paul_Koning%Dell.com@localhost>\n"

(gdb) print csize
$13 = 29


prefixwrite (ptr=0xbfbf91f4, size=1, nmemb=29, f=0xbb9afea0, prefix=0x0, 
prefixlen=0) at mime.c:1361
1361    {


(gdb) print rsz
$14 = <optimized out>
(gdb) print size
$15 = 1
(gdb) print nmemb
$16 = 29
(gdb) 


(gdb) print (char*)ptr
$17 = 0xbfbf91f4 ""