lib/56247: printf("%La", LDBL_MIN) dumps core

To: lib-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: lib/56247: printf("%La", LDBL_MIN) dumps core
From: "Greg A. Woods" <woods%planix.ca@localhost>
Date: Tue, 15 Jun 2021 05:40:01 +0000 (UTC)

>Number:         56247
>Category:       lib
>Synopsis:       printf("%La", LDBL_MIN) dumps core
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    lib-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Jun 15 05:40:00 +0000 2021
>Originator:     Greg A. Woods
>Release:        NetBSD 9.99.81
>Organization:
Planix, Inc.; Kelowna, BC; Canada
>Environment:
System: NetBSD xentastic 9.99.81 NetBSD 9.99.81 (XEN3_DOM0) #16: Thu May 6 13:40:07 PDT 2021 woods@xentastic:/build/woods/xentastic/current-amd64-amd64-obj/build/src/sys/arch/amd64/compile/XEN3_DOM0 amd64
Architecture: x86_64
Machine: amd64
Source-Date: 2021-03-10T23:08:13Z
>Description:

	Playing with printing floating point numbers today and I
	encountered the following core dump.

	(This is from a static-linked build -- the frames in jemalloc
	look a little more weird in the dynamic-linked build, but
	otherwise it starts out the same in a call to free() in
	libc/gdtoa/misc.c.)

Reading symbols from t-ldbl-min...
[New process 19842]
Core was generated by `t-ldbl-min'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  atomic_load_p (mo=atomic_memory_order_relaxed, a=0x3418)
    at /build/src/external/bsd/jemalloc/lib/../include/jemalloc/internal/atomic_gcc_atomic.h:31
31              not_reached();
(gdb) bt
#0  atomic_load_p (mo=atomic_memory_order_relaxed, a=0x3418)
    at /build/src/external/bsd/jemalloc/lib/../include/jemalloc/internal/atomic_gcc_atomic.h:31
#1  rtree_leaf_elm_bits_read (dependent=true, elm=0x3418, 
    rtree=<optimized out>, tsdn=<optimized out>)
    at /build/src/external/bsd/jemalloc/lib/../include/jemalloc/internal/rtree.h:175
#2  rtree_szind_slab_read (r_slab=<synthetic pointer>, 
    r_szind=<synthetic pointer>, dependent=true, key=6829440, 
    rtree_ctx=0x781687442028, rtree=<optimized out>, tsdn=<optimized out>)
    at /build/src/external/bsd/jemalloc/lib/../include/jemalloc/internal/rtree.h:464
#3  ifree (slow_path=false, tcache=0x7816874421c0, ptr=0x683580 <private_mem>, 
    tsd=<optimized out>)
    at /build/src/external/bsd/jemalloc/lib/../dist/src/jemalloc.c:2243
#4  free (ptr=0x683580 <private_mem>)
    at /build/src/external/bsd/jemalloc/lib/../dist/src/jemalloc.c:2433
#5  0x000000000041557b in __Bfree_D2A (v=<optimized out>)
    at /build/src/lib/libc/gdtoa/misc.c:104
#6  0x000000000041503e in __freedtoa (s=<optimized out>)
    at /build/src/lib/libc/gdtoa/dmisc.c:100
#7  0x000000000040f917 in __vfprintf_unlocked_l (
    fp=fp@entry=0x682918 <__sF+152>, loc=0x6822a0 <_lc_global_locale>, 
    fmt0=fmt0@entry=0x467214 "%La\n", ap=ap@entry=0x7f7fff934018)
    at /build/src/lib/libc/stdio/vfwprintf.c:1105
#8  0x00000000004110d2 in vfprintf (fp=0x682918 <__sF+152>, 
    fmt0=fmt0@entry=0x467214 "%La\n", ap=ap@entry=0x7f7fff934018)
    at /build/src/lib/libc/compat/../locale/setlocale_local.h:93
#9  0x000000000040bfe2 in printf (fmt=fmt@entry=0x467214 "%La\n")
    at /build/src/lib/libc/stdio/printf.c:59
#10 0x0000000000467015 in main () at t-ldbl-min.c:10
(gdb) 

>How-To-Repeat:

	compile and run the following on amd64

#include <float.h>
#include <stdio.h>
#include <stdlib.h>

int main(void);

int
main()
{
	printf("%La\n", LDBL_MIN);

	exit(0);
}

>Fix:
	unknown

Prev by Date: lib/56246: gprof(1) never show call graphs when profiling multi-threaded application
Next by Date: PR/56247 CVS commit: src/lib/libc/gdtoa
Previous by Thread: lib/56246: gprof(1) never show call graphs when profiling multi-threaded application
Next by Thread: PR/56247 CVS commit: src/lib/libc/gdtoa
Indexes:

Home | Main Index | Thread Index | Old Index