[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#19246: bindings: void return function *can* trigger a segfault
|
From: |
Amirouche Boubekki |
|
Subject: |
bug#19246: bindings: void return function *can* trigger a segfault |
|
Date: |
Mon, 1 Dec 2014 21:18:46 +0100 |
Héllo,
I reproduce the bug every time with the attached files. Here is gdb backtrace:
----8<--------------8<--------------8<--------------8<--------------8<--------------8<--------------8<----------
#0 0x00007ffff7921e56 in vm_debug_engine (vm=0x6f8020,
program=0xf5b280, argv=0x7fffffffc100, nargs=2) at vm-i-system.c:890
#1 0x00007ffff7932826 in scm_c_vm_run (vm=0x6f8020, program=0x786680,
argv=0x7fffffffc0f8, nargs=1) at vm.c:768
#2 0x00007ffff78622a7 in scm_primitive_eval (exp=0xf62420) at eval.c:692
#3 0x00007ffff78932df in scm_primitive_load (filename=0xf53360) at load.c:124
#4 0x00007ffff7921aa3 in vm_debug_engine (vm=0x6f8020,
program=0x7ffff7bb79c0 <scm_primitive_load.subr_raw_cell>,
argv=0x7fffffffcf90, nargs=1) at vm-i-system.c:855
#5 0x00007ffff7932826 in scm_c_vm_run (vm=0x6f8020, program=0x786680,
argv=0x7fffffffcf88, nargs=1) at vm.c:768
#6 0x00007ffff78622a7 in scm_primitive_eval (exp=0x8c25c0) at eval.c:692
#7 0x00007ffff7862361 in scm_eval (exp=0x8c25c0,
module_or_state=0x888c60) at eval.c:726
#8 0x00007ffff78d6903 in scm_shell (argc=1, argv=0x7fffffffe318) at
script.c:439
#9 0x0000000000400c81 in inner_main (closure=0x0, argc=1,
argv=0x7fffffffe318) at guile.c:62
#10 0x00007ffff788a36d in invoke_main_func (body_data=0x7fffffffe1f0)
at init.c:336
#11 0x00007ffff7857148 in c_body (d=0x7fffffffe0b0) at continuations.c:517
#12 0x00007ffff7903b23 in apply_catch_closure (clo=0x895b60,
args=0x304) at throw.c:140
#13 0x00007ffff78d7126 in apply_1 (smob=0x895b60, a=0x304) at smob.c:142
#14 0x00007ffff790e2d5 in vm_regular_engine (vm=0x6f8020,
program=0x6f3000, argv=0x7fffffffdf80, nargs=2) at vm-i-system.c:858
#15 0x00007ffff7932826 in scm_c_vm_run (vm=0x6f8020, program=0x678c30,
argv=0x7fffffffdf60, nargs=4) at vm.c:768
#16 0x00007ffff7861a28 in scm_call_4 (proc=0x678c30, arg1=0x404,
arg2=0x895b60, arg3=0x895b40, arg4=0x895b20) at eval.c:507
#17 0x00007ffff7903980 in scm_catch_with_pre_unwind_handler
(key=0x404, thunk=0x895b60, handler=0x895b40,
pre_unwind_handler=0x895b20) at throw.c:73
#18 0x00007ffff7903bfb in scm_c_catch (tag=0x404, body=0x7ffff7857120
<c_body>, body_data=0x7fffffffe0b0,
handler=0x7ffff7857157 <c_handler>, handler_data=0x7fffffffe0b0,
pre_unwind_handler=0x7ffff78571b4 <pre_unwind_handler>,
pre_unwind_handler_data=0x77dfa0) at throw.c:207
----8<--------------8<--------------8<--------------8<--------------8<--------------8<--------------8<----------
The related code is:
----8<--------------8<--------------8<--------------8<--------------8<--------------8<--------------8<----------
case 10:
ret = subr (sp[-9], sp[-8], sp[-7], sp[-6], sp[-5], sp[-4],
sp[-3], sp[-2], sp[-1], sp[0]);
break;
default:
abort ();
}
NULLSTACK_FOR_NONLOCAL_EXIT ();
if (SCM_UNLIKELY (SCM_VALUESP (ret)))
{
/* multiple values returned to continuation */
ret = scm_struct_ref (ret, SCM_INUM0);
nvalues = scm_ilength (ret);
PUSH_LIST (ret, scm_is_null);
goto vm_return_values;
}
else
{
PUSH (ret);
goto vm_return;
}
----8<--------------8<--------------8<--------------8<--------------8<--------------8<--------------8<----------
It's seems to me that the code always expects something to be
returned. During my tests ret is according to gdb (SCM) 0xbb8 (=3000 =
c variable from process function)
An easy fix for bindings creator, is to return a valid SCM value like
SCM_BOOL_T.
Best regards.
void-return.c
Description: Text Data
void-return.scm
Description: Text Data
- bug#19246: bindings: void return function *can* trigger a segfault,
Amirouche Boubekki <=